Showing results for 
Search instead for 
Did you mean: 




What is AAA?

AAA stands for:

  • Authentication
  • Authorization
  • Accounting





  • Refers to confirmation that a user who is requesting a service is a valid user.
  • Accomplished via the presentation of an identity and credentials.
  • Examples of credentials are passwords, one-time tokens, digital certificates, and phone numbers (calling/called).




  • Refers to the granting of specific types of service (including "no service") to a user, based on their authentication.
  • May be based on restrictions, for example time-of-day restrictions, or physical location restrictions, or restrictions against multiple logins by the same user.
  • Examples of services include, but are not limited to: IP address filtering, address assignment, route assignment, encryption, QoS/differential services, bandwidth control/traffic management.





  • Refers to the tracking of the consumption of network resources by users.
  • Typical information that is gathered in accounting is the identity of the user, the nature of the service delivered, when the service began, and when it ended.
  • May be used for management, planning, billing etc.



AAA server provides all the above services to its clients.


AAA Protocols:


Terminal Access Controller Access Control System (TACACS):


TACACS is a remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access to the network. Unix daemon is TACACSD and runs on port 49. It uses TCP.




TACACS+ is a protocol which provides access control for routers, network access servers and other networked computing devices via one or more centralized servers. It uses TCP and provides separate authentication, authorization and accounting services. Port is 49.




Remote Authentication Dial In User Service is an AAA protocol for applications such as Network Access or IP Mobility.




Diameter is a planned replacement of RADIUS.




See Also


Content for Community-Ad