Advertisement
and accounting of access users who access the Internet by means of point-to-point protocol PPP or virtual private dial-up
network VPDN and management users who perform operations.
TACACS+ is similar to RADIUS protocol : ( 1 ) both adopt client /server mode in structure; (2) both use shared key to encrypt
the transmitted user information ; ( 3 ) both have better flexibility and expansibility. TACACS+ has more reliable transmission
and encryption characteristics, and is more suitable for security control.
AAA
Access control is used to control which users can access the network and which network resources can be accessed. AAA is
short for Authentication , Authorization , and Accounting , and provides a management framework for configuring access
control on NAS ( Network Access Server) devices .
As a management mechanism of network security , AAA provides services in a modular manner:
Authentication , confirming the identity of users accessing the network , and judging whether the visitor is a legitimate
network user;
Authorization , giving different users Different permissions limit the services that the user can use;
Billing , record all operations during the user's use of network services, including the type of service used, start time, data
flow, etc., to collect and record the user's The usage of network resources, and can realize the charging requirements for
events and traffic, and also monitor the network.
AAA adopts a client /server structure. The AAA client runs on the access device, usually referred to as a NAS device, and is
responsible for verifying user identity and managing user access; AAA server is a collective name for authentication server,
authorization server and accounting server. Responsible for centralized management of user information. AAA can be
implemented through a variety of protocols. Currently, devices support AAA based on RADIUS or TACACS + protocol. In
practical applications, RADIUS protocol is most commonly used.
802.1X
802.1X protocol is a port – based network control protocol . Port – based network access control refers to verifying user
identities and controlling their access rights at the port level of LAN access devices. The 802.1X protocol is a Layer 2 protocol
and does not need to reach Layer 3. It does not require high overall performance of the access device , which can effectively
TACACS+
AAA
Advertisement
