AAA, Authentication, Authorization, and Accounting framework is used to manage the activity of the user to a network that it wants to access by authentication, authorization, and accounting mechanism. AAA uses effective network management that keeps the network secure by ensuring that only those who are granted access are allowed and their activities while in the network are also monitored and logged.
AAA uses methods to challenge whoever wants to have network access by asking them their authorized and authenticated credentials to prove that they are legitimate users before gaining access to the network. AAA is widely used in network devices such as routers, switches, and firewalls just to give a few to control and monitor access within the network.
AAA addresses the limitations of local security configuration and the scalability issues that come with it. For example, if you need to change or add a password, it has to be done locally and to all devices, which will require a lot of time and resources. Having an external AAA server solves these issues by centralizing such tasks within the network. Having backup AAA servers in the network ensures redundancy and security throughout the network.
This is a method on the AAA framework wherein the credentials of the user are being challenged by asking, for example, their username and password, which is encrypted using a hashing algorithm that makes it harder for the hackers to intercept.
Once the credentials of the user are authenticated, the authorization process determines what that specific user is allowed to do and access within the premise of the network. Users are categorized to know what type of operations they are allowed to perform such as an Administrator or Guest. The user profiles are configured and controlled from the AAA server. This centralized approach eliminates the hassle of editing on a “per box” basis.
The last process that is done in the AAA mechanism is an accounting of everything the user is doing within the network. AAA servers monitor the resources being used during the network access. Accounting also logs the session statistics and auditing usage information that is being used, usually for authorization control, billing invoice, resource utilization, trend analysis, and planning the data capacity of the business operations.
There are two most commonly used protocols in implementing AAA, Authentication, Authorization, and Accounting in the network. RADIUS and TACACS+ are open standards that are used by different vendors to ensure security within the network.
Remote Authentication Dial-In User Service (RADIUS) – is a networking protocol operating on ports UDP 1645 and UDP 1812 that provides centralized AAA management for users who connect and use Network Access Server (NAS), such as VPN concentrator, router, and switch. This client/server protocol and software enables remote access servers to communicate with a central server to perform AAA operations for remote users. This protocol operates at the application layer and can use either TCP or UDP as a transport protocol.
Terminal Access Controller Access-Control System Plus (TACACS+) – is a remote authentication protocol, which allows a remote access server to communicate with an authentication server to validate user access onto the network. TACACS+ permits a client to accept a username and password and pass a query to a TACACS+ authentication server.
Download our Free CCNA Study Guide PDF for complete notes on all the CCNA 200-301 exam topics in one book.
We recommend the Cisco CCNA Gold Bootcamp as your main CCNA training course. It’s the highest rated Cisco course online with an average rating of 4.8 from over 30,000 public reviews and is the gold standard in CCNA training: