beautypg.com

Chapter 1 aaa & radius & hwtacacs configuration, 1 overview, 1 introduction to aaa – H3C Technologies H3C S3100 Series Switches User Manual

Page 300: I. authentication, Ii. authorization, Chapter 1 aaa & radius & hwtacacs configuration -1, 1 overview -1, 1 introduction to aaa -1

background image

Operation Manual – AAA – RADIUS – HWTACACS

H3C S3100-52P Ethernet Switch

Chapter 1 AAA & RADIUS & HWTACACS

Configuration

1-1

Chapter 1 AAA & RADIUS & HWTACACS

Configuration

1.1 Overview

1.1.1 Introduction to AAA

AAA is an acronym for the three security functions: authentication, authorization and
accounting. It provides a uniform framework for you to configure the three security
functions to implement network security management.
The network security mentioned here mainly refers to access control. It mainly controls:

z

Which users can access the network,

z

Which services are available to the users who can access the network, and

z

How to charge the users who are using network resources.

Accordingly, AAA provides the following three functions:

I. Authentication

AAA supports the following authentication methods:

z

None authentication: Users are trusted and are not checked for their validity.
Generally, this method is not recommended.

z

Local authentication: User information (including user name, password, and some
other attributes) is configured on this device, and users are authenticated on this
device instead of on a remote device. Local authentication is fast and requires
lower operational cost, but has the deficiency that information storage capacity is
limited by device hardware.

z

Remote authentication: Users are authenticated remotely through RADIUS or
HWTACACS protocol. This device (for example, a H3C series switch) acts as the
client to communicate with the RADIUS or TACACS server. For RADIUS protocol,
you can use extended RADIUS protocol as well as standard RADIUS protocol.

II. Authorization

AAA supports the following authorization methods:

z

Direct authorization: Users are trusted and directly authorized.

z

Local authorization: Users are authorized according to the related attributes
configured for their local accounts on this device.

z

RADIUS authorization: Users are authorized after they pass RADIUS
authentication. In RADIUS protocol, authentication and authorization are

See also other documents in the category H3C Technologies Routers: