1. Manuals
  2. Brands
  3. ZyXEL Communications Manuals
  4. Network Router
  5. IES4005M
  6. User manual

Aaa Commands - ZyXEL Communications IES4005M User Manual

2u 5-slot temperature-hardened chassis msan
Hide thumbs
Table of Contents

Advertisement

11.8 AAA Commands

Use these commands to configure authentication, authorization and accounting on the IES.
Authentication, Authorization, Accounting (AAA)
Authentication is the process of determining who a user is and validating access to the system. The
system can authenticate users who try to log in based on user accounts configured on the system
itself. The system can also use an external authentication server to authenticate a large number of
users.
Authorization is the process of determining what a user is allowed to do. Different user accounts
may have higher or lower privilege levels associated with them. For example, user A may have the
right to create new login accounts on the system but user B cannot. The system can authorize users
based on user accounts configured on the system itself or it can use an external server to authorize
a large number of users.
Accounting is the process of recording what a user is doing. The system can use an external server
to track when users log in, log out, execute commands and so on. Accounting can also record
system related actions such as boot up and shut down times of the system.
The external servers that perform authentication, authorization and accounting functions are known
as AAA servers. The system supports RADIUS (Remote Authentication Dial-In User Service) and
TACACS+ (Terminal Access Controller Access-Control System Plus) as external authentication and
accounting servers. The system supports TACACS+ as external authorization server only.
Local User Accounts
By storing user profiles locally on the IES, your IES is able to authenticate and authorize users
without interacting with a network authentication server. However, there is a limit on the number of
users you may authenticate in this way.
RADIUS and TACACS+
RADIUS and TACACS+ are security protocols used to authenticate users by means of an external
server instead of (or in addition to) an internal device user database that is limited to the memory
capacity of the device. In essence, RADIUS and TACACS+ authentication both allow you to validate
an unlimited number of users from a central location.
The following table describes some key differences between RADIUS and TACACS+.
Table 68 RADIUS vs. TACACS+
Transport Protocol
Encryption
IES4005M User's Guide
RADIUS
UDP (User Datagram Protocol)
Encrypts the password sent for
authentication.
Chapter 11 Management
TACACS+
TCP (Transmission Control Protocol)
All communication between the IES and
the TACACS+ server is encrypted.
97

Advertisement

Table of Contents
loading

Related Manuals for ZyXEL Communications IES4005M

Related Content for ZyXEL Communications IES4005M

Table of Contents