Nortel 4134 Guia Do Utilizador
74
Authentication, Authorization, and Accounting fundamentals
Authorization
Authorization provides the method for remote access control, including
one-time authorization or authorization for each service, per-user account
list and profile, user support, and support of SSH and Telnet.
one-time authorization or authorization for each service, per-user account
list and profile, user support, and support of SSH and Telnet.
Authorization works by assembling a set of attributes that describe what
the user is authorized to perform. These attributes are compared to the
information contained in a database for a given user and the result is
returned to AAA to determine the user’s actual capabilities and restrictions.
The database can be located locally on the router or it can be hosted
remotely on a RADIUS or TACACS+ security server. Remote security
servers, such as RADIUS and TACACS+, authorize users for specific rights
by associating attribute-value (AV) pairs, which define those rights with the
appropriate user. All authorization methods must be defined through AAA.
the user is authorized to perform. These attributes are compared to the
information contained in a database for a given user and the result is
returned to AAA to determine the user’s actual capabilities and restrictions.
The database can be located locally on the router or it can be hosted
remotely on a RADIUS or TACACS+ security server. Remote security
servers, such as RADIUS and TACACS+, authorize users for specific rights
by associating attribute-value (AV) pairs, which define those rights with the
appropriate user. All authorization methods must be defined through AAA.
As with authentication, you configure AAA authorization by defining a named
list of authorization methods, and then applying that list to various interfaces.
list of authorization methods, and then applying that list to various interfaces.
Accounting
Accounting provides the method for collecting and sending security server
information used for billing, auditing, and reporting, such as user identities,
start and stop times, executed commands (such as PPP), number of
packets, and number of bytes.
information used for billing, auditing, and reporting, such as user identities,
start and stop times, executed commands (such as PPP), number of
packets, and number of bytes.
Accounting enables you to track the services users are accessing as well
as the amount of network resources they are consuming. When AAA
accounting is activated, the network access server reports user activity to
the RADIUS or TACACS+ security server (depending on which security
method you have implemented) in the form of accounting records. Each
accounting record is comprised of accounting AV pairs and is stored on
the access control server. This data can then be analyzed for network
management, client billing, and auditing. All accounting methods must
be defined through AAA. As with authentication and authorization, you
configure AAA accounting by defining a named list of accounting methods,
and then applying that list to various interfaces
as the amount of network resources they are consuming. When AAA
accounting is activated, the network access server reports user activity to
the RADIUS or TACACS+ security server (depending on which security
method you have implemented) in the form of accounting records. Each
accounting record is comprised of accounting AV pairs and is stored on
the access control server. This data can then be analyzed for network
management, client billing, and auditing. All accounting methods must
be defined through AAA. As with authentication and authorization, you
configure AAA accounting by defining a named list of accounting methods,
and then applying that list to various interfaces
Nortel Secure Router 4134
Security — Configuration and Management
NN47263-600
01.02
Standard
10.0
3 August 2007
Copyright © 2007, Nortel Networks
.