In this tutorial I will explain shortly what is AAA and how to enable AAA on a Cisco router and some basic AAA authentication configuration. Please note that this is only about the router end configuration.
What is AAA?
AAA services are like a security package, which provides a massive security to a device.
AAA stands for Authentication, authorization and accounting.
Validate who you are, instead of enable secret now u have username and password to login.
Tells you what you can do. Define different user’s privileges and access levels.
Use for monitoring and for keeping history. Tracks what you did on a device.
By using AAA u can control PPP links, aux port, dialup modem, VTY, VPN access anything that required password.
There are two famous protocols use for AAA services that are
Radius server is open standard where as Tacacs+ server is Cisco proprietary. You can also use the Microsoft Active directory services as AAA server.
For AAA demonstration I have created the following topology in which R1 is enabled for AAA authentication. In first step I have created an AAA authentication group named “viki-group” in which I define server-group priority and radius server address which is not present here but due to priority router first look for an Radius server and then authenticate user from their local database . Second step is enable AAA for your required service in my case I enabled it for VTY access.
R1(config-if)#ip add 22.214.171.124 255.255.255.0
R1(config)#aaa authentication login viki-login group radius local (Server priority)
R1(config)#radius-server host 192.168.1.1 key password (Server Address)
R1(config)#username viki password cisco (Local user Database)
R1(config)#line vty 0 4
R1(config-line)#login authentication viki-login (enable AAA for Telnet access)
Radious(config-if)#ip address 126.96.36.199 255.255.255.0
For verification telnet to 188.8.131.52 and now router authenticate you with a user name and password.