378
Configuring AAA
Overview
Authentication, Authorization, and Accounting (AAA) provides a uniform framework for implementing
network access management. It provides the following security functions:
• Authentication—Identifies users and determines whether a user is valid.
• Authorization—Grants different users different rights and controls their access to resources and
services. For example, a user who has successfully logged in to the switch can be granted read and
print permissions to the files on the switch.
• Accounting—Records all network service usage information of users, including the service type,
start time, and traffic. The accounting function not only provides the information required for
charging, but also allows for network security surveillance.
AAA can be implemented through multiple protocols. The switch series supports RADIUS, the most
commonly used protocol in practice. For more information about RADIUS, see "Configuring RADIUS."
AAA usually uses a client/server model. The client runs on the network access server (NAS) and the
server maintains user information centrally. In an AAA network, a NAS is a server for users but a client
for the AAA servers, as shown in Figure 354.
Figure 354 Network diagram for AAA
The NAS manages users based on Internet service provider (ISP) domains. On the NAS, each user
belongs to one ISP domain. The NAS determines the ISP domain for a user by the username entered by
the user at login, as shown in Figure 355.
NAS
RADIUS server 1
RADIUS server 2
Internet
Network
To Next Page
Loading...
Need help?
General