1. Introduction to AAA
AAA is the abbreviation of Authentication, Authorization, and Accounting. It is a management mechanism for network security and provides three security functions: authentication, authorization, and accounting.
- Authentication: Confirm the identity of the remote user accessing the network and determine whether the visitor is a legal network user.
- Authorization: Grant different permissions to different users and limit the services that users can use. For example, after a user successfully logs in to the server, the administrator can authorize the user to access and print files in the server.
- Billing: Record all operations of users using network services, including service type used, starting time, data traffic, etc. It is not only a billing method, but also plays a monitoring role in network security.
Access control requires that users’ identity information be reviewed before they can access the intranet. Access control is divided into two types: local authentication and authentication server. Local authentication stores user/login password information locally on the device, while AAA (authentication/authorization/accounting) centrally stores user/login password information in the AAA authentication server. .
AAA generally adopts a client/server structure. The client runs on NAS (Network Access Server, usually an access switch), and the server centrally manages users.