Patton electronic SmartNode 4110 Series manual Introduction, AAA component

Introduction

This chapter provides an overview of the authentication, authorization, and accounting (AAA) component and describes how to configure the RADIUS client, a subpart of the AAA component. It is important to under- stand how AAA works before configuring the RADIUS client. This chapter also describes the local database accounts configuration, which is another subpart of AAA.

To use the authentication and authorization service on SmartWare you have to configure the AAA component, the RADIUS component and the local database accounts.

This chapter includes the following sections:

•The AAA component

•RADIUS configuration (see page 106)

•Configuration of the local database accounts (see page 111)

The AAA component

Authentication, authorization, and accounting (AAA) is a term for controlling access to client resources, enforcing policies, auditing usage, and providing information necessary to invoice users for services.

Authentication provides a way of identifying a user (usually in the form of a login window where the user is expected to enter a username and password) before allowing access to a client. The AAA component compares the user's authentication login information with credentials stored in a database. If the information is verified, the user is granted access to the network. Otherwise, authentication fails and network access is denied.

Following authentication, authorization determines the activities, resources, or services a user is permitted to access. For example, after logging into a system, a user may try to issue commands, the authorization process determines whether the user has the authority to issue such commands.

Accounting, which keeps track of the resources a user consumes while connected to the client, can tally the amount of system time used or the amount of data transferred during a user’s session. The accounting process records session statistics and usage information that is used for authorization control, billing, and monitoring resource utilization.

AAAinformation can be stored in a local database or in a database on a remote server. A current standard by which network access servers interface with the AAA server is the Remote Authentication Dial-In User Service (RADIUS).