Scribd
Upload
38 views

62-Introduction AAA

The document discusses AAA concepts including authentication, authorization, and accounting. Authentication verifies a user's identity, authorization determines what resources a user can access, and accounting records user activity. AAA provides centralized user management and access control for network devices.

Uploaded by

Abhishek garg
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
38 views

62-Introduction AAA

The document discusses AAA concepts including authentication, authorization, and accounting. Authentication verifies a user's identity, authorization determines what resources a user can access, and accounting records user activity. AAA provides centralized user management and access control for network devices.

Uploaded by

Abhishek garg
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

AAA Concepts:

o AAA is a term, which is stands for Authentication, Authorization & Accounting.


o Authentication, Authorization, and Accounting (AAA, pronounced as a Triple A).
o AAA is a centralized management of users to access the network resources etc.
o AAA services allow setting up access control on Cisco Routers or Cisco Switches.
o Whenever user’s attempts to login and access network it verifies by AAA database.
o User management done on AAA database without need to reconfigure each device.
o AAA also control connections passing through router for access network resources.
o AAA provides flexibility and scalability, using privilege levels allows the flexibility.
o AAA can be RADIUS Protocol or TACACS+ protocol, where the database is located.
o Use local database fallback if the TACACS+/RADIUS server becomes unavailable.
o Fallback only occurs, if the AAA Server in unavailable or down for some reason.
o There are two uses cases of AAA, one is device administration other network access.

1 | P a g e Prepared By Ahmad Ali, Email: [email protected] , Mobile# 0564303717


Authentication:
o Authentication basically means who the user and/or endpoint is.
o Authentication involves validating an identity or the credential.
o Authentication provides the answer for the questions "Who are you?
o Check the user’s credentials to verify their identity is authentication.
o It is the process in which identify of a device or a user is verified.
o Authentication is the process of proving identity to the system.
o Authentication is the validation of an identity or the credential.
o The user or computer has to prove its identity to the server or client.
o Log on to a PC with a user name and password you are authenticating.
o Authentication does not determine, what tasks the individual can do.
o Authentication merely identifies and verifies who the person or system is.
o Authentication is about who somebody is or who some device endpoint is.

o In Cisco Identity Service Engine One Authentication Methodology is IEEE 802.1X.

o In Identity Service Engine one authentication Method is MAC Authentication Bypass (MAB).

o In Cisco Identity Service Engine one authentication Method is Web Authentication.

2 | P a g e Prepared By Ahmad Ali, Email: [email protected] , Mobile# 0564303717


o In Cisco Identity Service Engine one authentication Method is EasyConnect.

Authorization:
o Authorization basically means what User and/or device are allowed to.
o Provides the answer for the question "Are you allowed to do this task?"
o Determines what the user/device is allowed to do is called Authorization.
o Restrict the access to the user or the Endpoint is called Authorization.
o Server determines client has permission to use a resource or access file.
o Authorization is the process of verifying access to something or resources.
o Authorization is about what they are allowed to do inside the network.
o Authorization is the function of specifying access rights to the resources.
o Authorization is the process to confirm what you are authorized to perform.

3 | P a g e Prepared By Ahmad Ali, Email: [email protected] , Mobile# 0564303717


Accounting:
o Accounting basically means recording what end-user/endpoint have done.
o Provides answer for questions "What did you do?", "Who is responsible for this?"
o In AAA model, accounting features is also very much important in security.
o Accounting occurs after authentication and authorization have been completed.
o Accounting allows administrators to collect information about users and devices.
o Accounting command tracking commands, services and resources used by user.
o Accounting is the measure of resources consumed by a user/device during access.
o Accounting, includes amount of time, amount of data user has send or received.
o Accounting is carried in the form of logs of session statistics and usage information.
o Accounting data is used for authorization control, resources utilization, billing & planning.
o Accounting is also very much helpful to troubleshoot if network devices are not working.
o Accounting is disabled by default in Authentication, Authorization & Accounting model.
o AAA Accounting Types Network, Exec, Commands, Connection and Resource.
o AAA collects and stores information about logins and activity happen in network.
o Recorded while accessing the specific device during specific time in the network.

4 | P a g e Prepared By Ahmad Ali, Email: [email protected] , Mobile# 0564303717

You might also like