AAA stands for Authentication, Authorization and Accounting. It's a security architecture which provides control over what services/resources a user can access, how much of the resources a user can access and also provides a trail of the resources used.
Authentication - verifies user identity and credentials (username/password or digital certificate).
In simple words, authentication requires to provide who the user is. there a three ways for a user to present credentials:
- Something a user know
- Something a user have
- Something a user is
Multifactor authentication describes a situation where multiple credentials are presented, i.e. something you know (username/password) and something you have (smart card)
Authorization - grants access to network resources and services.
Proper authentication must occur, before authorization to network resources can be granted.
Accounting - tracks the use of network resources by users.
It is strongly advisable to use IEEE 802.1x authentication framework in enterprise WLANs. IEEE 802.1x is a port-based access control standard that defines the mechanism necessary to authenticate and authorize devices to network resources.
Very often RADIUS protocol is used with IEEE 802.1x authentication framework. RADIUS stands for Remote Authentication Dial-In User Service. and is a protocol that uses the following ports:
1812/udp (or legacy 1645/udp) - authentication
1813/udp (or legacy 1646/udp) - accounting