The credit card identifies who can use it, how much that user can spend, and keeps an account of what items or services the user purchased.ĪAA provides the primary framework to set up access control on a network device. The AAA concept is similar to using a credit card, as shown in the figure. AAA ComponentsĪAA stands for Authentication, Authorization, and Accounting.
#AAA ACCOUNTING EXEC CISCO SECURE ACCESS CONTROL SYSTEM PASSWORD#
For example, what if the administrator forgets the username and password for that device? With no backup method available for authentication, password recovery becomes the only option.Ī better solution is to have all devices refer to the same database of usernames and passwords from a central server. The local database configuration provides no fallback authentication method.In a large enterprise environment with multiple routers and switches to manage, it can take time to implement and change local databases on each device. User accounts must be configured locally on each device.The local database method has some limitations: R1(config)# username Admin secret Str0ng3rPa55w0rd R1(config)# crypto key generate rsa general-keys modulus 2048 The following example illustrates SSH and local database methods of remote access.
It provides more accountability because the username is recorded when a user logs in.The username and password can be authenticated by the local database method.It requires a username and a password, both of which are encrypted during transmission.SSH is a more secure form of remote access: Anyone with the password can gain entry to the device. This method provides no accountability and the password is sent in plaintext. This method is the easiest to implement, but it is also the weakest and least secure. The simplest method of remote access authentication is to configure a login and password combination on console, vty lines, and aux ports, as shown in the vty lines in the following example. Many types of authentication can be performed on networking devices, and each method offers varying levels of security. In this topic, you will learn more about AAA and the ways to control access. In the previous topic, you learned that a NAC device provides AAA services.