H3C S7500E Series Ethernet Switches Operation Manual

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

841

842

843

844

845

846

847

848

849

850

Operation Manual – AAA RADIUS HWTACACS

H3C S7500E Series Ethernet Switches

Chapter 1 AAA/RADIUS/HWTACACS

Configuration

1-2

User

NAS

RADIUS server

HWTACACS server

Internet

Figure 1-1 AAA networking diagram

When a user tries to establish a connection to the NAS and obtain the rights to access

other networks or some network resources, the NAS authenticates the user or the

corresponding connection. The NAS can also transparently pass the user

authentication, authorization and accounting information to the server (RADIUS server

or HWTACACS server). The RADIUS/HWTACACS protocol defines how to exchange

user information between a NAS and a server.

In the AAA network shown in

Figure 1-1, there is a RADIUS server and a HWTACACS

server. You can determine the authentication, authorization and accounting scheme

according to the actual requirements. For example, you can use the RADIUS server for

authentication and authorization, and the HWTACACS server for accounting.

The three security functions are described as follows:

z Authentication: Identifies remote users and judges whether a user is legal.

z Authorization: Grants different users different rights. For example, a user logging

into the server can be granted the permission to access and print the files in the

server.

z Accounting: Records all network service usage information of users, including the

service type, start and end time, and traffic. In this way, accounting can be used for

not only accounting itself, but also network security surveillance.

You can use AAA to provide only one or two security functions, if desired. For example,

if your company only wants employees to be authenticated before they access specific

resources, you can configure only an authentication server. If the network usage

information is expected to be recorded, you also need to configure an accounting

server.

As mentioned above, AAA provides a uniform framework to implement network security

management. It is a security mechanism that enables authenticated and authorized

entities to access specific resources and records operations by the entities. The AAA

framework thus allows for excellent scalability and centralized user information

management.