Manualshelf

3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
21222324252627282930
4
AAA AND RADIUS/HWTACACS
PROTOCOL CONFIGURATION
Overview
Introduction to AAA Authentication, Authorization and Accounting (AAA) provide a uniform
framework used for configuring these three security functions to implement the
network security management.
The network security mentioned here refers to access control and it includes:
Which user can access the network server?
Which service can the authorized user enjoy?
How to keep accounts for the user who is using network resource?
Accordingly, AAA provides the following services:
Authentication
AAA supports the following authentication methods:
None authentication: All users are trusted and are not authenticated. Generally,
this method is not recommended.
Local authentication: User information (including username, password, and
attributes) is configured on the Broadband Access Server (BAS). Local
authentication features high speed but low cost; the information can be stored
in this approach is however limited depending on the hardware capacity.
Remote authentication: Supports both RADIUS and HWTACACS protocols. In
this approach, the BAS acts as the client to communicate with the RADIUS or
TACACS server. With respect to RADIUS, you can use the standard RADIUS
protocol or 3Com extended RADIUS protocol to complete authentication in
collaboration with devices like iTELLIN/CAMS.
Authorization
AAA supports the following authorization methods:
Direct authorization: All users are trusted and directly authorized to pass.
Local authorization: Users are authorized according to the attributes related to
their accounts on the BAS.
HWTACACS authorization: Users are authorized using a TACACS server.
If-authenticated authorization: Users are authorized to pass if they are
authenticated and using any allowed method other than none authentication.
RADIUS authorization following successful authentication: With RADIUS, users
are authorized only after they pass authentication. In other words, you cannot
perform RADIUS authorization without authentication.