Manualshelf

R3204P16-HP Load Balancing Module Security Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
131132133134135136137138139140
126
AAA configuration
NOTE:
The LB module supports configuring AAA only in the command line interface.
AAA overview
Authentication, Authorization, and Accounting (AAA) provides a uniform framework for implementing
network access management. It can provide the following security functions:
Authentication—Identifies users and determines whether a user is valid.
Authorization—Grants different users different rights and controls their access to resources and
services. For example, a user who has successfully logged in to the LB module can be granted read
and print permissions to the files on the device.
Accounting—Records all network service usage information of users, including the service type,
start time, and traffic. The accounting function not only provides the information required for
charging, but also allows for network security surveillance.
AAA usually uses a client/server model. The client runs on the network access server (NAS), which is
also referred to as the access device. The server maintains user information centrally. In an AAA network,
a NAS is a server for users but a client for the AAA servers. See Figure 108.
Figure 108 Network diagram for AAA
When a user tries to log in to the NAS, use network resources, or access other networks, the NAS
authenticates the user. The NAS can transparently pass the user’s authentication, authorization, and
accounting information to a remote server. The RADIUS protocol defines how a NAS and a remote server
exchange user information between them.
In the network shown in Figure 108, the
re is a RADIUS server. You can determine the authentication,
authorization and accounting methods according to the actual requirements.
You can choose the three security functions provided by AAA as required. For example, if your company
only wants employees to be authenticated before they access specific resources, you only need to
configure an authentication server. If network usage information is needed, you must also configure an
accounting server.
AAA can be implemented through multiple protocols. The HP LB module supports using RADIUS.