Introduction To Aaa - 3Com 3C13636 Configuration Manual

3Com Router 3000 Ethernet Family
Configuration Guide
Chapter 2 AAA and RADIUS/HWTACACS Protocol
2.1 Overview

2.1.1 Introduction to AAA

Authentication, Authorization and Accounting (AAA) provide a uniform framework used
for configuring these three security functions to implement the network security
management.
The network security mentioned here refers to access control and it includes:
Which user can access the network server?
Which service can the authorized user enjoy?
How to keep accounts for the user who is using network resource?
Accordingly, AAA provides the following services:
I. Authentication
AAA supports the following authentication methods:
None authentication: All users are trusted and are not authenticated. Generally,
this method is not recommended.
Local authentication: User information (including username, password, and
attributes) is configured on the Broadband Access Server (BAS). Local
authentication features high speed but low cost; the information stored in this
approach is however limited depending on the hardware capacity.
Remote authentication: Supports both RADIUS and HWTACACS protocols. In this
approach, the BAS acts as the client to communicate with the RADIUS or
TACACS server. With respect to RADIUS, you can use the standard RADIUS
protocol or Huawei extended RADIUS protocol to complete authentication in
collaboration with devices like iTELLIN/CAMS.
II. Authorization
AAA supports the following authorization methods:
Direct authorization: All users are trusted and directly authorized to pass.
Local authorization: Users are authorized according to the attributes related to
their accounts on the BAS.
HWTACACS authorization: Users are authorized using a TACACS server.
If-authenticated authorization: Users are authorized to pass if they are
authenticated and using any allowed method other than none authentication.
Chapter 2 AAA and RADIUS/HWTACACS Protocol
Configuration
3Com Corporation
2-1
Configuration