Scribd
Upload
21 views7 pages

Networkforyou: Welcome To Network For You AAA

The document discusses AAA (Authentication, Authorization and Accounting) and how it provides centralized management of users to access network devices. It describes how AAA works by verifying user identities through authentication, determining what resources users are authorized to access, and logging accounting information for auditing and billing. The key benefits of AAA are centralized management of users, reducing configuration on individual devices, and integrating with RADIUS and TACACS+ protocols. Examples are given of basic AAA configuration on routers and an overview of setting up AAA with Cisco ISE.

Uploaded by

renejuliioo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
21 views7 pages

Networkforyou: Welcome To Network For You AAA

The document discusses AAA (Authentication, Authorization and Accounting) and how it provides centralized management of users to access network devices. It describes how AAA works by verifying user identities through authentication, determining what resources users are authorized to access, and logging accounting information for auditing and billing. The key benefits of AAA are centralized management of users, reducing configuration on individual devices, and integrating with RADIUS and TACACS+ protocols. Examples are given of basic AAA configuration on routers and an overview of setting up AAA with Cisco ISE.

Uploaded by

renejuliioo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

Networkforyou

Welcome
To
Network for you
AAA

Email us: 1 of 7 WhatsApp Us : +918143809578


[email protected]
Networkforyou

AAA (Authentication, Authorization and Accounting):

• Authentication: Verify the identity of the user, who are you.


• Authorization: What is the user allowed to do? Example what resource he can access etc? (How much
you can spend)
• Accounting: It is like all record what is done by that user it will keep all record. Example used for
billing and auditing (What did you spend it on record)

Email us: 2 of 7 WhatsApp Us : +918143809578


[email protected]
Networkforyou

AAA Stand for Authentication, Authorization and Accounting:

• It is a Centralized Management of users to access the network devices


• AAA Server allow setting up access control on Cisco Routers and Switches
• Like if we have 300 Switches and 10 Router in our organization then it will be very difficult to create
all user in that all devices and delete when they leave organization etc. And it will take lot of memory
of devise also to overcome with this type of issues we use AAA Server.
• AAA Server also control connections passing through router or switch for access network.
• When every user tries to connect to router or switch these network devices verifies by AAA Server
(AAA Database)
• User Management is done with AAA Server without need to reconfigure to individual router or switch
• Like any new user came we need to configure only in AAA Server no need to add that user in Router
or switch.
• AAA Server use two Main type of Protocol to configure this
• Radius Protocol (Remote Authentication Dial-in User Service)
• TACACS+ (Terminal Access Controller Access-Control System Plus)

Radius Protocol:

• It is open standard where as TACACS is Cisco Proprietary protocol.


• It uses UDP and users ports numbers 1812/1645 and 1813/1646.
• It Encrypts passwords only.
• It is light weight protocol (Consume less resources).

TACACS+:

• It is CISCO Proprietary protocol.


• It use TCP and port number user 49.
• It encrypts entire communication.
• It is heavy weight protocol consuming more resources.

Email us: 3 of 7 WhatsApp Us : +918143809578


[email protected]
Networkforyou

R1 Configuration R2 Configuration
en en
config t config t
hostname R1 hostname R2

int f0/0 int f0/0


ip add 192.168.1.1 255.255.255.0 ip add 192.168.1.4 255.255.255.0
no sh no sh

aaa new-model aaa new-model


Tacacs-server host 192.168.1.2 key abc123 radius-server host 192.168.1.2 key abc123
aaa authentication login AAA group tacacs+ aaa authentication login AAA group radius
Line vty 0 1 Line vty 0 1
login authentication AAA login authentication AAA

AAA with ISE Lab:

Email us: 4 of 7 WhatsApp Us : +918143809578


[email protected]
Networkforyou

Email us: 5 of 7 WhatsApp Us : +918143809578


[email protected]
Networkforyou

Login to Cisco ISE and Register devices

Go to Administrator then Deployment then enable device admin service

Email us: 6 of 7 WhatsApp Us : +918143809578


[email protected]
Networkforyou

Email us: 7 of 7 WhatsApp Us : +918143809578


[email protected]

You might also like