Managing Cisco Network Security, Second Edition

Authentication, authorization, and accounting (AAA) is an architectural framework for providing the independent but related functions of authentication, authorization, and accounting, and is critical to providing secure remote access to both network devices and resources. The AAA framework typically consists of both a client and a server. The AAA client (for example, a router or network access server (NAS)) requests authentication, authorization, and/or accounting services from a AAA server (for instance, a UNIX or Windows server with appropriate software) that maintains databases containing the relevant AAA information.
Typically, an AAA framework is effective in three ways:
It provides centralized authentication for the administration of a large number of routers. An example is a small- to medium-sized business that has a relatively high ratio of routers to network administrators. Centralized authentication would ease the administrative burden of the routers, but because the number of administrators is low, centralized authorization and accounting would not be beneficial.
It provides flexible authorization capabilities. An example is a global enterprise that has a large number of both routers and administrators. Administrative duties might be divided along operational and configuration lines such that the implementation of centralized authorization would be an effective addition to centralization authentication.
It provides relevant usage or billing information. An example is a service provider that charges customers based on network usage statistics. In this case, the centralized authentication and authorization would be an effective means of supporting the router and NAS administration, while centralized accounting would provide the business with...