- Implement user credential management
- Provide profiles for different user roles
- Track resources (such as logging and auditing)
Authentication
Authentication verifies users before they are allowed access to the network and network services using different methods such as login and password dialog, challenge and response, message support and etc. AAA authentication is configured by defining a named list of authentication methods, and apply the list to various interfaces on the router or access control servers.
In Cisco router or access servers, all authentication methods must be defined through AAA except for local, line password, and enable authentication.
Authorization
Authorization describe what function or services the authenticated user is permitted to perform. AAA authorization is able to provide authorization for:
- Remote access control
- One-time authorization
- Per-user account list and profile
- User groups
- Different services such as IP, IPX and telnet
Accounting
Accounting provides a way of logging and recording usage information. It enables administrations to track the services users are accessing as well as the amount of network resources they are consuming. AAA accounting are used for collecting and sending security server information which can be use for:
- Billing
- Auditing
- Reporting
- Identify/track users
- Increased flexibility and control of access configuration
- Scalability
- Standardized authentication methods, such as RADIUS, TACACS+, and Kerberos
- Multiple backup systems
No comments:
Post a Comment