Authentication, Authorization and Accounting

This chapter is a reference for the authentication:

Authentication identifies users by challenging them to provide a user name and password. This information can be encrypted if required, depending on the underlying protocol.
Authorization provides a method of authorizing commands and services on a per user profile basis.

Authorization will be auto-enabled if user enables the Authentication.
Accounting collects detailed system and command information and stores it on a central server where it can be used for security and quality assurance purposes.

The authentication feature allows you to verify the identity and, grant access to managing devices. The authentication feature works with the access control protocols as described in these chapters:

•

RADIUS Commands

•

TACACS+ Commands

Only network administrators can execute these commands. For more, see the username command.

The commands below are supported only on the “management” VRF Virtual Routing and Forwarding.

Per-command authorization needs to be enabled explicitly by the user whereas Session based authorization will be implicitly enabled when user enables authentication.

This chapter describes these commands: