Authentication Versus Authorization Access control involves both authentication and authorization. People often confuse the two. Authentication is the process of identifying a user; authorization restricts what a user is allowed to do. Cisco router authentication controls can be divided into two main categories—those that use the AAA (authentication, authorization, accounting) access methods and those that don’t. The non-AAA methods include line authentication (console, auxiliary, and VTY ports), local username authentica- tion, and Terminal Access Controller Access Control System (TACACS) or extended TACACS authentication. The AAA authentication methods add TACACS+, RADIUS, and Kerberos. AAA provides much greater control over authentication, authorization, and accounting than do non-AAA methods. While Cisco calls AAA the primary and recommended method of access control, you must configure AAA on your router manually. This chapter describes non-AAA methods of access. AAA will be discussed in Chapter 5.