3Com Switch 7750 Configuration Guide Guide
48
AAA & RADIUS & HWTACACS
CONFIGURATION
Overview
Introduction to AAA AAA is shortened from the three security functions: authentication, authorization
and accounting. It provides a uniform framework for you to configure the three
security functions to implement the network security management.
The network security mentioned here mainly refers to access control. It mainly
controls:
■ Which users can access the network,
■ Which services the users can have access to,
■ How to charge the users who are using network resources.
Accordingly, AAA provides the following services:
Authentication
AAA supports the following authentication methods:
■ None authentication: Users are trusted and are not authenticated. Generally,
this method is not recommended.
■ Local authentication: User information (including user name, password, and
attributes) is configured on this device. Local authentication is fast and requires
lower operational cost. But the information storage capacity is limited by
device hardware.
■ Remote authentication: Users are authenticated remotely through the RADIUS
protocol or HWTACACS protocol. This device (for example, a Switch 7750) acts
as the client to communicate with the RADIUS server or TACACS server. For
RADIUS protocol, both standard and extended RADIUS protocols can be used.
Authorization
AAA supports the following authorization methods:
■ Direct authorization: Users are trusted and directly authorized.
■ Local authorization: Users are authorized according to the related attributes
configured for their local accounts on the device.
■ RADIUS authorization: Users are authorized after they pass the RADIUS
authentication. The authentication and authorization of RADIUS protocol are
bound together, and you cannot perform RADIUS authorization alone without
RADIUS authentication.
■ HWTACACS authorization: Users are authorized by TACACS server.