user list, per-group, or per-protocol basis. AAA lets the administrator create attributes that
describe the functions that the user is allowed to use.
authorized to perform. These attributes are compared to the information contained in a database
for a given user and the result is returned to AAA to determine the user's actual capabilities and
restrictions. This requires that the database be in constant communication with the AAA server
during the connection to the RAS device.
access, executed commands, traffic statistics, and resource usage and then store that
information in the RDBMS. In other words, accounting enables the tracking of service and
resources that are "consumed" by the user. The key point to accounting is the capability of the
administrator to proactively track and predict service and resource usage. This information can
then be used for client billing, internal billing, network management, or audit trails.
understanding and performing a successful configuration of AAA.
the router. On the other hand, packet mode is used on the async, group-async, BRI, PRI, serial,
dialer profiles, and dialer rotaries. These are the communication ports on the router.
indicates a character communication connection that enables control or configuration of the
router. The term communication indicates that the port is being used to access another source
other than the router.
mode sends keystrokes to the router through the TTY, VTY, AUX and CON ports for
configuration or query commands.
traffic is passing through the router to another device. These ports are WAN ports. Packet mode
uses interface mode or a link protocol session to communicate with a device other than the
router. The defined interfaces on the router are async, group-async, BRI, PRI, serial, dialer
profiles, and dialer rotaries. Interfaces become important to the configuration of AAA. Each of
the authentications and authorizations is tied to one of the interfaces.