Version: Next

AAA protocols

AAA stands for (Authentication, Authorization, Accounting)
Family of protocols that mediate network access.
Sometimes these protocols are used in combination with
- Point-to-Point Protocol (PPP)
- Extensible Authentication Protocol (EAP)
- Protected Extensible Authentication Protocol (PEAP)
- Lightweight Directory Access Protocol (LDAP)
Most commonly used protocol is RADIUS and then Diameter, meanwhile older systems use TACACS and TACACS+

RADIUS

Stands for Remote Authentication Dial In User Service
📝 Commonly used by ISPs (Internet Service Providers) and corporations for access control
Primarily used to manage access to the internet or other networks
- Networks can employ a variety of networking technologies, including analog modems, DSL, wireless local area networks (WLANs), and VPNs.
Based on UDP (User Datagram Protocol)
Flexible and extensible offering a variety of ways to authenticate the user
Requires setting-up a RADIUS back-end server.
- Usually integrated with AD (active directory)

Authentication framework used by Enterprise WPA operation mode.
Strong when used with TLS (EAP-TLS)
- Higher security when client-side certificates are hosted in smart cards.
Extends and replaces Point-to-Point Protocol (PPP).

Secure standard using TLS protocol
Requires mutual authentication
- Where the client-side certificate can be stored in e.g. smart cards.

Terminal Access Controller Access-Control System Plus
Provides access control for routers, network access servers, and other networked computing devices via one or more centralized servers.
Based on TACACS but an entirely new protocol (incompatible with TACACS)
Runs on older systems but generally replaced by RADIUS