Configuring aaa, Aaa overview – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

Page 15

Advertising
background image

1

Configuring AAA

AAA overview

Authentication, Authorization, and Accounting (AAA) provides a uniform framework for implementing

network access management. It provides the following security functions:

Authentication—Identifies users and determines whether a user is valid.

Authorization—Grants different users different rights and controls their access to resources and

services. For example, a user who has successfully logged in to the device can be granted read and
print permissions to the files on the device.

Accounting—Records all network service usage information of users, including the service type,
start time, and traffic. The accounting function not only provides the information required for

charging, but also allows for network security surveillance.

AAA usually uses a client/server model. The client runs on the network access server (NAS), which is
also referred to as the access device. The server maintains user information centrally. In an AAA network,

a NAS is a server for users but a client for the AAA servers, as shown in

Figure 1

.

Figure 1 AAA application scenario

When a user tries to log in to the NAS, use network resources, or access other networks, the NAS

authenticates the user. The NAS can transparently pass the user's authentication, authorization, and

accounting information to the servers. The RADIUS and HWTACACS protocols define how a NAS and
a remote server exchange user information between them.
In the network shown in

Figure 1

, there is a RADIUS server and an HWTACACS server. You can choose

different servers for different security functions. For example, you can use the HWTACACS server for

authentication and authorization, and the RADIUS server for accounting.
You can use AAA to provide only one or two security functions, if desired. For example, if your company

only wants employees to be authenticated before they access specific resources, you only need to

configure an authentication server. If network usage information is expected to be recorded, you also

need to configure an accounting server.
AAA can be implemented through multiple protocols. The device supports using RADIUS, HWTACACS,

and LDAP. RADIUS is often used in practice.

Advertising
This manual is related to the following products:

H3C WX5500E Series Access Controllers, H3C WX3500E Series Access Controllers, H3C WX2500E Series Access Controllers, H3C WX6000 Series Access Controllers, H3C WX5000 Series Access Controllers, H3C LSWM1WCM10 Access Controller Module, H3C LSUM3WCMD0 Access Controller Module, H3C LSUM1WCME0 Access Controller Module, H3C LSWM1WCM20 Access Controller Module, H3C LSQM1WCMB0 Access Controller Module, H3C LSRM1WCM2A1 Access Controller Module, H3C LSBM1WCM2A0 Access Controller Module, H3C WA3600 Series Access Points, H3C WA2600 Series WLAN Access Points, H3C S10500 Series Switches, H3C S5800 Series Switches, H3C S5820X Series Switches, H3C S12500 Series Switches, H3C S9500E Series Switches, H3C MSR 5600, H3C MSR 50, H3C MSR 3600, H3C MSR 30, H3C MSR 2600, H3C MSR 20-2X[40], H3C MSR 20-1X, H3C MSR 930, H3C MSR 900, H3C SR8800, H3C SR6600-X, H3C SR6600, H3C SecPath F5020, H3C SecPath F5040, H3C VMSG VFW1000

Popular Brands
Popular manuals