performed for LAN or local clients. The separation is important for

               security because if the RADIUS or TACACS+ servers are ever
               compromised, then only remote connectivity is affected, not the rest of
               the network.

               Remote Authentication Dial-In User Service (RADIUS) This
               is used to centralize the authentication of remote dial-up connections.
               A network that employs a RADIUS server is configured so the remote
               access server passes dial-up user logon credentials to the RADIUS

               server for authentication. This process is similar to the process used by
               domain clients sending logon credentials to a domain controller for
               authentication. RADIUS operates over several ports; you should
               recognize the original UDP 1812 port as well as that used by RADIUS
               over TLS, which is TCP 2083. The TCP version of RADIUS was
               designed in 2012 to take advantage of TLS encryption (see RFC 6614
               at https://tools.ietf.org/html/rfc6614).


               Terminal Access Controller Access-Control System
               (TACACS+) This is an alternative to RADIUS. TACACS is available in
               three versions: original TACACS, Extended TACACS (XTACACS), and
               TACACS+. TACACS integrates the authentication and authorization
               processes. XTACACS keeps the authentication, authorization, and
               accounting processes separate. TACACS+ improves XTACACS by
               adding two-factor authentication. TACACS+ is the most current and

               relevant version of this product line. The primary port for TACACS+ is
               TCP 49.