--> AAA stands for Authentication Authorization Accounting.
--> AAA mainly used for two functions
i) Device Administration
ii) Network Access
Device Administration:
--> Device Administration is a method of AAA providing secure access to network device console, SSH session, and Telnet Session.
--> Device Administration requires one-time authentication and multiple times authorization.
--> AAA protocol Tacacs is used to provide secure Device Administration as it separates authentication, authorization, and accounting.
Network Access
--> Secure Network Access is nothing about knowing about the device or user before allowing into the network.
--> The user/ machine need to be authenticated before getting access to the network.
--> AAA protocol Radius is used to provide secure network access as it is the only protocol which is supported by IEEE 802.1x.
--> Tacacs is not supported by IEEE 802.1x
--> If AAA new-model is enabled on the switch then switch uses local authentication for device access even though local authentication is not configured.
--> It is recommended to configure local authentication before configuring aaa new-model.
--> When we are specifying the fallback method on method list, it will be considered only when the first method is not accessible or there is an error in accessing via the first method.
--> If first method is accessible and user authentication is failed in the first authentication method then that time switch won't consider fallback authentication method.
--> AAA mainly used for two functions
i) Device Administration
ii) Network Access
Device Administration:
--> Device Administration is a method of AAA providing secure access to network device console, SSH session, and Telnet Session.
--> Device Administration requires one-time authentication and multiple times authorization.
--> AAA protocol Tacacs is used to provide secure Device Administration as it separates authentication, authorization, and accounting.
Network Access
--> Secure Network Access is nothing about knowing about the device or user before allowing into the network.
--> The user/ machine need to be authenticated before getting access to the network.
--> AAA protocol Radius is used to provide secure network access as it is the only protocol which is supported by IEEE 802.1x.
--> Tacacs is not supported by IEEE 802.1x
--> If AAA new-model is enabled on the switch then switch uses local authentication for device access even though local authentication is not configured.
--> It is recommended to configure local authentication before configuring aaa new-model.
--> When we are specifying the fallback method on method list, it will be considered only when the first method is not accessible or there is an error in accessing via the first method.
--> If first method is accessible and user authentication is failed in the first authentication method then that time switch won't consider fallback authentication method.
0 comments:
Post a Comment