Thursday 13 June 2024

What is AAA Authentication, Authorization, and Accounting? What is ACS server? Cyber security

What is AAA  Authentication, Authorization, and Accounting?  

Authentication, Authorization, and Accounting (AAA) is a standard-based framework that provides a set of security services. Which device or computer is permitted to use the network resources with the help of AAA authentication and what they are allowed to do means use the internet or access CLI with telnet or SSH through AAA authorization and AAA accounting captures all the information about that particular user means time and date and what actions user performed while accessing the network. AAA combined process is essential for our network security, AAA helps us to ensure that only authorized users can access network resources and AAA also records the actions performed by the user in the network.


Authentication is the process by which AAA identifies the user, a user wants permission to use the network resource and AAA authentication asks for some credentials such as username and password, USB key, or fingerprint. Now AAA system verifies these credentials against a database to identify the authenticated user.  If the user-provided credentials match with the AAA database credentials the user is authenticated and if the credentials do not match then the user can not use the network resources. You can use the local database for AAA authentication on route or a switch but for big organizations, you must use an external server such as the ACS server. Authentication is a must for network access or device access. 


An authenticated user gained access after the authentication process now AAA authorization means what resources that particular user is allowed to access and what action the user can perform. For example, if a member of the IT team's junior network engineer wants to access the router and configure some routing configuration but this user should not access all these resources the administrator can create a view and allow show commands and ping commands only in that view. Now the junior network engineer is only authorized to perform show commands and ping commands. The administrator can use authorization methods how the user is authorized for network resources through the local database or ACS server.


AAA accounting monitors and captures user activity, while the user is logged in to the network. Accounting collects information on how long the user is active in the network, the data the user sends or receives, the IP address, the URI they used, and the different services the user accessed. Accounting is very useful for analyzing user activity.

AAA implementation

AAA implementation can be done by using the local database on devices such as routers or switches. We can also implement AAA with an external server like an ACS access control server. If you have a small number of devices then you can use the local database on the router but if you have a big organization then use an external server such as ACS.

Let’s take the overview of both methods: 

Local database

Local database- we can implement an AAA local database on a router or a switch. We should create user authentication for each user, then configure AAA authorization to assign privilege levels for each user to define what this user is authorized for and what commands this user can execute on the device. After that configure AAA accounting for the device to log user activities like login time and the commands users execute.

ACS Server

External server ACS is the most common method used for AAA implementation in the network. First authentication- a user or device like a printer sends an authentication request to the ACS server, ACS holds the user credentials and compares them to the database. Second authorization ACS server provides information about the network and what resources the user can access. Third accounting ACS server records user actions and generates reports. 

Types of AAA Protocols

  • Remote authentication dial-in user service (RADIUS)
  • Terminal access controller access-control system plus (TACACS+)
  • Diameter
(in the next blog we will see AAA protocols and the ACS server)

 Let's see the configuration of the AAA  Local database:




  • configure the IP addresses as per the topology
  • ensure the reachability between the PC and router
  • configure AAA authentication with local database
  • configure AAA authentication list name (internet)
  • configure login authentication on console and line vty
  • verify the authentication from PC
Router(config)#interface gigabitEthernet 0/0
Router(config-if)#ip address
Router(config-if)#no shutdown
Router(config)#username admin password admin
Router(config)#aaa new-model
Router(config)#aaa authentication login internet local
Router(config)#line console 0
Router(config-line)#login authentication internet
Router(config)#line vty 0 4
Router(config-line)#login authentication internet
Router con0 is now available


User Access Verification
Username: admin
Router#show aaa sessions
Total sessions since last reload: 3



No comments:

How to configure the DHCP server on a Cisco ASA device?

How to configure the DHCP server on a Cisco ASA device?    DHCP (Dynamic Host Configuration Protocol) servers provide all the basic informat...