The main two AAA servers are Microsoft's Remote Authentication Dial-In User Service (RADIUS) and CISCO's Terminal Access Controller Access-Control System Plus (TACACS+). Both of these servers provide authentication, authorizing, and accounting:

• RADIUS server: The RADIUS server is UDP based and it authenticates servers such as virtual private network (VPN) servers, remote access services (RAS) servers, and the 802.1x authenticating switch. Each of these are known as RADIUS clients even though they are servers themselves. If I had a small company I could outsource my remote access server but put in a RADIUS server which would check any remote-access policies and verify that authentication was allowed by contacting a domain controller.
• RADIUS clients: RADIUS clients are VPN servers, RAS server, and the 802.1x authentication switch. Every RADIUS client need the secret key that is sometimes called the session key to join the RADIUS environment. RADIUS communicates over UDP port 1812. It is also known as non-proprietary.

• Diameter: Diameter is the more modern version of RADIUS that works on TCP. For the exam, remember, Diameter is the AAA server that uses the EAP.
• TACACS+: This is a CISCO AAA server that used TCP so it is more secure that RADIUS, it was TCP port 49.