23
Overview
Introduction to AAA
AAA&RADIUS C
AAA is shortened from the three security functions: authentication, authorization and
accounting. It provides a uniform framework for you to configure the three security
functions to implement the network security management.
The network security mentioned here mainly refers to access control. It mainly
controls:
Which users can access the network,
■
Which services the users having access right can enjoy, and
■
How to perform accounting for the users who are using network resources.
■
Accordingly, AAA provides the following services:
Authentication
AAA supports the following authentication methods:
None authentication: Users are trusted and are not authenticated. Generally, this
■
method is not recommended.
Local authentication: User information (including user name, password, and
■
attributes) is configured on this device. Local authentication is fast and requires
lower operational cost. But the information storage capacity is limited by device
hardware.
Remote authentication: Users are authenticated remotely through the RADIUS
■
protocol (both standard and extended RADIUS protocols can be used). This device
(for example, a S4200G series switch) acts as the client to communicate with the
RADIUS server.
Authorization
AAA supports the following authorization methods:
Direct authorization: Users are trusted and directly authorized.
■
Local authorization: Users are authorized according to the related attributes
■
configured for their local accounts on the device.
RADIUS authorization: Users are authorized after they pass the RADIUS
■
authentication. The authentication and authorization of RADIUS protocol are
bound together, and you cannot perform RADIUS authorization alone without
RADIUS authentication.
Accounting
AAA supports the following accounting methods:
None accounting: No accounting is performed for users.
■
Remote accounting: User accounting is performed on the remote RADIUS server.
■
ONFIGURATION