1-11 AAA Overviewz The configuration of ISP domain delimiter is added. See Creating an ISP Domain and ConfiguringIts Attributes.z The configuration of HWTACACS authentication scheme for user level switching is added. SeeConfiguring an AAA Scheme for an ISP Domain.z The configuration of the MAC address format for the Calling-Station-Id field in RADIUS packets isadded. See Configuring the Attributes of Data to be Sent to RADIUS Servers.Introduction to AAAAAA is the acronym for the three security functions: authentication, authorization and accounting. Itprovides a uniform framework for you to configure these three functions to implement network securitymanagement.z Authentication: Defines what users can access the network,z Authorization: Defines what services can be available to the users who can access the network,andz Accounting: Defines how to charge the users who are using network resources.Typically, AAA operates in the client/server model: the client runs on the managed resources side whilethe server stores the user information. Thus, AAA is well scalable and can easily implement centralizedmanagement of user information.AuthenticationAAA supports the following authentication methods:z None authentication: Users are trusted and are not checked for their validity. Generally, thismethod is not recommended.z Local authentication: User information (including username, password, and some other attributes)is configured on this device, and users are authenticated on this device instead of on a remotedevice. Local authentication is fast and requires lower operational cost, but has the deficiency thatinformation storage capacity is limited by device hardware.