AAA - QUERY

Hi I just wanted some clarification on when to use AAA or when Not need to due to something else being used I think?

Im aware that I can configure AAA on cisco routers - Ok all good

I keep getting confused with the below as I am sure I am wrong as have read about these but can never remember what is what!!!! Can anyonne give me simple one line answers as would be appreciated?

- IAS - Internet Accelerated Server - Speeds up the Internet connection aswell
- TACACS server- Another type of server simular to AAA - I think
- RADIUS Sever - Deals with Fault-tolerance and not logons
- RRAS - Im of the understanding this is used for VPN's or anyone logging on remotely unless they have a direct connection

I
mikey250Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

John MeggersNetwork ArchitectCommented:
I'll comment on TACACS and RADIUS

RADIUS (Remote Authentication Dial-In User Service) is used for AAA -- authentication, authorization and accounting.  Depending on what you mean by not dealing with logons, that's incorrect, since it is used for authenticating and authorizing users logging into VPNs, wireless networks, etc.  Uses UDP ports 1645 and 1646 (old) and 1812 / 1813 (IANA).  The first port is used for authentication and authorization, while the second port is used for accounting.

TACACS (Terminal Access Controller Access-Control System) is also used for authenticating users, but it's mostly used for access control into network devices themselves (routers, switches, etc.) and not for authenticating access to network services (such as VPN authentication). Uses TCP port 49.

At least some servers (such as Cisco ACS) can do both RADIUS and TACACS.  There's a lot more specific information out there is you look for it.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mikey250Author Commented:
Radius - My routers have the capability to be configuredd for AAA.

I think I remember looking into IAS and Radius on my Win 2003 server which involved AAA which confused me if it could be configured on my routers and switches.  Do you have any input on this?

Tacacs - Ive seen this in the workplace but no one could give me an exact answer like that.  What if a user wanted to logon from home or from some other place remotely in order that they could fix a problem with a router or switch ?

Thanks!
0
ipajonesCommented:
To clarify AAA is not RADIUS.  AAA on a router can make use of a RADIUS server for the purposes of Authentication, Authorisation and Accounting.  AAA is simply how these 3 A's are setup on a Cisco router/switch.

TACACS when configured causes login authentication requests to the router/switch to be passed to a centralised TACACS server.  If a user can access the network device remotely then the authentication request would be passed to the TACACS server from the network device just the same as if the user was directly connected.
--IJ
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

mikey250Author Commented:
Thats what I was wondering if one device such as a router has the capability to be configured with AAA does that mean the other is not used.  But ok both!!

Radius is presumably used just for 'Dial-up' capability only?
0
ipajonesCommented:
No actually RADIUS can be used for many different authentication requirements, I think it's just that it was originally created when remote access was largely Dial-In access.  In simple terms you can think of a RADIUS server as an external authentication source, it's just a way of supporting authentication requests being passed to another device which handles the authentication requests.
0
mikey250Author Commented:
Hi ipajones,  been doing some more reading yesturday and youtube videos and beginning to understand better.

Also I kept getting confused with IAS & ISA when it is IAS that features AAA.  I whatched a video yesturday that used 2 servers to configure IAS/AAA & RRAS so Im beginning to understand now also.

thanks for your comments anyway and your comments for RADIUS...!
0
mikey250Author Commented:
Oh and Radius Server added also..ie

Server 01
Win 2003
Dns
Dhcp
Radius Server
IAS/AAA

Server 02
Win 2003
Public/Private addresses configured already
RRAS
0
ipajonesCommented:
No problem. Glad to have been of some help!
0
mikey250Author Commented:
Although I received good advice I found a Youtube video that confirmed with more understanding the experts advice.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.