Benefits Of Using Aaa; Remote Aaa Services - Cisco Nexus 9000 Series Configuration Manual

Benefits of Using AAA

Authentication
Authorization
Accounting
Note
The Cisco NX-OS software supports authentication, authorization, and accounting independently. For example,
you can configure authentication and authorization without configuring accounting.
Benefits of Using AAA
AAA provides the following benefits:
• Increased flexibility and control of access configuration
• Scalability
• Standardized authentication methods, such as RADIUS and TACACS+
• Multiple backup devices

Remote AAA Services

Remote AAA services provided through RADIUS and TACACS+ protocols have the following advantages
over local AAA services:
• It is easier to manage user password lists for each Cisco NX-OS device in the fabric.
• AAA servers are already deployed widely across enterprises and can be easily used for AAA services.
• You can centrally manage the accounting log for all Cisco NX-OS devices in the fabric.
• It is easier to manage user attributes for each Cisco NX-OS device in the fabric than using the local
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
10
Identifies users, including login and password dialog, challenge and response, messaging support, and,
depending on the security protocol that you select, encryption.
Authentication is the process of verifying the identity of the person or device accessing the Cisco NX-OS
device, which is based on the user ID and password combination provided by the entity trying to access
the Cisco NX-OS device. Cisco NX-OS devices allow you to perform local authentication (using the
local lookup database) or remote authentication (using one or more RADIUS or TACACS+ servers).
Provides access control.AAA authorization is the process of assembling a set of attributes that describe
what the user is authorized to perform. Authorization in the Cisco NX-OS software is provided by
attributes that are downloaded from AAA servers. Remote security servers, such as RADIUS and
TACACS+, authorize users for specific rights by associating attribute-value (AV) pairs, which define
those rights with the appropriate user.
Provides the method for collecting information, logging the information locally, and sending the
information to the AAA server for billing, auditing, and reporting.
The accounting feature tracks and maintains a log of every management session used to access the Cisco
NX-OS device. You can use this information to generate reports for troubleshooting and auditing purposes.
You can store accounting logs locally or send them to remote AAA servers.
databases on the Cisco NX-OS devices.
Configuring AAA