Aaa Configuration; Introduction To Aaa - H3C S9500E Series Security Configuration Manual

AAA configuration

The switch operates in IRF mode or standalone, (the default), mode. For more information about the IRF
mode, see IRF in the IRF Configuration Guide.

Introduction to AAA

Authentication, authorization, and accounting (AAA) provide a uniform framework for configuring
these three security functions when implementing network security management.
AAA usually uses a client/server model, where the client runs on the network access server (NAS)
and the server maintains user information centrally. In an AAA network, a NAS is a server for
users but a client for the AAA servers. See
Figure 1 AAA networking diagram
When attempting to establish a connection to the NAS and to obtain the rights to access other
networks or network resources, the NAS authenticates you or the corresponding connection. The
NAS can transparently pass your AAA information to the server (RADIUS server or HWTACACS
server). The RADIUS/HWTACACS protocol defines how a NAS and a server exchange use
information.
In the AAA network, there is a RADIUS server and an HWTACACS server. See
determine the authentication, authorization, and accounting methods according to the actual
requirements. For example, you can use the HWTACACS server for authentication and
authorization, and the RADIUS server for accounting.
The three security functions are described as follows:
•
Authentication: Identifies remote users and determines if they are legal.
•
Authorization: Grants user's rights. For example, a user logging into the server can be
granted the permission to access and print the files on the server.
Figure 1.
14
Figure 1. You can