Table of Contents
Advertisement
Operation Manual – AAA
H3C S3100 Series Ethernet Switches
1.1 Introduction to AAA
AAA is the acronym for the three security functions: authentication, authorization and
accounting. It provides a uniform framework for you to configure these three functions
to implement network security management.
Authentication: Defines what users can access the network,
Authorization: Defines what services can be available to the users who can access
the network, and
Accounting: Defines how to charge the users who are using network resources.
Typically, AAA operates in the client/server model: the client runs on the managed
resources side while the server stores the user information. Thus, AAA is well scalable
and can easily implement centralized management of user information.
1.1.1 Authentication
AAA supports the following authentication methods:
None authentication: Users are trusted and are not checked for their validity.
Generally, this method is not recommended.
Local authentication: User information (including user name, password, and some
other attributes) is configured on this device, and users are authenticated on this
device instead of on a remote device. Local authentication is fast and requires
lower operational cost, but has the deficiency that information storage capacity is
limited by device hardware.
Remote authentication: Users are authenticated remotely through RADIUS or
HWTACACS protocol. This device (for example, a H3C series switch) acts as the
client to communicate with the RADIUS or TACACS server. You can use standard
or extended RADIUS protocols in conjunction with such systems as
iTELLIN/CAMS for user authentication. Remote authentication allows convenient
centralized management and is feature-rich. However, to implement remote
authentication, a server is needed and must be configured properly.
1.1.2 Authorization
AAA supports the following authorization methods:
Direct authorization: Users are trusted and directly authorized.
Local authorization: Users are authorized according to the related attributes
configured for their local accounts on this device.
Chapter 1 AAA Overview
1-1
Chapter 1 AAA Overview
Advertisement
Chapters
Table of Contents
Troubleshooting
