ZyXEL Communications MES3500-24F 用户手册

MES3500-24/24F User’s Guide

This chapter describes how to configure authentication, authorization and accounting settings on 
the Switch.

Authentication is the process of determining who a user is and validating access to the Switch. The 
Switch can authenticate users who try to log in based on user accounts configured on the Switch 
itself. The Switch can also use an external authentication server to authenticate a large number of 
users.

Authorization is the process of determining what a user is allowed to do. Different user accounts 
may have higher or lower privilege levels associated with them. For example, user A may have the 
right to create new login accounts on the Switch but user B cannot. The Switch can authorize users 
based on user accounts configured on the Switch itself or it can use an external server to authorize 
a large number of users.

Accounting is the process of recording what a user is doing. The Switch can use an external server 
to track when users log in, log out, execute commands and so on. Accounting can also record 
system related actions such as boot up and shut down times of the Switch.   

The external servers that perform authentication, authorization and accounting functions are known 
as AAA servers. The Switch supports RADIUS (Remote Authentication Dial-In User Service, see 

) and TACACS+ (Terminal Access Controller Access-Control System 

Plus, see 

) as external authentication, authorization and accounting 

servers. 

AAA Server 

By storing user profiles locally on the Switch, your Switch is able to authenticate and authorize 
users without interacting with a network AAA server. However, there is a limit on the number of 
users you may authenticate in this way (See 

).