Authentication, Authorization, and Accounting

Authentication, Authorization, and Accounting A network should be designed to control who is allowed to connect, when they are allowed to connect, and what they are allowed to do. These design specifications are identified in the network security policy. Policies define how network administrators, corporate users, remote users, business partners, and clients access network resources. Network security policies can also mandate the implementation of accounting systems that track who logs in and when and what they do when they log in. Manage network access using only user mode or password commands, privilege mode, is limited and doesn't scale well. Using the Authentication, Authorization, and Accounting (AAA) protocol provides the framework needed to enable scalable access security. Authentication, authorization, and accounting (AAA) protocols provide a scalable framework for enabling administrative access. AAA controls who is allowed to connect to the network, what they are allowed to do, and keeps track of records of what has been done. In small or simple networks, AAA authentication can be implemented using an onpremises database. However, in larger or complex networks, AAA authentication must be implemented using server-based AAA. AAA servers can use the RADIUS or TACACS+ protocols to communicate with client routers. Cisco Access Control System (ACS) can be used to provide AAA server services, or for the greater functionality of Cisco Identity Services Engine (ISE). 802.1X can also be used for port-based authentication.