Operation Manual – AAAH3C S3100 Series Ethernet Switches Chapter 1 AAA Overview1-1Chapter 1 AAA Overview1.1 Introduction to AAAAAA is the acronym for the three security functions: authentication, authorization andaccounting. It provides a uniform framework for you to configure these three functionsto implement network security management.z Authentication: Defines what users can access the network,z Authorization: Defines what services can be available to the users who can accessthe network, andz Accounting: Defines how to charge the users who are using network resources.Typically, AAA operates in the client/server model: the client runs on the managedresources side while the server stores the user information. Thus, AAA is well scalableand can easily implement centralized management of user information.1.1.1 AuthenticationAAA supports the following authentication methods:z None authentication: Users are trusted and are not checked for their validity.Generally, this method is not recommended.z Local authentication: User information (including user name, password, and someother attributes) is configured on this device, and users are authenticated on thisdevice instead of on a remote device. Local authentication is fast and requireslower operational cost, but has the deficiency that information storage capacity islimited by device hardware.z Remote authentication: Users are authenticated remotely through RADIUS orHWTACACS protocol. This device (for example, a H3C series switch) acts as theclient to communicate with the RADIUS or TACACS server. You can use standardor extended RADIUS protocols in conjunction with such systems asiTELLIN/CAMS for user authentication. Remote authentication allows convenientcentralized management and is feature-rich. However, to implement remoteauthentication, a server is needed and must be configured properly.1.1.2 AuthorizationAAA supports the following authorization methods:z Direct authorization: Users are trusted and directly authorized.z Local authorization: Users are authorized according to the related attributesconfigured for their local accounts on this device.