Configuring aaa, Feature and hardware compatibility, Aaa overview – H3C Technologies H3C SecPath F1000-E User Manual

149

Configuring AAA

Feature and hardware compatibility

Feature F1000-A-EI/E-SI/S-AI

F1000-E

F5000-A5 Firewall

module

FIPS No

No No Yes

DVPN

users

No

Yes Yes Yes

SSL VPN users

Yes

Yes

No

No

AAA overview

Authentication, Authorization, and Accounting (AAA) provides a uniform framework for implementing

network access management. It can provide the following security functions:

•

Authentication—Identifies users and determines whether a user is valid.

•

Authorization—Grants different users different rights and controls their access to resources and
services. For example, a user who has successfully logged in to the network access server (NAS)

can be granted read and print permissions to the files on the NAS.

•

Accounting—Records all network service usage information of users, including the service type,
start time, and traffic. The accounting function not only provides the information required for
charging, but also allows for network security surveillance.

AAA usually uses a client/server model. The client runs on the network access server (NAS) and the

server maintains user information centrally. In an AAA network, a NAS is a server for users but a client

for the AAA servers. See

Figure 129

.

Figure 129 Network diagram for AAA

When a user tries to log in to the NAS, use network resources, or access other networks, the NAS

authenticates the user. The NAS can transparently pass the user's authentication, authorization, and