Of the choices available, Remote Authentication DialIn User Service (RADIUS) is an Internet Engineering Task Force (IETF) standard protocol and combines authentication and authorization into a single function. RADIUS is an Authentication, Authorization, and Accounting (AAA) protocol that can be used for controlling access to a router or switch. Although RADIUS does not encrypt the entire contents of a packet, it does provide some security by encrypting the password in an AccessRequest packet. By contrast, Terminal Access Controller Access Control System Plus (TACACS+) encrypts the entire packet.
RADIUS is limited by the fact that authorization and authentication are combined into a single function. By contrast, TACACS+ separates authorization, authentication, and accounting functions, which provides TACACS+ with more flexible security options for controlling access to configuration commands.
RADIUS uses User Datagram Protocol (UDP), not Transmission Control Protocol (TCP), for packet delivery. By contrast, TACACS+ uses TCP on port 49 for data delivery.