AAA Architecture for Unified Configuration Management in Large-Scale Network

Abstract

Unified configuration management of network devices in large-scale environment is an important issue. As a traditional method, password authentication by router can not verify the administrators' identities. In other words, someone who actually is not an administrator, can also access the router if he knows password. In this paper, we present a new policy-based AAA architecture that uses VPN and certificate-based authentication. By implementing the architecture, administrators can access authorized routers only and execute authorized commands. Single Sign-On mechanism is used to simplify authentication process. Moreover, the actions of administrators can be logged for accounting. Finally, we implement the architecture in Tianjin Education Metropolitan Area Network.