EasyManuals Logo
Home>HPE>Network Router>FlexNetwork MSR Series

HPE FlexNetwork MSR Series Comware 5 Security Configuration Guide

HPE FlexNetwork MSR Series
547 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #19 background imageLoading...
Page #19 background image
6
Configuring AAA
The HPE MSR series routers support EXEC user access.
The HPE MSR series routers do not support the attribute access-limit command.
The idle-cut enable command, which is used in ISP domain view to configure the idle cut function,
takes effect only on LAN users.
Overview
Authentication, Authorization, and Accounting (AAA) provides a uniform framework for implementing
network access management. It provides the following security functions:
• Authentication—Identifies users and determines whether a user is valid.
• Authorization—Grants user rights and controls user access to resources and services. For
example, a user who has successfully logged in to the device can be granted read and print
permissions to the files on the device.
• Accounting—Records all network service usage information, including service type, start time,
and traffic. The accounting function provides information required for charging, and allows for
network security surveillance.
AAA typically uses a client/server model, as shown in Figure 1. The client run
s on the network access
server (NAS), which is also called the access device. The server maintains user information centrally.
In an AAA network, the NAS is a server for users but a client for AAA servers.
Figure 1 AAA application scenario
The NAS uses the authentication server to authenticate any user who tries to log in, use network
resources, or access other networks. The NAS transparently transmits authentication, authorization,
and accounting information between the user and the servers. The RADIUS and HWTACACS
protocols define how a NAS and a remote server exchange user information.
The network shown in Figure 1 comp
rises a RADIUS server and an HWTACACS server. You can use
different servers to implement different security functions. For example, you can use the
HWTACACS server for authentication and authorization, and the RADIUS server for accounting.
You can implement any of the three security functions provided by AAA as needed. For example, if
your company wants employees to be authenticated before they access specific resources,
configure an authentication server. If network usage information is needed, you must also configure
an accounting server.
Remote user
NAS
RADIUS server
HWTACACS server
Internet
Network

Table of Contents

Other manuals for HPE FlexNetwork MSR Series

Preview: Configuration Guide
Configuration Guide861 pages
Preview: Comware 7 Layer 3 - Ip Services Configuration Guides
Comware 7 Layer 3 - Ip Services Configuration Guides554 pages
Preview: Guide
Guide213 pages
Preview: Command Reference
Command Reference120 pages
Preview: Comware 5 Layer 2 - Wan Access Configuration Guide
Comware 5 Layer 2 - Wan Access Configuration Guide420 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE FlexNetwork MSR Series and is the answer not in the manual?

HPE FlexNetwork MSR Series Specifications

General IconGeneral
BrandHPE
ModelFlexNetwork MSR Series
CategoryNetwork Router
LanguageEnglish

Related product manuals