Which of the following statements are true regarding RADIUS? (Select 2 choices.)
- It encrypts only the password in AccessRequest packets.
- It combines authorization and authentication functions.
- It provides more flexible security options than TACACS+.
- It uses TCP port 49.
- It is a Ciscoproprietary standard protocol.
Remote Authentication DialIn User Service (RADIUS) combines authentication and authorization into a single function and encrypts only the password in AccessRequest packets. RADIUS is an Internet Engineering Task Force (IETF) standard protocol for Authentication, Authorization, and Accounting (AAA) operations. RADIUS uses User Datagram Protocol (UDP) for packet delivery. Because RADIUS encrypts only the password of a packet, the rest of the packet would be viewable if the packet were intercepted by a malicious user. RADIUS has fewer flexible security options than Terminal Access Controller Access Control System Plus (TACACS+), because RADIUS combines the authentication and authorization functions of AAA into a single function and does not provide router command authorization capabilities.
By contrast, TACACS+ is a Ciscoproprietary protocol that uses Transmission Control Protocol (TCP) for transport during AAA operations. TACACS+ provides more security and flexibility than RADIUS because TACACS+ encrypts the entire body of a packet and separates the authentication, authorization, and accounting functions of AAA. This separation enables granular control of access to resources. For example, TACACS+ gives administrators control over access to configuration commands? users can be permitted or denied access to specific configuration commands. Because of this flexibility, TACACS+ is used with Cisco Secure Access Control Server (ACS), which is a software tool that is used to manage user authorization for router access.