Cisco Device Support for AAA

It is pretty safe to say that most Cisco devices support the AAA framework. In some cases, the support for AAA is not the issue, but rather the support for either Terminal Access Controller Access Control System Plus (TACACS+) or Remote Authentication Dial-In User Service (RADIUS), because these are the protocols that AAA uses to communicate with an AAA server. In some situations, the protocol might be LOCAL, however, and RADIUS or TACACS+ are not needed.

In some cases, the RADIUS protocol is the only type of communication protocol that is used. In other cases, RADIUS can be used for user AAA, and TACACS+ can be used in administrative AAA, as is the case for Cisco VPN 3000 series concentrators. It is best that you determine this prior to the configuration of AAA. The RADIUS and TACACS+ protocols have different ways that they communicate and likewise have different ways that you might need to configure them.

AAA services are often provided by a dedicated AAA server, such as CSACS, a program that performs these functions. The current standards by which network access servers interface with the AAA servers are the RADIUS and TACACS+ protocols. These are supported by the CSACS server software. This server is discussed in greater detail in the following chapters.

An AAA server is simply a server program that handles user requests for access to network resources and provides AAA services. The AAA server typically interacts with network access and gateway servers and with databases and directories containing user information. The current standard by which devices or applications communicate with an AAA server is RADIUS. Most Cisco devices also support the TACACS+ protocol; however, this is a proprietary protocol. Not all devices support it.