Review - Chapter 7 Flashcards
What does AAA stand for?
Authentication, Authorization, and Accounting.
What is AAA?
An architectural framework through which the network access control policy is enforced on the networking device.
Authentication
The process of identifying a user before that user is allowed access to a protected resource.
Authorization
After the user gains access to the network. It allows you to control the level of access users have.
Accounting
After authentication. It enables you to collect information about the user activity and resource consumption.
Benefits of AAA
- Increased flexibility and control of access configuration
- Scalability
- Standardized authentication methods
- Multiple backup systems
Authentication Options
Local: local method
Remote: group method
RADIUS
A fully open standard protocol that uses UDP port 1812 for authentication and authorization, and UDP port 1813 for accounting.
TACACS+
Cisco proprietary protocol that allows for greater modularity by total separation of all AAA functions, and uses TCP port 49.
Limitations of RADIUS
Device-to-device: doesn’t offer two-way authentication.
Networks using multiple service: binds a user to a single service model, can’t bind simultaneously to character and PPP mode.
Limitations of TACACS+
Multivendor environment: developed as a completely new version of the older TACACS protocol, some vendors may not support it.
When speed is of concern: TCP is a connection-oriented protocol, may have higher latency.
Identity-Based Networking
A concept that unites several features to include authentication, access control, mobility, and user policy components in order to provide and restrict users with the network services they are entitled to.
802.1X Client Server Model Components
Client: workstation/laptop
Authenticator: edge switch/wireless access point
Authentication Server: RADIUS with EAP
EAP
Extensible Authentication Protocol
UTC
Coordinated Universal Time
