Configuring Aaa; Aaa Overview - HP 1910 User Manual

Configuring AAA

AAA overview

Authentication, Authorization, and Accounting (AAA) provides a uniform framework for implementing
network access management. It provides the following security functions:
Authentication—Identifies users and determines whether a user is valid.
•
Authorization—Grants different users different rights and controls their access to resources and
•
services. For example, a user who has successfully logged in to the switch can be granted read and
print permissions to the files on the switch.
Accounting—Records all network service usage information of users, including the service type,
•
start time, and traffic. The accounting function not only provides the information required for
charging, but also allows for network security surveillance.
AAA can be implemented through multiple protocols. The switch series supports RADIUS, the most
commonly used protocol in practice. For more information about RADIUS, see
AAA usually uses a client/server model. The client runs on the network access server (NAS) and the
server maintains user information centrally. In an AAA network, a NAS is a server for users but a client
for the AAA servers, as shown in
Figure 351 Network diagram for AAA
The NAS manages users based on Internet service provider (ISP) domains. On the NAS, each user
belongs to one ISP domain. The NAS determines the ISP domain for a user by the username entered by
the user at login, as shown in
Figure
Network
NAS
Figure 352.
351.
RADIUS server 1
RADIUS server 2
333
"Configuring
Internet
RADIUS."