GS2220 Series User’s Guide
246
C HAPTER 25
AAA
25.1 Authe ntic a tio n, Authoriza tio n a nd Ac c o unting (AAA)
This chapter describes how to configure authentication, authorization and accounting settings on the
Switch.
The external servers that perform authentication, authorization and accounting functions are known as
AAA servers. The Switch supports RADIUS (Remote Authentication Dial-In User Service) and TACACS+
(Terminal Access Controller Access-Control System Plus) as the external authentication, authorization,
and accounting server.
Fig ure 190 AAA Server
25.1.1 Wha t You C a n Do
• Use the AAA screen (
Section 25.2 on page 247) to display the links to the screens where you can
enable authentication and authorization or both of them on the Switch.
• use the RADIUS Se rve r Se tup screen (Section 25.3 on page 247) to configure your RADIUS server
settings.
• Use the TACA CS+ Se rve r Se tup screen (Section 25.4 on page 249) to configure your TACACS+
authentication settings.
• Use the AAA Se tup screen (Section 25.5 on page 251) to configure authentication, authorization and
accounting settings, such as the methods used to authenticate users accessing the Switch and which
database the Switch should use first.
25.1.2 Wha t You Ne e d to Kno w
Authentication is the process of determining who a user is and validating access to the Switch. The
Switch can authenticate users who try to log in based on user accounts configured on the Switch itself.
The Switch can also use an external authentication server to authenticate a large number of users.
Authorization is the process of determining what a user is allowed to do. Different user accounts may
have higher or lower privilege levels associated with them. For example, user A may have the right to
create new login accounts on the Switch but user B cannot. The Switch can authorize users based on
user accounts configured on the Switch itself or it can use an external server to authorize a large number
of users.
Accounting is the process of recording what a user is doing. The Switch can use an external server to
To Next Page
Loading...
