AAA consists of the following three elements:
* Authentication: Identifies users by login and password using challenge and response methodology before the user even gains access to the network. Depending on your security options, it can also support encryption.
* Authorization: After initial authentication, authorization looks at what that authenticated user has access to do. RADIUS or TACACS+ security servers perform authorization for specific privileges by defining attribute-value (AV) pairs, which would be specific to the individual user rights. In the Cisco IOS, you can define AAA authorization with a named list or authorization method.
* Accounting: The last "A" is for accounting. It provides a way“o” collecting security information that you can use for billing, auditing, and reporting. You can use accounting to see what users do once they are authenticated and authorized. For example, with accounting, you could get a log of when users logged in and when they logged out.