![](/images/backgrounds/293017/hp-v1910-users-manual-120219363x1.png)
AAA configuration
Overview
Introduction to AAA
Authentication, Authorization, and Accounting (AAA) provides a uniform framework for implementing network access management. It can provide the following security functions:
∙
∙
∙
AAAusually uses a client/server model. The client runs on the network access server (NAS), which is also referred to as the access device. The server maintains user information centrally. In an AAA network, a NAS is a server for users but a client for the AAA servers. See a.
a.Network diagram for AAA
When a user tries to log in to the NAS, use the network resources, or access other networks, the NAS authenticates the user. The NAS can transparently pass the user’s authentication, authorization, and accounting information to the servers. The RADIUS protocol define how a NAS and a remote server exchange user information between them.
In the network shown in a, there are two RADIUS servers. You can choose different servers for different security functions. For example, you can use RADIUS server 1 for authentication and authorization, and RADIUS server 2 for accounting.
You can choose the three security functions provided by AAA as required. For example, if your company only wants employees to be authenticated before they access specific resources, you only need to configure an authentication server. If network usage information is needed, you must also configure an accounting server.
351