Authentication, Authorization, and Accounting
18 7705 SAR OS System Management Guide
Authentication, Authorization, and Accounting
This chapter describes authentication, authorization, and accounting (AAA) used to monitor
and control network access on the 7705 SAR. Network security is based on a multi-step
process. The first step, authentication, validates a user’s name and password. The second step
is authorization, which allows the user to access and execute commands at various command
levels based on profiles assigned to the user.
The third step, accounting, keeps track of the activity of a user who has accessed the network.
The type of accounting information recorded can include a history of the commands
executed, the amount of time spent in the session, the services accessed, and the data transfer
size during the session. The accounting data can then be used to analyze trends, and also for
billing and auditing purposes.
You can configure the 7705 SAR to use local, Remote Authentication Dial In User Service
(RADIUS), or Terminal Access Controller Access Control System Plus (TACACS+) security
to validate users who attempt to access the router by console, Telnet, or FTP. You can select
the authentication order that determines the authentication method to try first, second, and
third.
The 7705 SAR supports the following security features:
• RADIUS can be used for authentication, authorization, and accounting
• TACACS+ can be used for authentication, authorization, and accounting
• local security can be implemented for authentication and authorization
Figure 1 depicts end-user access requests sent to a RADIUS server. After validating the user
names and passwords, the RADIUS server returns an access accept message to the users on
ALU-1 and ALU-2. The user name and password from ALU-3 could not be authenticated,
thus access was denied.
To Next Page
Loading...
