Table of Contents
Advertisement
6.4 AAA Policy
Authentication, Authorization, and Accounting (AAA) provides the mechanism network administrators define access
control within the access point managed network.
The access point can optionally use an external RADIUS and LDAP Servers (AAA Servers) to provide user database
information and user authentication data. Each WLAN managed by the access point can maintain its own unique AAA
configuration. AP-6532, AP-7131, AP-7161 and AP-8132 model access points have an onboard RADIUS server resource,
while AP-6511 and AP-6521 models do not.
AAA provides a modular way of performing the following services:
Authentication — Authentication provides a means for identifying users, including login and password dialog, challenge
and response, messaging support and (depending on the security protocol), encryption. Authentication is the technique by
which a user is identified before allowed access to the access point managed network. Configure AAA authentication by
defining a list of authentication methods, and then applying the list to various access point interfaces. The list defines the
authentication schemes performed and their sequence. The list must be applied to an interface before the defined
authentication technique is conducted.
Authorization — Authorization occurs immediately after authentication. Authorization is a method for remote access
control, including authorization for services and individual user accounts and profiles. Authorization functions through the
assembly of attribute sets describing what the user is authorized to perform. These attributes are compared to information
contained in a database for a given user and the result is returned to AAA to determine the user's actual capabilities and
restrictions. The database could be located locally on the access point or be hosted remotely on a RADIUS server. Remote
RADIUS servers authorize users by associating attribute-value (AV) pairs with the appropriate user. Each authorization
method must be defined through AAA. When AAA authorization is enabled it's applied equally to all interfaces on the
access point.
Accounting — Accounting is the method for collecting and sending security server information for billing, auditing, and
reporting user data; such as start and stop times, executed commands (such as PPP), number of packets, and number of
bytes. Accounting enables wireless network administrators to track the services users are accessing and the network
resources they are consuming. When accounting is enabled, the network access server reports user activity to a RADIUS
security server in the form of accounting records. Each accounting record is comprised of AV pairs and is stored on an
access control server. The data can be analyzed for network management, client billing, and/or auditing. Accounting
methods must be defined through AAA. When AAA accounting is activated for the access point, it's applied equally to all
interfaces on the access point's access servers.
To define unique WLAN AAA configurations:
1. Select
Configuration
The
Authentication, Authorization, and Accounting (AAA)
of these policies can be selected and applied to the access point.
>
Wireless
>
AAA Policy
to display existing AAA policies.
Wireless Configuration 6 - 71
screen lists those AAA policies created thus far. Any
- Quick Links:
- Accessing the Web Ui
Hide quick links:
Advertisement
Table of Contents
