AAA Authentication

AAA stands for Authentication, Authorization, and Accounting. Authentication is the process of verifying a user's identity to determine whether the user should be allowed access to a device. Authorization is the act of limiting or permitting access to certain features within the device once a user has been authenticated. Accounting is the recording of actions taken by the user once she has been authenticated and authorized. In this section, I will cover only authentication, as it is the most commonly used feature offered by AAA.

To use AAA authentication on a switch or router, you must perform the following steps:

  • Enable AAA by entering the aaa new-model command.

  • Configure security server information, if using a security server. Configuring TACACS+ and RADIUS information is included in this step.

  • Create method lists by using the aaa authentication command.

  • Apply the method lists to interfaces or lines as needed.

Enabling AAA

To use the AAA features discussed here, you'll need to issue the command aaa new-model:

Router(config)#aaa new-model

If you don't execute this command, the AAA commands discussed in this section will not be available.

Warning

Be careful when configuring AAA for the first time. You can easily lock yourself out of the router by enabling AAA authentication without configuring any users.

Configuring Security Server Information

One of the benefits of using AAA is the ability to use an external server for authentication, authorization, and accounting. When an ...

Get Network Warrior now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.