AAA (Authentication, authorization, and accounting )

  • Authentication provides a method to identify the users. The user is first identified before access is allowed.
  • Authorization describes what a user is allowed to perform.
  • Accounting provides a method that allows users to identify what resources of the network are accessed and for how long. This information can be used later for billing, for example.
  • AAA uses some protocols to manage its security functions. Among others, a couple of them are very common: RADIUS and TACACS.

Radius:

Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA or Triple A) management for users who connect and use a network service.

TACACS+

Terminal Access Controller Access-Control System Plus (TACACS+) is a protocol developed by Cisco and released as an open standard beginning in 1993. Although derived from TACACS, TACACS+ is a separate protocol that handles authentication, authorization, and accounting (AAA) services.

AAA Configuration:

Router(config)#aaa new-model 
Router(config)#tacacs-server host 192.168.1.2 key cisco123 
Router(config)#radius-server host 192.168.1.3 auth-port 1645 key cisco123 
Router(config)#aaa authentication login My_Rules group tacacs+ group radius local 
Router(config)#username Youngster secret ccie 
Router(config)#line vty 0 4 
Router(config-line)#login authentication My_Rules

Leave a Reply