1
AAA configuration
This chapter includes these sections:
• AAA overview
• AAA configuration considerations and task list
• Displaying and maintaining AAA
• AAA configuration examples
• Troubleshooting AAA
AAA overview
This section covers these topics:
• RADIUS
• HWTACACS
• Domain-based user management
• Protocols and standards
• RADIUS attributes
A
uthentication, Authorization, and Accounting (AAA) provides a uniform framework for implementing
network access management. It provides the following security functions:
• Authentication—Identifies users and determines whether a user is valid.
• Authorization—Grants different users different rights and controls their access to resources and
services. For example, a user who has successfully logged in to the device can be granted read and
print permissions to the files on the device.
• Accounting—Records all network service usage information of users, including the service type,
start time, and traffic. The accounting function not only provides the information required for
charging, but also allows for network security surveillance.
AAA usually uses a client/server model. The client runs on the network access server (NAS) and the
server maintains user information centrally. In an AAA network, a NAS is a server for users but a client
for the AAA servers, as shown in Figure 1.