Table of Contents
Advertisement
6 - 72 WiNG 5 Access Point System Reference Guide
6.4 AAA Policy
Authentication, Authorization, and Accounting (AAA) provides the mechanism network administrators define access
control within the access point managed network.
The access point can optionally use an external RADIUS and LDAP Servers (AAA Servers) to provide user database
information and user authentication data. Each WLAN managed by the access point can maintain its own unique AAA
configuration. AP-7131, AP-6532 and AP-7161 model access points have an onboard RADIUS server resource, while
AP-6511 and AP-6521 models do not.
AAA provides a modular way of performing the following services:
Authentication — Authentication provides a means for identifying users, including login and password dialog,
challenge and response, messaging support and (depending on the security protocol), encryption. Authentication is
the technique by which a user is identified before allowed access to the access point managed network. Configure
AAA authentication by defining a list of authentication methods, and then applying the list to various access point
interfaces. The list defines the authentication schemes performed and their sequence. The list must be applied to an
interface before the defined authentication technique is conducted.
Authorization — Authorization occurs immediately after authentication. Authorization is a method for remote access
control, including authorization for services and individual user accounts and profiles. Authorization functions through
the assembly of attribute sets describing what the user is authorized to perform. These attributes are compared to
information contained in a database for a given user and the result is returned to AAA to determine the user's actual
capabilities and restrictions. The database could be located locally on the access point or be hosted remotely on a
RADIUS server. Remote RADIUS servers authorize users by associating attribute-value (AV) pairs with the appropriate
user. Each authorization method must be defined through AAA. When AAA authorization is enabled it's applied
equally to all interfaces on the access point.
Accounting — Accounting is the method for collecting and sending security server information for billing, auditing,
and reporting user data; such as start and stop times, executed commands (such as PPP), number of packets, and
number of bytes. Accounting enables wireless network administrators to track the services users are accessing and
the network resources they are consuming. When accounting is enabled, the network access server reports user
activity to a RADIUS security server in the form of accounting records. Each accounting record is comprised of AV pairs
and is stored on an access control server. The data can be analyzed for network management, client billing, and/or
auditing. Accounting methods must be defined through AAA. When AAA accounting is activated for the access point,
it's applied equally to all interfaces on the access point's access servers.
To define unique WLAN AAA configurations:
1. Select
Configuration
The
Authentication, Authorization, and Accounting (AAA)
Any of these policies can be selected and applied to the access point.
>
Wireless
>
AAA Policy
to display existing AAA policies.
screen lists those AAA policies created thus far.
Hide quick links:
Advertisement
Table of Contents
