Configuring Aaa; Fips Compliance; Aaa Overview - HP 12500 Series Configuration Manual

Configuring AAA

FIPS compliance

The switch supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features,
commands, and parameters might differ in FIPS mode (see

AAA overview

Authentication, Authorization, and Accounting (AAA) provides a uniform framework for implementing
network access management. It can provide the following security functions:
Authentication—Identifies users and determines whether a user is valid.
•
• Authorization—Grants different users different rights and controls their access to resources and
services. For example, a user who has successfully logged in to the switch can be granted read and
print permissions to the files on the switch.
Accounting—Records all network service usage information of users, including the service type,
•
start time, and traffic. The accounting function not only provides the information required for
charging, but also allows for network security surveillance.
AAA usually uses a client/server model. The client runs on the network access server (NAS) and the
server maintains user information centrally. In an AAA network, a NAS is a server for users but a client
for the AAA servers. See
Figure 1 Network diagram for AAA
When a user tries to log in to the NAS, use network resources, or access other networks, the NAS
authenticates the user. The NAS can transparently pass the user's authentication, authorization, and
accounting information to the servers. The RADIUS and HWTACACS protocols define how a NAS and
a remote server exchange user information between them.
In the network shown in
different servers for different security functions. For example, you can use the HWTACACS server for
authentication and authorization, and the RADIUS server for accounting.
Figure 1.
Figure 1, there is a RADIUS server and an HWTACACS server. You can choose
5
"Configuring FIPS") and non-FIPS mode.