Table of Contents
Advertisement
7.4 AAA Policy
Network Configuration
Authentication, Authorization, and Accounting (AAA) is the mechanism network administrators use to define access control
within the access point managed network.
The access point can optionally use an external RADIUS and LDAP Servers (AAA Servers) to provide user database information
and user authentication data. Each WLAN managed by the access point can maintain its own unique AAA configuration.
AP6522, AP6522M, AP6532, AP6562, AP8132, AP8232 and AP71XX model access points have an onboard RADIUS server
resource, while AP6511 and AP6521 models do not.
AAA provides a modular way of performing following services:
• Authentication — Authentication provides a means for identifying users, including login and password dialog, challenge
and response, messaging support and (depending on the security protocol), encryption. Authentication is the technique by
which a user is identified before allowed access to the access point managed network. Configure AAA authentication by
defining a list of authentication methods, and then applying the list to various access point interfaces. The list defines the
authentication schemes performed and their sequence. The list must be applied to an interface before the defined
authentication technique is conducted.
• Authorization — Authorization occurs immediately after authentication. Authorization is a method for remote access
control, including authorization for services and individual user accounts and profiles. Authorization functions through the
assembly of attribute sets describing what the user is authorized to perform. These attributes are compared to information
contained in a database for a given user and the result is returned to AAA to determine the user's actual capabilities and
restrictions. The database could be located locally on the access point or be hosted remotely on a RADIUS server. Remote
RADIUS servers authorize users by associating attribute-value (AV) pairs with the appropriate user. Each authorization
method must be defined through AAA. When AAA authorization is enabled it's applied equally to all interfaces on the
access point.
• Accounting — Accounting is the method for collecting and sending security server information for billing, auditing, and
reporting user data; such as start and stop times, executed commands (such as PPP), number of packets, and number of
bytes. Accounting enables wireless network administrators to track the services users are accessing and the network
resources they are consuming. When accounting is enabled, the network access server reports user activity to a RADIUS
security server in the form of accounting records. Each accounting record is comprised of AV pairs and is stored on an access
control server. The data can be analyzed for network management, client billing, and/or auditing. Accounting methods must
be defined through AAA. When AAA accounting is activated for the access point, it's applied equally to all interfaces on
the access point's access servers.
To define unique WLAN AAA configurations:
1. Select the
Configuration
2. Select
Network.
3. Select
AAA Policy
The
Authentication, Authorization, and Accounting (AAA)
be selected and applied to the access point.
tab from the Web UI.
to display a high level display of existing AAA policies.
screen lists existing AAA policies. Any of these policies can
7 - 15
Hide quick links:
Advertisement
Table of Contents
