Configuring aaa, Overview – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 570
549
Configuring AAA
Overview
Authentication, Authorization, and Accounting (AAA) provides a uniform framework for implementing
network access management. It provides the following security functions:
•
Authentication—Identifies users and determines whether a user is valid.
•
Authorization—Grants user rights and controls user access to resources and services. For example,
a user who has successfully logged in to the device can be granted read and print permissions to
the files on the device.
•
Accounting—Records all network service usage information, including the service type, start time,
and traffic. The accounting function provides information required for charging and allows for
network security surveillance.
AAA can be implemented through multiple protocols. The device supports RADIUS. For more information,
see "
AAA typically uses a client/server model. The client runs on the network access server (NAS) and the
server maintains user information centrally. In an AAA network, the NAS is a server for users, but a client
for AAA servers.
Figure 578 AAA application scenario
AAA manages users based on their ISP domains and access types.
On a NAS, each user belongs to one ISP domain. Typically, a NAS determines the ISP domain a user
belongs to by the username entered by the user at login.