AAA
1. Historical Context
Before AAA protocols, giving access to network devices was done manually. Each device—like routers and switches—needed to be set up one by one with its own username and password.
This approach had several drawbacks:
- Not Centralized: Since every device stored its own credentials, there was no unified way to manage or control access.
- Security Risks: Local credentials were vulnerable to theft or unauthorized access, especially since each device held its own separate user information.
- Lack of Visibility: Tracking who accessed which device and what they did was nearly impossible.
As networks grew larger, these challenges became more obvious. Businesses needed a centralized system to simplify and secure access to their equipment.
That’s when AAA (Authentication, Authorization, and Accounting) was introduced, providing a reliable and efficient way to control access across all devices.

2. Network Access Without AAA
Imagine a network where every device—routers, switches, and more—has its own local credentials. Users log in separately to each device.
This method comes with major downsides:
- It’s inefficient: Managing every device individually becomes a nightmare as the network grows.
- It’s insecure: With no centralized control, vulnerabilities multiply.

That’s why AAA is a game-changer. It centralizes user management, enforces command controls, and tracks all activities, making your network more secure and manageable.
3. The Need for AAA
AAA is essential for modern networks because it solves key problems by offering:
- Scalability: You can manage access for hundreds or even thousands of devices from one central point.
- Centralized Control: Administrators can set, monitor, and update access policies easily.
- Enhanced Security: Only authorized users get access, and their actions are restricted based on their role.
- Activity Logs: Every action is tracked, providing a clear audit trail for troubleshooting and monitoring.
Example:
Think about a company with hundreds of devices across multiple locations. Without AAA, setting up access on each device separately is slow, inconsistent, and risky. With AAA, you can control everything centrally—who gets in, what they can do, and track every action.
4. Authentication
Authentication is the first step in AAA. It’s all about verifying the user’s identity before allowing access to the network.
- Why It Matters: Only legitimate users should be allowed into your network.

For example:
When Admin123 logs into a router, the AAA server checks their credentials. If the details match, access is granted. If not, the server denies access.
5. Authorization
After a user is authenticated, authorization decides what actions they are allowed to perform.
- Why It Matters: Not everyone needs full access to everything. Authorization ensures users only get the permissions they need.

Admin123 wants to run the show interfaces
command. The AAA server approves the request, and the router shows the details.

Later, Admin123 tries the reload
command, but their permissions don’t allow it. The server denies the command.
6. Accounting
Accounting is the final step of AAA. It tracks and logs all user activities to create a detailed audit trail.
- Why It Matters: Accounting helps you monitor what’s happening on your network, detect unusual behavior, and troubleshoot issues quickly.

For example, the AAA server logs every action by Admin123: login and logout times, commands executed, and whether they were approved or denied.
7. Common AAA Protocols
AAA works through two main protocols:
- RADIUS (Remote Authentication Dial-In User Service):
- A widely-used, standardized protocol that works with different types of network equipment.
- A widely-used, standardized protocol that works with different types of network equipment.
- TACACS+ (Terminal Access Controller Access-Control System Plus):
- A Cisco-proprietary protocol that offers more detailed control over specific user actions.
Both protocols are powerful tools to enforce AAA and keep your network secure.
Next Steps: In the next lesson, we’ll explore the RADIUS protocol, breaking down how it works and why it’s critical for implementing a strong AAA strategy.