RADIUS & TACACS+ Authentication
Centralized AAA (Authentication, Authorization, Accounting) protocols for network device access control
AAA (Authentication, Authorization, Accounting)
AAA provides centralized access control for network devices, ensuring only authorized users can access network resources with appropriate privileges while maintaining detailed audit logs.
Authentication
"Who are you?"
- Verify user identity
- Username/password validation
- Multi-factor authentication
- Certificate-based auth
Authorization
"What can you do?"
- Determine user privileges
- Command-level access
- Time-based restrictions
- Resource-specific permissions
Accounting
"What did you do?"
- Log user activities
- Command tracking
- Session monitoring
- Compliance reporting
Why Use Centralized AAA?
- Scalability: Manage hundreds of devices centrally
- Consistency: Uniform access policies
- Security: Centralized credential management
- Compliance: Detailed audit trails
- Efficiency: Single point of user management
- Flexibility: Dynamic privilege assignment
- Monitoring: Real-time access tracking
- Recovery: Centralized backup and restore
Server Components Architecture
Authentication Database
Stores user credentials and authentication policies
Authorization Policies
Defines what resources users can access
Accounting System
Logs and monitors user activities
Network Access Server (NAS)
Client device that forwards authentication requests
🔑 Protocol Quick Facts
RADIUS:
- RFC 2865 (Authentication)
- RFC 2866 (Accounting)
- UDP-based protocol
- Industry standard
TACACS+:
- Cisco proprietary
- TCP-based protocol
- Full packet encryption
- Granular authorization
Common Use Cases
Network Device Access
Router, switch, and firewall management
Wireless Authentication
Enterprise Wi-Fi access control
VPN Access
Remote access authentication
Physical Access
Door controllers and security systems