Due to the scaling of large networks, creating a user account on each router can be an inconvenience. If the account's details are adjusted on one device, the network engineer will need to replicate the changes to all other devices on the network individually. A convenient solution to adjust scaling and ensuring that all of the accounts and privileges are kept synchronized is to use a centralized AAA server such as a Cisco Access Control Server (ACS) or a Cisco Identity Services Engine (ISE):
The user accounts are created on the ACS or ISE appliance. The routers and switches are configured to query the AAA server if they receive any login requests. The AAA server would also be responsible for providing privileges and getting logs of the activities of each user.
Examples of these security protocols are as follows:
- RADIUS
- TACACS+