To access a network device there are various methods. These network access methods are also used to access wireless components. So, here, we will talk about these access methods.
AAA Authentication, Authorization, Accounting
Access control is the way you control who is allowed access to the network device and what services they are allowed to use once they have access
Authentication, authorization, and accounting (AAA) network security services provide the primary framework through which you set up access control on your router or access server
Authentication—Provides the method of identifying users, including login and password dialog, challenge and response, messaging support, and, depending on the security protocol you select, encryption
Authorization—Provides the method for remote access control, including one-time authorization or authorization for each service, per-user account list and profile, user group support, and support of IP, IPX, ARA (AppleTalk), and Telnet
Accounting—Provides the method for collecting and sending security server information used for billing, auditing, and reporting, such as user identities, start and stop times, executed commands (such as PPP), number of packets, and number of bytes
In many circumstances, AAA uses protocols such as RADIUS, TACACS+, or Kerberos to administer its security functions
If your router or access server is acting as a network access server, AAA is the means through which you establish communication between your network access server and your RADIUS, TACACS+, or Kerberos security server
TACACS+ Terminal Access Controller Access Control Service Plus
TACACS+ is a security application that provides centralized validation of users attempting to gain access to a router or network access server
TACACS+ services are maintained in a database on a TACACS+ daemon running, typically, on a UNIX or Windows NT workstation
You must have access to and must configure a TACACS+ server before the configured TACACS+ features on your network access server are available
TACACS+ provides for separate and modular authentication, authorization, and accounting facilities
TACACS+ allows for a single access control server (the TACACS+ daemon) to provide each service—authentication, authorization, and accounting—independently
Each service can be tied into its own database to take advantage of other services available on that server or on the network, depending on the capabilities of the domain
The goal of TACACS+ is to provide a methodology for managing multiple network access points from a single management service
The Cisco family of access servers and routers and the Cisco IOS user interface (for both routers and access servers) can be network access servers
RADIUS Remote Access Dial-In User Service
RADIUS is a fully open protocol, distributed in source code format, that can be modified to work with any security system currently available on the market.
RADIUS is a distributed client/server system that secures networks against unauthorized access.
In the Cisco implementation, RADIUS clients run on Cisco routers and send authentication requests to a central RADIUS server that contains all user authentication and network service access information.
Cisco supports RADIUS under its AAA security paradigm.
RADIUS can be used with other AAA security protocols, such as TACACS+, Kerberos, and local username lookup.
RADIUS is supported on all Cisco platforms, but some RADIUS-supported features run only on specified platforms.
TACACS+ vs RADIUS
The primary functional difference between RADIUS and TACACS+ is that TACACS+ separates out the Authorization functionality, where RADIUS combines both Authentication and Authorization.
When a RADIUS Authentication request is sent to the AAA server, the AAA client expects to receive a reply containing the Authorization result.