Aaa configuration, Aaa overview – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

339

AAA configuration

The web interface supports configuring ISP domains and configuring authentication, authorization, and

accounting methods for the ISP domains.

AAA overview

Authentication, Authorization, and Accounting (AAA) provides a uniform framework for implementing

network access management. It can provide the following security functions:

•

Authentication—Identifies users and determines whether a user is valid.

•

Authorization—Grants different users different rights and controls their access to resources and
services. For example, a user who has successfully logged in to the device can be granted read and

print permissions to the files on the device.

•

Accounting—Records all network service usage information of users, including the service type,
start time, and traffic. The accounting function not only provides the information required for
charging, but also allows for network security surveillance.

AAA usually uses a client/server model. The client runs on the network access server (NAS), which is

also referred to as the access device. The server maintains user information centrally. In an AAA network,

a NAS is a server for users but a client for the AAA servers.

Figure 335 Network diagram

AAA can be implemented through multiple protocols. The device supports using RADIUS, the most

commonly used protocol in practice. For more information about RADIUS, see the chapter

"RADIUS

configuration

."

NOTE:

For more information about AAA and ISP domain, see

H3C WX3000E Series Wireless Switches

Switching Engine Configuration Guide.

NAS

RADIUS server 1

RADIUS server 2

Internet

Network