32 AAA OverviewIntroonym for the three security functions: authentication, authorization and accounting. Itctions to implement network securityz ntication: Defines what users can access the network,ess the network,/server model: the client runs on the managed resources side whilethe server stores the user information. Thus, AAA is well scalable and can easily implement centralizedr information.AuthAAA ication methods:zn this device instead of on a remotezserver. Remote authentication allows convenient centralized managementand is feature-rich. However, to implement remote authentication, a server is needed and must bered properly.AuthAz trusted and directly authorized.z RADIUS authentication. In RADIUSauthorization cannot beperformed alone without authentication.ACACS authorization: Users are authorized by a TACACS server.duction to AAAAAA is the acrprovides a uniform framework for you to configure these three funmanagement.Authez Authorization: Defines what services can be available to the users who can accandz Accounting: Defines how to charge the users who are using network resources.Typically, AAA operates in the clientmanagement of useenticationsupports the following authentz None authentication: Users are trusted and are not checked for their validity. Generally, thismethod is not recommended.Local authentication: User information (including username, password, and some other attributes)is configured on this device, and users are authenticated odevice. Local authentication is fast and requires lower operational cost, but has the deficiency thatinformation storage capacity is limited by device hardware.Remote authentication: Users are authenticated remotely through RADIUS or HWTACACSprotocol. This device (for example, a 3Com switch) acts as the client to communicate with theRADIUS or TACACSconfiguorizationAA supports the following authorization methods:Direct authorization: Users arez Local authorization: Users are authorized according to the related attributes configured for theirlocal accounts on this device.RADIUS authorization: Users are authorized after they passprotocol, authentication and authorization are combined together, andz HWT32-1