Chapter 1 Aaa Overview; Introduction To Aaa; Authentication - H3C S3100-52P Operation Manual

Operation Manual – AAA
H3C S3100-52P Ethernet switch
Note:
The configuration of ISP domain delimiter is added. See
and Configuring Its
The configuration of HWTACACS authentication scheme for user level switching is
added. See
The configuration of the MAC address format for the Calling-Station-Id field in
RADIUS packets is added. See
RADIUS

1.1 Introduction to AAA

AAA is the acronym for the three security functions: authentication, authorization and
accounting. It provides a uniform framework for you to configure these three functions
to implement network security management.
Authentication: Defines what users can access the network,
Authorization: Defines what services can be available to the users who can access
the network, and
Accounting: Defines how to charge the users who are using network resources.
Typically, AAA operates in the client/server model: the client runs on the managed
resources side while the server stores the user information. Thus, AAA is well scalable
and can easily implement centralized management of user information.

1.1.1 Authentication

AAA supports the following authentication methods:
None authentication: Users are trusted and are not checked for their validity.
Generally, this method is not recommended.
Local authentication: User information (including username, password, and some
other attributes) is configured on this device, and users are authenticated on this
device instead of on a remote device. Local authentication is fast and requires
lower operational cost, but has the deficiency that information storage capacity is
limited by device hardware.

Chapter 1 AAA Overview

Attributes.
Configuring an AAA Scheme for an ISP
Servers.
Domain.
Configuring the Attributes of Data to be Sent to
1-1
Chapter 1 AAA Overview
Creating an ISP Domain