RADIUS is an access server authentication
and accounting protocol that has gained wide support.
The RADIUS authentication server maintains user authentication
and network access information. RADIUS clients run on access
servers and send authentication requests to the RADIUS authentication
With TACACS authentication, when a user requests
to log in to a terminal server or a router, the device will
ask for a user login name and password. The device will then
send a request for validation to the TACACS server in its
configuration. The server will validate the login and password
pair with a TACACS password file. If the name and the password
is validated, the login is successful.
There are two flavors of TACACS: an original TACACS and extended
TACACS or TACACS+. The primary difference between the two
is that TACACS+ provides more information when a user logs
in, thus allowing more control than the original TACACS.
Lock and Key challenges users to respond
to a login and password prompt before loading a unique access
list into the local or remote router.
In this example, Lock and Key security allows only authorized
users to access services beyond the firewall at the corporate
Calling Line Identification
Caller ID is another security mechanism for
dial-in access. It allows routers to look at the ISDN number
of a calling device and compare it with a list of known callers.
If the number is not in the list, the call is rejected and
no charges are incurred by the calling party.