Table of Contents
Advertisement
This chapter describes how to configure authentication, authorization and accounting settings on
the Switch.
25.1 Authentication, Authorization and Accounting (AAA)
Authentication is the process of determining who a user is and validating access to the Switch. The
Switch can authenticate users who try to log in based on user accounts configured on the Switch
itself. The Switch can also use an external authentication server to authenticate a large number of
users.
Authorization is the process of determining what a user is allowed to do. Different user accounts
may have higher or lower privilege levels associated with them. For example, user A may have the
right to create new login accounts on the Switch but user B cannot. The Switch can authorize users
based on user accounts configured on the Switch itself or it can use an external server to authorize
a large number of users.
Accounting is the process of recording what a user is doing. The Switch can use an external server
to track when users log in, log out, execute commands and so on. Accounting can also record
system related actions such as boot up and shut down times of the Switch.
The external servers that perform authentication, authorization and accounting functions are known
as AAA servers. The Switch supports RADIUS (Remote Authentication Dial-In User Service, see
Section 25.1.2 on page
Plus, see
Section 25.1.2 on page
servers.
Figure 110 AAA Server
Client
25.1.1 Local User Accounts
By storing user profiles locally on the Switch, your Switch is able to authenticate and authorize
users without interacting with a network AAA server. However, there is a limit on the number of
users you may authenticate in this way (See
C
HAPTER
190) and TACACS+ (Terminal Access Controller Access-Control System
190) as external authentication, authorization and accounting
Chapter 38 on page
MES3500/MGS3520 Series User's Guide
189
AAA
AAA Server
274).
2 5
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
