Chapter 25 AAA
XGS2210 Series User’s Guide
250
CHAPTER 25
AAA
25.1 AAA Overview
This chapter describes how to configure authentication, authorization and accounting settings on the
Switch.
Authentication is the process of determining who a user is and validating access to the Switch. The
Switch can authenticate users who try to log in based on user accounts configured on the Switch itself.
The Switch can also use an external authentication server to authenticate a large number of users.
Authorization is the process of determining what a user is allowed to do. Different user accounts may
have higher or lower privilege levels associated with them. For example, user A may have the right to
create new login accounts on the Switch but user B cannot. The Switch can authorize users based on
user accounts configured on the Switch itself or it can use an external server to authorize a large number
of users.
Accounting is the process of recording what a user is doing. The Switch can use an external server to
track when users log in, log out, execute commands and so on. Accounting can also record system
related actions such as boot up and shut down times of the Switch.
The external servers that perform authentication, authorization and accounting functions are known as
AAA servers. The Switch supports RADIUS (Remote Authentication Dial-In User Service, see RADIUS and
TACACS+ on page 251) and TACACS+ (Terminal Access Controller Access-Control System Plus, see
RADIUS and TACACS+ on page 251) as external authentication and authorization servers.
Figure 190 AAA Server
25.1.1 What You Can Do
• Use the AAA screen (Section 25.2 on page 251) to display the links to the screens where you can
enable authentication and authorization or both of them on the Switch.
• use the RADIUS Server Setup screen (Section 25.3 on page 252) to configure your RADIUS server
settings.
• Use the TACACS+ Server Setup screen (Section 25.4 on page 253) to configure your TACACS+
authentication settings.
To Next Page
Loading...
