Filter
Top Products
DES-7200 Configuration Guide Chapter 1 AAA Configuration
1-1
1 AAA Configuration
The access control is used to control which people can access the network server and
which services can be accessed by the users on the network. The authentication,
authorization and accounting (AAA) is a key security mechanism for access control.
1.1 Basic AAA Principles
Authentication, Authorization and Accounting (shortened as AAA) provide a consistence
framework for configuring the authentication, authorization and accounting functions,
which are supported by DES-7200 products.
The AAA provides the following services in a modular manner:
z Authentication: It verifies whether a user can access, where the Radius protocol or
Local can be used. The authentication is the method to identify a user before his/her
access to the network and network services. The AAA is configured by the definition of
a naming list for authentication method and application of it on every interface. The
method list defines the authentication type and execution order. Before a defined
authentication is executed, the method list must be applied on a specific interface. The
default method list is exceptional. If no other method list is defined, the default method
list will automatically apply on all interfaces. The defined method list overwrites the
default method list. All authentication methods other than the local, line password and
allowing authentication must be defined with AAA.
z Authorization: This means authorizing the user with services. The AAA authorization is
implemented through the definition of series attributes that describe the operations on
the user by the authorization. These attributes can be stored on the network device or
the RADIUS security server remotely. All authorization methods must be defined with
AAA. When the AAA authorization is enabled, it is automatically applied on all
interfaces of the network device.
z Accounting: This means recording the user's usage of network resources. When the
AAA accounting is enabled, the network access server starts to send the user's network
resource usages to the Radius security server through statistics records. Every
accounting record is composed of attribute pairs and stored in the security server.
These records can be read for analysis by special software to implement the accounting,
statistics and tracing for the user's network resource usage. All accounting methods
must be defined with AAA. When the AAA accounting is enabled, it is automatically
applied on all interfaces of the network device.