Denis's large organization has used RADIUS for AAA services for its network devices for years and has recently become aware of security issues with the unencrypted information transferred during authentication. How should Denis implement encryption for RADIUS?

RADIUS supports TLS over TCP. RADIUS does not have a supported TLS mode over UDP. AES pre-shared symmetric ciphers are not a supported solution and would be difficult to both implement and maintain in a large environment, and the built-in encryption in RADIUS only protects passwords.