Accounting; Summary Of Aaa Features - 3Com 3CRWX120695A, 3CRWX440095A Configuration Manual

284 C 13: C
HAPTER ONFIGURING

Accounting

Summary of AAA
Features
AAA N U
FOR ETWORK SERS
Regardless of whether you configure the user and attributes on RADIUS
servers or the switch's local database, the VLAN attribute is required. The
other attributes are optional.
MSS also supports accounting. Accounting collects and sends
information used for billing, auditing, and reporting — for example, user
identities, connection start and stop times, the number of packets
received and sent, and the number of bytes transferred. You can track
sessions through accounting information stored locally or on a remote
RADIUS server. As network users roam throughout a Mobility Domain,
accounting records track them and their network usage.
Depending on your network configuration, you can configure
authentication, authorization, and accounting (AAA) for network users to
be performed locally on the WX switch or remotely on a RADIUS server.
The number of users that the local WX database can support depends on
your platform.
AAA for network users controls and monitors their use of the network:
Classification for customized access. As with administrative and
console users, you can classify network users through username
globbing. Based on the structured username, different AAA
treatments can be given to different classes of user. For example,
users in the human resources department can be authenticated
differently from users in the sales department.
Authentication for full or limited access. IEEE 802.1X network
users are authenticated when they identify themselves with a
credential. Authentication can be passed through to RADIUS,
performed locally on the WX switch, or only partially "offloaded" to
the switch. Network users without 802.1X support can be
authenticated by the MAC addresses of their devices. If neither
802.1X nor MAC authentication apply to the user, they can still be
authenticated by a fallthru method, either WebAAA or last-resort
authentication. Optionally, you can disable the fallthru option by
setting the fallthru type to none.
Authorization for access control. Authorization provides access
control by means of such mechanisms as per-user security access
control lists (ACLs), VLAN membership, Mobility Domain assignment,
and timeout enforcement. Because authorization is always performed
on network access users so they can use a particular VLAN, the WX