4Securing Access Using AAA
This chapter will focus on the following topics:
- – AAA security strategy:
- - authentication,
- - authorization,
- - traceability;
- – the AAA authentication types:
- - local AAA authentication,
- - AAA authentication based on a server;
- – AAA authorizations:
- - introduction,
- - configuring AAA authorizations;
- – AAA traceability:
- - introduction,
- - configuration of AAA traceability.
4.1. Introduction
AAA (Authentication, Authorization, Accounting) is a security policy implemented in some Cisco routers that performs three functions: authentication, authorization, and traceability. With:
- – authentication: this consists of verifying the identity of the user or the machine;
- – authorization: this consists of determining user rights on different resources;
- – traceability: this consists of preserving information on the use of resources by the user.
AAA users may be created on a local host on the router or the switch, just as they can be created on an external server (which has the added advantage of centralizing access configuration).
4.2. AAA authentication
4.2.1. Local AAA authentication
Local authentication enables simple and quick management of user accounts. However, this proves inefficient when there is a large number of users.
The local authentication process can be summarized as follows:
- 1) the user establishes a connection with the router;
- 2) the router prompts the users to enter a username and password. The user authentication is then validated ...
Get Computer Network Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.