Benefits of Using AAA
• Authentication—Identifies users, including login and password dialog, challenge and response, messaging
• Authorization—Provides access control.
• Accounting—Provides the method for collecting information, logging the information locally, and
The Cisco NX-OS software supports authentication, authorization, and accounting independently. For
Note
example, you can configure authentication and authorization without configuring accounting.
Benefits of Using AAA
AAA provides the following benefits:
• Increased flexibility and control of access configuration
• Scalability
• Standardized authentication methods, such as RADIUS and TACACS+
• Multiple backup devices
Remote AAA Services
Remote AAA services provided through RADIUS and TACACS+ protocols have the following advantages
over local AAA services:
• User password lists for each Cisco Nexus 5000 Series switch in the fabric are easier to manage.
• AAA servers are already deployed widely across enterprises and can be easily used for AAA services.
• The accounting log for all switches in the fabric can be centrally managed.
• User attributes for each switch in the fabric than using the local databases on the switches are easier to
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
228
support, and, encryption depending on the security protocol that you select.
Authentication is the process of verifying the identity of the person or device accessing the Cisco Nexus
5000 Series switches. This process is based on the user ID and password combination provided by the
entity trying to access the switch. The Cisco Nexus 5000 Series switches allow you to perform local
authentication (using the local lookup database) or remote authentication (using one or more RADIUS
or TACACS+ servers).
AAA authorization is the process of assembling a set of attributes that describe what the user is authorized
to perform. Authorization in Cisco Nexus 5000 Series switches is provided by attributes that are
downloaded from AAA servers. Remote security servers, such as RADIUS and TACACS+, authorize
users for specific rights by associating attribute-value (AV) pairs, which define those rights with the
appropriate user.
sending the information to the AAA server for billing, auditing, and reporting.
The accounting feature tracks and maintains a log of every management session used to access the Cisco
Nexus 5000 Series switches. You can use this information to generate reports for troubleshooting and
auditing purposes. You can store accounting logs locally or send them to remote AAA servers.
manage.
Information About AAA
OL-16597-01