HP 6125XLG R2306-HP 6125XLG Blade Switch Security Configuration Guide - Page 10
Configuring AAA, Overview
View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 10 highlights
Configuring AAA Overview Authentication, Authorization, and Accounting (AAA) provides a uniform framework for implementing network access management. It specifies the following security functions: • Authentication-Identifies users and verifies their validity. • Authorization-Grants different users different rights and controls their access to resources and services. For example, you can use this function to grant a user who has successfully logged in to the device read and print permissions to the files on the device, and prevent a guest from reading or printing the files. • Accounting-Records network usage details of users, including the service type, start time, and traffic. This function enables time-based and traffic-based charging and user behavior auditing. Typically, AAA uses a client/server model. The client runs on the access device, or the network access server (NAS), which authenticates user identities and controls user access. The server maintains user information centrally. See Figure 1. Figure 1 AAA network diagram Internet Remote user Network NAS RADIUS server HWTACACS server A user who wants to access networks or resources beyond the NAS sends its identity information to the NAS, which transparently passes the user information to the servers. The servers perform user authentication, authorization, and accounting and return the result to the NAS. Based on the result, the NAS determines whether to permit or deny the access request. AAA has various implementations, including RADIUS, HWTACACS, and LDAP, of which RADIUS is most often used. The network in Figure 1 has one RADIUS server and one HWTACACS server. You can use different servers to implement different security functions. For example, you can use the HWTACACS server for authentication and authorization, and use the RADIUS server for accounting. You can choose the three security functions provided by AAA as needed. For example, if your company only wants employees to be authenticated before they access specific resources, you only need to deploy an authentication server. If network usage information is needed, you must also configure an accounting server. 1