AAA Protocols
When using centralized AAA, everything is based on the external server where authentication, authorization, and accounting processes occur. Network devices must use a protocol to exchange AAA data with external servers for this approach to work. The two most popular AAA protocols are:
- RADIUS: A standard protocol that relies on the UDP protocol for providing AAA services. It is best suited for network access requirements, such as providing access to users to different parts of the enterprise network or available services.
- TACACS+: A Cisco proprietary protocol with a similar role to the RADIUS protocol that relies on the TCP protocol. TACACS+ provides better security and is suitable for administrative access, such as accessing and configuring a device.
In summary, AAA is crucial for providing secure access to network resources and administrative functions. The more suitable AAA protocol should be used depending on the organization's needs.