AAA (authentication, Authorization, Accounting)

Source: Internet
Author: User

1. Introduction

managing network access using only the user mode or privilege mode password commands is limited and Does. Instead, using the authentication, Authorization, and Accounting (AAA) protocol provides the N Ecessary framework to enable scalable access security.

2. AAA Overview

Local database authentication can be implemented using one of the following commands:

    • username username password password
    • username username secret password

The local database method has some limitations:

    • The user accounts must is configured locally on each device.
    • The local database configuration provides no fallback authentication method

AAA Network security services provide the primary framework to set up access control on a network device.

AAA is a-to-control who is permitted to access a network (authenticate),

What they can does while they is there (authorize),

and to audit what actions they performed while accessing the network (accounting).

It provides a higher degree of scalability than the con, aux, vty and privileged EXEC authentication commands alone.

Network and administrative AAA security in the CISCO environment have several functional components:

    • Authentication -Users and administrators must prove that they is who they say they is. Authentication can be established using username and password combinations, challenge and response questions, token cards, and other methods. For example: "I am user ' student '." I know the password to prove that I am user student. "
    • Authorization -After the user is authenticated, Authorization services determine which resources the User can access and which operations the user is allowed to perform. An example are "User ' student ' can access host serverxyz using Telnet only."
    • Accounting and auditing -Accounting Records What's the user does, including what is accessed, the Amou NT of time the resource is accessed, and any changes that were made. Accounting keeps track of how network resources is used. An example are "User ' student ' accessed host serverxyz using Telnet for minutes."

This concept was similar to the use of a credit card. The credit card identifies who can use it, how much this user can spend, and keeps account for what items the user spent MO Ney on.

3. AAA characteristics

3.1 AAA Authentication

Cisco provides, common methods of implementing AAA services.

    • local AAA Authentication- Local AAA uses a local database for authentication.
    • server-based AAA Authentication- uses an external database Server resource that leverages RADIUS or tacacs+ protocols.

3.2 AAA Authorization

Authorization is automatic and does not require users to perform additional steps after authentication. Authorization is implemented immediately after the user is authenticated.

3.3 AAA Accounting

Accounting is implemented using a AAA server-based solution. This service reports usage statistics back to the ACS server. These statistics can be extracted to create detailed reports about the configuration of the network.

4. Local AAA Authentication

4.1 Configuring Local AAA Authentication with CLI

Step 1. ADD usernames and passwords to the local router, database for users, need administrative access to the router.
Step 2.   Enable AAA globally on the router. Router (config) #aaa New-model
Step 3. Configure AAA parameters on the router.
Step 4. Confirm and troubleshoot the AAA configuration.

4.2 Configuring Local AAA authentication with SDM

5. server-based AAA

Tacacs + and RADIUS is both authentication protocols.

AAA (authentication, Authorization, Accounting)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.