beautypg.com

Aaa introduction, Available functions and server types – Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Page 1212

background image

AAA Introduction and Configuration

Software Reference for x310 Series Switches

44.2

AlliedWare Plus

TM

Operating System - Version 5.4.4C

C613-50046-01 REV A

AAA Introduction

AAA is the collective title for the three related functions of Authentication, Authorization
and Accounting. These function can be applied in a variety of methods with a variety of
servers. The purpose of the AAA commands is to map instances of the AAA functions to
sets of servers.

The Authentication function can be performed in multiple contexts, such as
authentication of users logging in at a console, or 802.1x authentication of devices
connecting to Ethernet ports.

For each of these contexts, you may want to use different sets of servers for examining the
proffered authentication credentials and deciding if they are valid. AAA Authentication
commands enable you to specify which servers will be used for different types of
authentication.

Available functions and server types

Authentication, Authorization and Accounting functions are available.

Authentication is performed in the following contexts:

Login authentication of user shell sessions on the console port, and via telnet/SSH

Enable password authentication for user shell sessions on the console port, and via
telnet/SSH (TACACS+ only)

802.1x authentication of devices connecting to switch ports

MAC authentication of devices connecting to switch ports

Web-based authentication of devices connecting to switch ports

Authorization is performed in the following context:

TACACS+ login authentication. Note that with the AlliedWare Plus TACACS+
implementation:

«

authorization cannot be performed independently of the login authentication
process

«

authorization will not be attempted if enable password authentication is
configured

«

there are no authorization commands available

Accounting is performed in the following contexts:

Accounting of console, telnet, and SSH login sessions

Accounting of commands executed within user shell sessions (TACACS+ only)

Accounting of 802.1x-authenticated connections

Accounting of MAC-authenticated connections

Accounting of Web-authenticated connections

The three types of servers that can be used are:

Local user database

RADIUS servers

TACACS+ servers

See also other documents in the category Allied Telesis Computer hardware: