Radius Authentication AAA - Salem73616C656D/reading-notes GitHub Wiki

Key Takeaways

Authentication

Process by which it can be identified that the user, which want to access the network resources, valid or not by asking some credentials such as username and password. Common methods are to put authentication on console port, AUX port or vty lines. As a network administrator, we can control how a user is authenticated if someone wants to access the network. Some of these methods include using the local database of that device (router) or sending authentication request to an external server like ACS server. To specify the method to be used for authentication, default or customised authentication method list are used.

Authorization

It provide capabilities to enforce policies on network resources after the user has gain access to the network resources through authentication. After the authentication is successful, authorisation can be used to determine that what resources is the user allowed to access and the operations that can be performed. For example, if a junior network engineer (who should not access all the resources) wants to access the device then the administrator can create a view which will allow particular commands only to be executed by the user (the commands that are allowed in the method list). The administrator can use authorization method list to specify how the user is authorised to network resources i.e through local database or ACS server.

Accounting

It provide means of monitoring and capturing the events done by the user while accessing the network resources.It even monitors how long the user has an access to the network. The administrator can create an accounting method list to specify what should be accounted and to whom the accounting records should be send.

RADIUS: The client sends the server a RADIUS authentication request. You don't decide what's in the request, the client does. The server doesn't decide what's in the request, the client does. The client is 100% responsible for everything in the request.

Vocabulary

No new vocabulary

Conclusion

RADIUS servers allow for, generally, remote authentication. Which satisfies the Auth part of AAA.