AAA Authentication Authorization and Accounting

In CCNA Routing and Switching level, we studied local authentication by setting passwords to move to privilege mode (enable password) or creating local user database for authenticating users. In Cisco network infrastructure device running IOS, by default authentication is by a line password (line console or line vty) and authorization by a level 15 enable password. Both line authentication and enable level 15 authorization are good if you have only a very small number of network infrastructure equipments.

Your network is growing and if you are are managing a large network environment, authentication using local device user database and authorization using enable level 15 authorization is not a scalable solution. This is the time to think about Cisco AAA solutions.

AAA stands for Authentication, Authorization and Accounting.

Authentication: Authentication is the process in which the identify of a device or a user is verified when they attempt to access a network resource and confirm that it is the real entity which it claims. Authentication typically uses userid/password combination for authenticating users. Other types of authentication are also available like biometric authentication or authentication using digital certificates. Authentication provides the answer for the questions "Who are you?" or "Are you the same person you are claiming?"

Authorization: Authorization is the process after authentication used for determining whether a user who try to access any device, data or execute a command has the permission to access that device, data or execute a command. Authorization provides the answer for the question "Are you allowed to do this task?"

Accounting: Accounting can be defined as tracking of data, access, usage, events or network resources. Accounting is logging, auditing, and monitoring of data, access, usage, events of network resources. Accounting provides the answer for the questions "What did you do?", "Who is responsible for this?"

Two widely accepted AAA protocols are RADIUS and TACACS+ (pronounced as "TAKAXE Plus"). .

Related Tutorials