Basic Aaa Principles - D-Link xStack DGS-3610 Series Configuration Manual

DGS-3610 Series Configuration Guide
AAA Configuration
The access control is used to control specific users who can access the network server and
specific services that the users can access on the network. The authentication, authorization
and accounting (AAA) is a key security mechanism for access control.

37.4 Basic AAA Principles

Authentication, Authorization and Accounting (short for AAA) provide a consistence
framework for configuring the authentication, authorization and accounting functions, which
are supported by DGS-3610 series.
The AAA provides the following services in a modular manner:
Authentication:It verifies whether a user can access the network, where the Radius

protocol or Local can be used. The authentication is the method to identify a user before
his/her access to the network and network services. The AAA is configured by the
definition of a naming list for authentication method and its application on every
interface.The method list defines the authentication type and execution order. Before a
defined authentication is executed, the method list must be applied on a specific
interface. The default method list is exceptional. If no other method list is defined, the
default method list will automatically apply on all interfaces. The defined method list
overwrites the default method list. All authentication methods other than the local, line
password and allowing authentication must be defined with AAA.
Authorization: This means authorizing the user with services. The AAA authorization is

implemented through the definition of attribute pairs that describe the operations on the
user by the authorization. These attributes can be stored on the network device or the
RADIUS security server remotely. All authorization methods must be defined with AAA.
When the AAA authorization is enabled, it is automatically applied on all interfaces of
the network device.
Accounting: This means recording the user's usage of network resources. When the

AAA accounting is enabled, the network access server starts to send the user's network
resource usages to the Radius security server through statistics records. Every
accounting record is composed of attribute pairs and stored in the security server.
These records can be read for analysis by special software to implement the accounting,
statistics and tracing for the user's network resource usage. All accounting methods
must be defined with AAA. When the AAA accounting is enabled, it is automatically
applied on all interfaces of the network device.
Note
Although the AAA is the primary access control method, our product also provides simple
control accesses out of the range of AAA, such as the local username authentication, line
The AAA of some products only provides the authentication function. For
all problems with product specifications, contact the market or technical
support personnel of D-Link Cooporation.
Chapter 37 Configuration of 802.1X
37-1