Implementing Authentication, Authorization, and Accounting – AAA
Describing the AAA process

AAA enables dynamic configuration of the type of authentication and authorization on a per-line (per-user) or per-service (for example, IP, IPX, or VPDN) basis. Define the type of authentication and authorization by creating method lists, and then applying those method lists to specific services or interfaces.

A method list is a sequential list that defines the authentication methods used to authenticate a user. Method lists enable designation of one or more security protocols to be used for authentication, thus ensuring a backup system for authentication in case the initial method fails. Cisco IOS software uses the first method listed to authenticate users; if that method does not respond, Cisco IOS software selects the next authentication method in the method list. This process continues until there is successful communication with a listed authentication method, or until the authentication method list is exhausted, in which case authentication fails.

NOTE:

Cisco IOS software attempts authentication with the next listed authentication method only when there is no response from the previous method. If any device denies authentication, the authentication process stops; no other authentication methods are attempted.

First, decide what kind of security solution should be implemented. Assess the security risks in the particular network and decide on the appropriate means to prevent unauthorized entry and attack.

Figure shows a table that illustrates the AAA process based on the graphic in Figure .