1 AAA Overview

The sample output information in this manual was created on the WX3024. The output information on your device may vary.

Introduction to AAA

AAAis the acronym for the three security functions: authentication, authorization and accounting. It provides a uniform framework for you to configure these three functions to implement network security management.

zAuthentication: Defines what users can access the network,

zAuthorization: Defines what services can be available to the users who can access the network, and

zAccounting: Defines how to charge the users who are using network resources.

Typically, AAA operates in the client/server model: the client runs on the managed resources side while the server stores the user information. Thus, AAA is well scalable and can easily implement centralized management of user information.

Authentication

AAA supports the following authentication methods:

zNone authentication: Users are trusted and are not checked for their validity. Generally, this method is not recommended.

zLocal authentication: User information (including user name, password, and some other attributes) is configured on this device, and users are authenticated on this device instead of on a remote device. Local authentication is fast and requires lower operational cost, but has the deficiency that information storage capacity is limited by device hardware.

zRemote authentication: Users are authenticated remotely through RADIUS or HWTACACS protocol. This device acts as the client to communicate with the RADIUS or TACACS server. You can use standard or extended RADIUS protocols in conjunction with such systems as iTELLIN/iMC for user authentication. Remote authentication allows convenient centralized management and is feature-rich. However, to implement remote authentication, a server is needed and must be configured properly.

Authorization

AAA supports the following authorization methods:

zDirect authorization: Users are trusted and directly authorized.

1-1

Page 251
Image 251
3Com WX3000 operation manual AAA Overview, Introduction to AAA, Authentication, Authorization