Categories
CCNP Enterprise Core (350-401) Cisco Security

Authentication, Authorisation, and Accounting (AAA)

AAA is a framework that is for enabling a set of three independent security functions

Authentication

Enables a user to be identified and verified prior to being granted access

Authorisation

Defines the privileges and restrictions to be enforced on an authenticated user

Accounting

Provides the ability to track and log user access, including user identities, start and stop times, executed commands. It provides a log of events


For AAA to work, it requires a protocol to carry authentication requests and responses, plus authorisation and accounting logs.

There are many AAA protocols but the two most popular ones are RADIUS and TACACS+

RADIUS is Remote Authentication Dial-In User Server

TACACS+ is Terminal Access Controller Access-Control System Plus

AAA is used in the networking industry for the following use cases:

Network Device Access Control

Cisco IOS provides local features for simple device access control, but for things to scale it requires AAA. AAA is the recommended method for access control, and TACACS+ is the protocol of choice for network device access control

Secure Network Access Control

AAA can be used to obtain the identity of a device or user before it is allowed access to the network. RADIUS is the preferred protocol for remote user access

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.