AAA is an acronym that stands for authentication, authorization, and accounting:

  • Authentication: Who is the user? Authentication is used to verify the identity of a user.
  • Authorization: What can the user do? Authorization is used to determine what services the user can use.
  • Accounting: What did the user do? Accounting performs an audit of what a user is actually doing.

AAA is a security framework that can be used to set up access control on Cisco routers, switches, firewalls, and other network appliances. AAA provides the ability to to control who is allowed to access network devices and what services the user should be allowed to access. AAA services are commonly used to control telnet or console access to network devices.

AAA uses RADIUS, TACACS+, and Kerberos as authentication protocols to administer its security functions. A network device such as a router requiring AAA services establishes a connection to the security server using one of these three protocols. The security server is a Windows or Linux host external to the network device, and contains a database containing user names and passwords among other parameters. AAA on a Cisco network device can also be configured to use a local database of user names and passwords. AAA is enabled using the global configuration command aaa new-model.

In addition to AAA, several other simpler and less elaborate measures are available to achieve network access control, including the following:

  • Local username authentication
  • Enable password authentication
  • Line password authentication