● Authentication: Verify whether a user has the right for network access.
● Authorization: Authorize a user to use specific services.
● Accounting: Record network resource usage of a user.
You can use only one or two of the security services provided by AAA. For example,
if a company only expects to authenticate employees when they access specific
resources, the network administrator only needs to configure the authentication
server. However, if the company expects to record the network usage of employees,
the accounting server must be configured.
AAA usually works in the client/server structure, which is highly scalable and is
convenient for centralized management of user information, as shown in the figure
below.
Note: Radius, Tacacs+, and LDAP indicate authentication and
authorization servers. Local indicates the local user name and password of the
gateway.
9.5.1 Radius
The Remote Authentication Dial In User Service (Radius) is a distributed
information exchange protocol based on the client/server structure. It protects
the network from unauthorized access, and is usually used in various network
environments that require high security and allow remote user access.
To Next Page
Loading...