the router (other management services are not available):
2)
Diameter is an authentication, authorization and accounting protocol for computer
networks, and a successor to RADIUS. Diameter Applications extend the base protocol
by adding new commands and/or attributes, such as those for use of the Extensible
Authentication Protocol (EAP).
A Diameter Application is not a software application, but a protocol based on the Diameter base
protocol (defined in RFC 3588). Each application is defined by an application identifier and can
UNIT 3 – INDIVIDUAL PROJECT 3
7
add new command codes and/or new mandatory AVPs. Adding a new optional AVP does not
require a new application (Hassell, 2003).
Examples of Diameter applications:
• Diameter Mobile IPv4 Application (MobileIP, RFC 4004)
• Diameter Network Access Server Application (NASREQ, RFC 4005)
• Diameter Extensible Authentication Protocol Application (RFC 4072)
• Diameter Credit-Control Application (DCCA, RFC 4006) assigned TCP and SCTP port number
3868 to Diameter
3)
Terminal Access Controller Access-Control System (TACACS) is a remote authentication
protocol that is used to communicate with an authentication server commonly used in
UNIX networks. TACACS allows a remote access server to communicate with an
authentication server in order to determine if the user has access to the network.
TACACS is defined in RFC 1492, and uses (either TCP or UDP) port 49 by default. A later
version of TACACS introduced by Cisco in 1990 was called Extended TACACS (XTACACS).
The XTACACS protocol was developed by and is proprietary to Cisco Systems.
TACACS allows a client to accept a username and password and send a query to a TACACS
authentication server, sometimes called a TACACS daemon or simply TACACSD. This server
was normally a program running on a host. The host would determine whether to accept or deny
the request and send a response back. The TIP (routing node accepting dial-up line connections,
UNIT 3 – INDIVIDUAL PROJECT 3
8
which the user would normally want to log in into) would then allow access or not, based upon
the response (Microsoft, N.D.).
00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Version
Type
Nonce
Username length
/
Response
Password length
/
Reason
Data :::
TACACS+ (Terminal Access Controller Access-Control System Plus) is a Cisco Systems
proprietary protocol which provides access control for routers, network access servers and other
networked computing devices via one or more centralized servers. TACACS+ provides separate
authentication, authorization and accounting services.
TACACS+ is based on TACACS, but, in spite of its name, it is an entirely new protocol which is
incompatible with any previous version of TACACS. TACACS+ and RADIUS have generally
replaced the earlier protocols in more recently built or updated networks, although TACACS and
XTACACS are still running on many older systems
TACACS+ uses the Transmission Control Protocol (TCP). The extensions to the TACACS+
protocol provide for more types of authentication requests and more types of response codes than
were in the original specification. TACACS+ offers multiprotocol support, such as IP and
