AAA can be implemented in a network as a local or centralized deployment. With local AAA, the functions are performed on a local device, such as a router or switch, and are not shared with other devices. In this scenario, the authentication and access control policies are stored locally on the device, and each device must be individually configured.
As you can see in the image above, when AAA is implemented on a per-device basis, it can be perfect for small networks but inefficient and difficult to manage in larger networks.
Centralized AAA, on the other hand, refers to a model where all the AAA functions are performed by a centralized server, such as a RADIUS (Remote Authentication Dial-In User Service) or TACACS+ (Terminal Access Controller Access Control System Plus) server. In this model, authentication, authorization, and accounting policies are stored centrally, and all network devices can be configured to access and use these policies.
As you can see in the figure above, this provides a more scalable and manageable approach, particularly in large or complex networks. It also provides better security, as centralized AAA policies can be more easily audited and managed, ensuring consistent security policies across the network.