HCIE must know AAA basic concepts
In the real network environment, what if we encounter the following problems?
- If the company only wants employees to perform identity authentication when they access certain resources, how to achieve it?
- If the company allows employees to set permissions when accessing certain specific resources, how to achieve it?
- If you want to record the employee’s use of the Internet, how to achieve it?
A good solution at this time is to use the AAA mechanism, that is, the authentication, authorization, and accounting mechanisms, which are a management mechanism for network security.
In order to realize the functions of user authentication, authorization and audit, prevent illegal users from logging in and increase security. The realization of AAA function can be realized through a variety of protocols. Currently, AAA is mainly realized based on the RADIUS protocol or the TACACS protocol.
AAA can be authenticated in the following ways:
- For users who are very trusted, it is not necessary to check their legality.
- In order to reduce costs and achieve rapid authentication, a local authentication method that configures user information on the device can be adopted. The disadvantage is that the amount of stored information is limited by the hardware conditions of the device.
- To avoid the shortcomings of local authentication, remote authentication can be adopted. Configure user information on the authentication server, which is the RADIUS or TACACS method we mentioned.
The AAA authorization method can also adopt three corresponding methods:
- No authorization processing
- Perform local authorization
- Perform remote authorization
AAA audit methods can also be non-audit and remote audit.
Get 100% accurate CCIE/ CCNP/CCNA/HCIE dumps in IELAB .
Please follow us if you like our articles.
visit us: http://ielab.network
Facebook : https://www.facebook.com/ielab.network/