Authentication, Authorisation, and Accounting (AAA)

AAA is a framework that is for enabling a set of three independent security functions


Enables a user to be identified and verified prior to being granted access


Defines the privileges and restrictions to be enforced on an authenticated user


Provides the ability to track and log user access, including user identities, start and stop times, executed commands. It provides a log of events

For AAA to work, it requires a protocol to carry authentication requests and responses, plus authorisation and accounting logs.

There are many AAA protocols but the two most popular ones are RADIUS and TACACS+

RADIUS is Remote Authentication Dial-In User Server

TACACS+ is Terminal Access Controller Access-Control System Plus

AAA is used in the networking industry for the following use cases:

Network Device Access Control

Cisco IOS provides local features for simple device access control, but for things to scale it requires AAA. AAA is the recommended method for access control, and TACACS+ is the protocol of choice for network device access control

Secure Network Access Control

AAA can be used to obtain the identity of a device or user before it is allowed access to the network. RADIUS is the preferred protocol for remote user access



, ,




Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.