Configuring Aaa; Overview; Aaa Application - HP 830 Series Configuration Manual

Poe+ unified wired-wlan switch switching engine web-based
Hide thumbs Also See for HP 830 Series:
Table of Contents

Advertisement

Configuring AAA

Overview

Authentication, Authorization, and Accounting (AAA) provides a uniform framework for implementing
network access management. It provides the following security functions:
Authentication—Identifies users and determines whether a user is valid.
Authorization—Grants user rights and controls user access to resources and services. For example,
a user who has successfully logged in to the device can be granted read and print permissions to
the files on the device.
Accounting—Records all network service usage information, including service type, start time, and
traffic. The accounting function provides information required for charging, and allows for network
security surveillance.

AAA application

AAA typically uses a client/server model, as shown in
server (NAS), which is also called the access device. The server maintains user information centrally. In
an AAA network, the NAS is a server for users and is a client for AAA servers.
Figure 404 AAA application scenario
The NAS uses the authentication server to authenticate any user who tries to log in, use network resources,
or access other networks. The NAS transparently transmits authentication, authorization, and accounting
information between the user and the servers. The RADIUS protocol defines how a NAS and a remote
server exchange user information.
The network shown in
implement different security functions. For example, you can use RADIUS server 1 for authentication and
authorization, and RADIUS server 2 for accounting.
You can implement the security functions provided by AAA as needed. For example, if your company
wants employees to be authenticated before they access specific resources, configure an authentication
server. If network usage information is required, you must also configure an accounting server.
Network
NAS
Figure 404
includes two RADIUS servers. You can use different servers to
Figure
404. The client runs on the network access
Internet
RADIUS server 1
RADIUS server 2
389

Hide quick links:

Advertisement

Table of Contents
loading

Table of Contents