Section 3: AAA Configuration

Authentication, authorization, and accounting (AAA) are three services common to most Cisco devices. They are core networking services, and are related to users on the system.

The first thing you want to do is authenticate your users to see who they are and to ensure they are allowed to connect to the system. After you have authenticated the users, you can then authorize them to perform specific activities (so that all users do not have the same access rights on the system). You might also want to enable accounting to record what your users are doing on the system; you can log such items as logon and logoff times and any commands entered if they are connected in-line to a device.

Authentication protocols are used to provide the AAA services. The two authentication protocols used in Cisco environments are TACACS+ and RADIUS. Both TACACS+ and RADIUS can be used on the Cisco ASA for AAA services.