The act of configuring and monitoring user authentication, user authorization, and user activity accounting is collectively referred to as AAA (pronounced “Triple A”). In a AAA context:
Authentication uses one or more authentication factors to confirm the user is who she claims to be. Authentication methods protect the availability of a system by preventing unauthorized access.
Authorization uses individual or group profiles to control which features, commands, or system resources the user is permitted to access. Authorization protects the availability of a system by restricting user activity to job-specific functions.
Accounting is the act of monitoring what the user is doing while connected to the system. Accountability is provided because every configuration change or command executed is recorded and is linked to the user who performed the action.
In small to medium-size networks, AAA functions are often handled on a per-chassis basis. The elements are simple to configure, few users access the chassis, and the small number of chassis makes data harvesting a relatively quick process. However, as a network grows in size, configuring and monitoring AAA on each chassis becomes more cumbersome and a AAA server based on TACACS or RADIUS standards is needed.
The benefits of a AAA server system are quite clear. A single, managed database of user IDs and passwords is easier to support than individual user accounts on a large number of routers. A single repository of profiles ...