The two most common AAA protocols are TACACS+ and RADIUS. When a Cisco router communicates with an AAA server, it uses either TACACS+ or RADIUS:
TACACS+ is a Cisco proprietary protocol for use with the CiscoSecure ACS. It uses TCP/IP, encrypts all data, and allows multiple levels of authorization, and can use other methods of authentication, such as Kerberos.
RADIUS is an open Internet Engineering Task Force (IETF) standard; it uses User Datagram Protocol (UDP) and encrypts only passwords. It also combines authentication and authorization as a single service; it is not separated as TACACS+ is.