49 AAA & RADIUS & HWTACACSCONFIGURATIONOverviewIntroduction to AAA AAA is shortened from the three security functions: authentication, authorizationand accounting. It provides a uniform framework for you to configure the threesecurity functions to implement the network security management.The network security mentioned here mainly refers to access control. It mainlycontrols:■ Which users can access the network,■ Which services the users can have access to,■ How to charge the users who are using network resources.Accordingly, AAA provides the following services:AuthenticationAAA supports the following authentication methods:■ None authentication: Users are trusted and are not authenticated. Generally,this method is not recommended.■ Local authentication: User information (including user name, password, andattributes) is configured on this device. Local authentication is fast and requireslower operational cost. But the information storage capacity is limited bydevice hardware.■ Remote authentication: Users are authenticated remotely through the RADIUSprotocol or HWTACACS protocol. This device (for example, a 3Com seriesswitch) acts as the client to communicate with the RADIUS server or TACACSserver. For RADIUS protocol, both standard and extended RADIUS protocolscan be used.AuthorizationAAA supports the following authorization methods:■ Direct authorization: Users are trusted and directly authorized.■ Local authorization: Users are authorized according to the related attributesconfigured for their local accounts on the device.■ RADIUS authorization: Users are authorized after they pass the RADIUSauthentication. The authentication and authorization of RADIUS protocol arebound together, and you cannot perform RADIUS authorization alone withoutRADIUS authentication.■ HWTACACS authorization: Users are authorized by TACACS server.