What is an AAA server?An AAA server is a server program that handles user requests for access to computer resources and, for an enterprise, provides authentication, authorization and accounting (AAA) services. Show
The AAA server typically interacts with network access and gateway servers and with databases and directories containing user information. The current standard by which devices or applications communicate with an AAA server is Remote Authentication Dial-In User Service (RADIUS). Key features of AAA serverThe key features of AAA are divided into the following three distinct phases:
How does AAA work?The architecture for AAA requires the following three components:
This image shows a typical AAA architecture consisting of the three aforementioned components. The authenticator sends an authentication request -- usually, in the form of requesting that a username and password be submitted by the supplicant. Once the supplicant sends the username and password, the authenticator forwards the authentication credentials to the authentication server to verify that they match what is contained within the user database. If successful, the authentication server responds back to the authenticator that the authentication attempt was successful and the access level that user is allowed to have based on group policy settings. During this time, authentication, access and session logs are being collected by the authenticator and are either stored locally on the authenticator or are sent to a remote logging server for storage and retrieval purposes. What are the advantages of AAA servers?There are several advantages of using AAA. This is especially true if an organization's infrastructure and user base are large. For example, if AAA is not used, it is common for authentication to be handled locally on each individual device, typically using shared usernames and passwords. This method often ends up being a management nightmare and potential security risk. Thus, the benefits of AAA include the following:
Does AAA use Active Directory?For authentication and access permission purposes, an AAA server must reference a database of usernames, passwords and access levels. The protocol used to accomplish this is RADIUS. However, in many cases, the back-end database the AAA server uses to verify credentials and access levels is Microsoft AD. This is accomplished by using Microsoft's Network Policy Server, which acts as a RADIUS server, to tap into the AD username or password and authorization database. Network security ensures the usability and integrity of network resources. Learn what nine elements are essential for creating a solid approach to network security. This was last updated in April 2022 Continue Reading About AAA server (authentication, authorization and accounting)
Dig Deeper on Identity and access management
Which protocol support AAA?Current AAA servers communicate using the RADIUS protocol.
What is a AAA server address?AAA stands for authentication, authorization, and accounting. A AAA server is a database that stores user credentials—username and password—and, in some cases, group information or other user attributes.
Which AAA communication protocol encrypts only the password?RADIUS vs. TACACS+. What is a difference between TACACS+ and RADIUS in AAA?RADIUS was designed to authenticate and log remote network users, while TACACS+ is most commonly used for administrator access to network devices like routers and switches.
|