CertiGuide to Security+  9  Chapter 2:  Communication Security (Domain 2.0; 20%)       9  2.1  Remote Access

2.1.4  TACACS/XTACACS/TACACS+ 1 2 3 2.1.6  SSH

TCP/IP Background Information

Now that we’re discussing encapsulation protocols, it’s worth taking a peek under the covers of TCP/IP and look at a concept you might not have encountered yet if your day-to-day tasks have mainly involved maintaining an existing TCP/IP-based LAN.

IP is the base protocol on which all other protocols, including TCP and UDP are layered. One of the fields in the IP frame is an identifier for “protocol number”, which may be 1 (ICMP, including “ping”), 6 (TCP), 17 (UDP), or any one of numerous other values.

The official list of protocol numbers is maintained by IANA, the Internet Assigned Numbers Authority.¹⁵⁰ The protocols we usually consider the base of TCP/IP, such as TCP and UDP, aren’t the only ones out there. There are additional protocol numbers for different routing and encapsulation protocols as well. For example, PPTP uses IP protocol 47 (GRE, General Routing Encapsulation). This is important to know, because when thinking about ports to open on routers and firewalls, to allow traffic to pass through, you might also need to think about opening the required IP protocol numbers as well. For that matter, if you’re really unlucky, your site might have an older router or firewall that doesn’t support certain newer IP protocol numbers, and thus won’t allow them to pass through at all.

2.1.4  TACACS/XTACACS/TACACS+ 1 2 3 2.1.6  SSH