AAA is designed for flexibility by enabling the
administrator to configure the type of authentication and authorization on a
per-line (per-user) or per-service basis. During configuration, the types of
authentication and authorization to be allowed are defined by creating method
lists, and then applying those method lists to specific services or interfaces.
The method lists are used to authenticate dial-in users. These lists create an
ordered list of security protocols to be used for authentication, thus creating
a backup system for authentication in case the initial method fails. For
example, the preferred authentication method might be TACACS+, but if the TACACS
server isn’t available, then use the local user name/password database. Finally,
if the user name/password entries have been removed, then use the enable
password.
AAA uses protocols, such as RADIUS, TACACS+, and Kerberos, to
administer its security functions. If a router or access server is acting as an
NAS, then AAA is the means through which the NAS communicates with the RADIUS,
TACACS+, or Kerberos security server.
Sections
Comments (0 posted)
Syndication
