3com S7906E Instruccion De Instalación
1-11
For a user who has logged in to the device, AAA provides the following services to enhance device
security:
z
Command authorization: Allows the authorization server to check each command executed by the
login user and only authorized commands can be successfully executed.
z
Command accounting: Allows the accounting server to record all commands executed on the
device or all authorized commands successfully executed.
z
Level switching authentication: Allows the authentication server to authenticate users performing
privilege level switching. As long as passing level switching authentication, users can switch their
user privilege levels, without logging out and disconnecting the current connections.
You can configure different authentication, authorization, and accounting methods for different users in
a domain. For configuration details, refer to
Table 1-4 Configuration references for the related parameters
Access type/service type
Refer to…
LAN (such as 802.!X and MAC address
authentication)
authentication)
802.1X Configuration and MAC Authentication
Configuration in the Security Volume
Configuration in the Security Volume
Login (such as SSH, Telnet, FTP, and terminal)
SSH2.0 Configuration in the Security Volume.
FTP and TFTP Configuration in the IP Services
Volume
Volume
Portal
Portal Configuration in the Security Volume
Command authorization and accounting
Login Configuration in the System Volume.
Level switching authentication
Basic System Configuration in the System
Volume.
Volume.
Protocols and Standards
The protocols and standards related to AAA, RADIUS, and HWTACACS include:
z
RFC 2865: Remote Authentication Dial In User Service (RADIUS)
z
RFC 2866: RADIUS Accounting
z
RFC 2867: RADIUS Accounting Modifications for Tunnel Protocol Support
z
RFC 2868: RADIUS Attributes for Tunnel Protocol Support
z
RFC 2869: RADIUS Extensions
z
RFC 1492: An Access Control Protocol, Sometimes Called TACACS
AAA Configuration Task List
The basic procedure to configure AAA is as follows:
1) Configure the required AAA schemes.
z
Local authentication: Configure local users and related attributes, including usernames and
passwords of the users to be authenticated.
z
Remote authentication: Configure the required RADIUS, and/or HWTACACS schemes, and
configure user attributes on the servers accordingly.
2) Configure the AAA methods: Reference the configured AAA schemes in the users’ ISP domains.