What is a AAA Server?

An AAA server refers to the process of authentication, authorization and accounting utilized by the Remote Authentication Dial In User Services (RADIUS) network protocol. RADIUS permits remote users or computers to access a computerized network server. When the AAA server process is not required, a server is called “open” or “anonymous.” RADIUS and AAA server protocol is usually used by internet service providers (ISPs) to identify and bill their clients. It is also used by companies to identify and allow network access to their employees when they are working from a remote location.

When a user sends a request for access to a network server from a remote location, it must identify itself to the server. The request is usually composed of “credentials,” which usually take the form of a username and password or passphrase. The request also sends information such as a dial-up phone number or network address for the network to verify the user’s identity. The network checks the user's information against its database.

Once the user’s identity is verified, the network sends back a response of either “access rejected,” “access challenged” or “access accepted.” If access is rejected, the user is totally denied access to the network, usually because of unconfirmed or invalid credentials. If access is challenged, the network will ask for additional information in order to verify the user. Usually, this occurs in networks with a higher level of security. If access is accepted, the user is authenticated, and given access to the network.

Once authenticated, the server will then check to see if the user is authorized to gain access to use the particular programs or pages the user requests to use. Some users will be allowed to access some portions of the server but will not be authorized to use others.

The final process in the AAA server protocol is accounting. When a user is granted access to a network’s server, an “accounting start” signal is transmitted to the server. While the user is on the network, interim access signals may be sent to the network server for updates on the user’s session. When the user closes his network access, an “accounting stop” signal is transmitted and recorded in the network, providing information on the time, data transferred, and other information regarding the user’s access. This data is sent so that the user can be billed for his usage, but may also be used for security, monitoring or statistic gathering purpose.