Aaa configuration, Aaa overview – H3C Technologies H3C WA3600 Series Access Points User Manual

193

AAA configuration

The web interface supports configuring Internet Service Provider (ISP) domains and configuring AAA

methods for ISP domains.

AAA overview

Authentication, Authorization, and Accounting (AAA) provides a uniform framework for implementing

network access management. It provides the following security functions:

•

Authentication—Identifies users and determines whether a user is valid.

•

Authorization—Grants different users different rights and controls their access to resources and
services. For example, a user who has successfully logged in to the device can be granted read and

print permissions to the files on the device.

•

Accounting—Records all network service usage information of users, including the service type,
start time, and traffic. The accounting function not only provides the information required for
charging, but also allows for network security surveillance.

AAA usually uses a client/server model. The client runs on the network access server (NAS) and the

server maintains user information centrally. In an AAA network, a NAS is a server for users but a client

for the AAA servers.

Figure 190 Network diagram for AAA

AAA can be implemented through multiple protocols. The device supports using RADIUS and

HWTACACS. RADIUS is often used in practice. For more information about RADIUS, see "

RADIUS

configuration

."

NOTE:

For more information about AAA and ISP, see

H3C WA Series WLAN Access Points Security

Configuration Guide.

NAS

RADIUS server 1

RADIUS server 2

Internet

Network