Chapter1.Authentication, Authorization, and Accounting Overview

Previous page
Table of content
Next page

Chapter 1. Authentication, Authorization, and Accounting Overview

In this chapter, you learn the following topics:

  • Authentication overview

  • Authentication example

  • Authorization overview

  • Authorization example

  • Accounting overview

  • Accounting example

  • Cisco device support

Authentication, authorization, and accounting (AAA) is a way to control who is allowed to access your network (authenticate), what they can do while they are there (authorize), and to audit what actions they performed while accessing the network (accounting).

AAA can be used in Internet Protocol Security (IPSec) to provide preshared keys during the Internet Security Association and Key Management Protocol (ISAKMP) process or to provide per-user authentication, known as XAUTH, during ISAKMP. AAA can be used to provide a mechanism for authorizing commands that administrators enter at the command line of a Cisco device. This is called command-line authorization. AAA is also seen in a Virtual Private Dial-Up Networking (VPDN) tunnel set up between two routers.

It is overall a very simple process to configure. In fact, it is easily comparable to day-to-day scenarios such as gaining access to golf clubs or sitting in first class on a commercial airline. In each of these situations, you must provide some type of proof as to your right to enter the golf club or sit in a nice comfortable first-class seat.

In each of the following sections, you see more specific details on the functions of AAA. Throughout the course of this book, you learn how to take the functions of AAA and implement a local solution, providing a username and password that is actually stored on a Cisco device, and a network-wide solution, using an external authentication server such as the Cisco Secure Access Control Server (CSACS) for Windows Server and Cisco Access Registrar for the service provider environment.

TIP

AAA is discussed in a number of Requests For Comments (RFCs). RFC 2903 discusses the general AAA architecture. This is an "experimental" RFC. Since then, AAA has been more clearly defined in other RFCs. Other RFCs include RFC 2924, Accounting Attributes and Record Formats; RFC 2975, Introduction to Accounting Management; RFC 2989, Criteria for Evaluating AAA Protocols for Network Access; and RFC 3127, Authentication, Authorization, and Accounting: Protocol Evaluation. A great deal of information on AAA can be obtained at http://www.ietf.org/html.charters/aaa-charter.html.




Previous page
Table of content
Next page
Cisco Access Control Security(c) AAA Administrative Services
Cisco Access Control Security: AAA Administration Services
ISBN: 1587051249
EAN: 2147483647
Year: 2006
Pages: 173
Authors: Brandon James Carroll
BUY ON AMAZON
Kanban Made Simple: Demystifying and Applying Toyotas Legendary Manufacturing Process
Documenting Software Architectures: Views and Beyond
Service-Oriented Architecture (SOA): Concepts, Technology, and Design
Microsoft VBScript Professional Projects
Oracle SQL*Plus: The Definitive Guide (Definitive Guides)
Understanding Digital Signal Processing (2nd Edition)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy