CHAPTE R
22-1
Cisco Prime Network 4.0 User Guide
OL-29343-01
22
Monitoring AAA Configurations
AAA refers to Authentication, Authorization, and Accounting, which is a security architecture for
distributed systems that determines the access given to users for specific services and the amount of
resources they have used.
Authentication—This method identifies users, including their login and password, challenge and
response, messaging support, and encryption. Authentication is the way to identify a subscriber
before providing access to the network and network services.
Authorization—This method provides access control, including authorizati on for a s ubscribe r or
domain profile. AAA authorization sends a set of attributes to the service describing the services
that the user can access. These attributes determine the user’s actual capabilities and restrictions.
Accounting—This method collects and sends subscriber usage and access information used for
billing, auditing, and reporting. For example, user identities, start and stop times, performed actions,
number of packets, and number of bytes. Accoun ting enables an oper ator to a nalyze t he services that
the users access as well as the amount of network resources they co nsum e. Ac count ing r ecor ds
comprise accounting Attribute Value Pairs (AVPs) and are stored on the accounting server. This
accounting information can then be analyzed for network management, client billing, and/or
auditing.
This chapter contains the following topics:
Supported Network Protocols, page 22-1
Viewing AAA Configurations in Prime Network Vision, page 22-2
Configuring AAA Groups, page 22-12

Supported Network Protocols

AAA supports the following protocols:
Diameter—This is a networking protocol that provides centralized AAA management f or de vices to
connect and use a network service, and an alternative to RADIUS. Diameter Applicatio ns can extend
the base protocol, by adding new commands and/or attributes.
Remote Authentication Dial In User Service (RADIUS)—This is a networking protocol that
provides centralized AAA management for devices to connect and use a network service. RADIUS
is a client/server protocol that runs in the application layer, using UDP as transport. The Remote
Access Server (RAS), the Virtual Private Netwo rk (VPN) serv er, th e network swit ch with port-based
authentication, and the Network Access Server (NAS), are all gateways that control access to the
network, and all have a RADIUS client component that communicates with the RADIUS server.