Javatpoint Logo
Javatpoint Logo

Computer Network AAA (Authentication, Authorization and Accounting)

Although the administrator can use a console to access a router or other device, doing so is quite difficult if he is sitting distant from where the equipment is located. Therefore, he will eventually need to use remote access to that gadget.

However, since remote devices can be accessed using an IP address, we must implement authentication as a security mechanism because it is possible for an unauthorized user to gain access using the same IP address. Additionally, the packets transmitted between the devices should be encrypted to prevent unauthorized access to that sensitive data. Therefore, a framework known as AAA is used to add that extra layer of security.

AAA (Authentication, Authorization and Accounting)

A standard-based framework called AAA is used to manage who is allowed to access network resources, what they are allowed to do, and record the actions taken while doing so (via authentication and Authorization). Or we can say, the AAA is a structural framework used to access computer resources, enforce policies, conduct audits, provide vital data for service billing, and perform other network administration and security tasks.

  • The primary purpose of this operation is to grant specific, Authorized user's access to network and software application resources.
  • The AAA idea is widely used in regard to the network protocol RADIUS.
  • A technique for monitoring and controlling user access to network resources on an IP-based network is authentication, Authorization, and accounting (AAA). Frequently, AAA is configured as a dedicated server.
  • Authorization is the process of granting or denying specific user's access to a computer network and its resources. Users can be given several Authorization levels, restricting their access to the network and its resources. Accounting is known for monitoring and documenting user activities on a computer network.

Authentication -

It is a method of determining if a user who wants to access network resources is legitimate or not, and it is done by requesting certain credentials, such as a username and password. Authentication can be enabled on console ports, AUX ports, or vty lines, among other places.

If someone wants to enter the network, we, as network administrators, can manage how a user is authenticated. These techniques include utilising the router's internal database or submitting authentication requests to a remote server, such as the ACS server. A default or custom authentication method list is used to specify the authentication method to be utilised.

Authorization -

After the user has obtained access to the network resources through authentication, it offers the ability to enforce policies on those resources. When authentication is successful, Authorization can be used to identify which resources and processes the user is permitted to access.

For instance, if a junior network engineer wants access to the device but shouldn't have access to all the resources, then administrator can construct a view that would only allow him to perform certain commands. The administrator can designate how a user is Authorized to access network resources using the Authorization method list, such as through a local database or an ACS server.

Accounting -

It offers tracking and recording of user actions as they use network resources. Even the length of the user's network access is tracked. The administrator can construct an accounting method list to designate what should be accounted for and who should receive the accounting records.

Implementation of AAA

Utilizing the device's local database or an external ACS server are viable options for implementing AAA.

1. ACS Server - This approach is frequently employed. For AAA, an external ACS server?which could be an ACS device or software running on VMware?is utilised, and both the router and the ACS need to be configured. A user is created as part of the configuration, along with a unique customised method list for authentication, Authorization, and accounting.

According to the credentials given by the user, the ACS server decides whether to provide the user access to the network resource or not after receiving authentication requests from the client or Network Access Server (NAS).

Note: The administrator must include utilising the device's local database as a backup in the method list for implementing AAA in case the ACS server cannot authenticate

2. Local Database - We must first create users for authentication and grant them privilege levels for Authorization if we want to deploy AAA using the local running configuration of the router or switch.

Advantages of AAA framework:

The AAA framework enhances the scalability of a network. Scalability is the ability of a system to handle an increasing amount of work by adding resources to the system. Some of the main advantages of the AAA framework are listed below:

  • It enables the network to be more controllable and adaptable.
  • It helps the network to Standardize its protocol usage.
  • Each user is given their own set of credentials using RADIUS.
  • There will be a single point of contact for the users and system authentication for IT administrators.

Disadvantages of AAA framework:

Some of the main disadvantages of the AAA framework are listed below:

  • RADIUS server configuration, particularly the initial configuration, can be challenging and time-consuming.
  • It can be challenging to select the best RADIUS server software and deployment strategy for your company.
  • On-site hardware upkeep can be difficult and time-consuming.

Youtube For Videos Join Our Youtube Channel: Join Now


Help Others, Please Share

facebook twitter pinterest

Learn Latest Tutorials


Trending Technologies

B.Tech / MCA