14AAA configurationThe switch operates in IRF mode or standalone, (the default), mode. For more information about the IRFmode, see IRF in the IRF Configuration Guide.Introduction to AAAAuthentication, authorization, and accounting (AAA) provide a uniform framework for configuringthese three security functions when implementing network security management.AAA usually uses a client/server model, where the client runs on the network access server (NAS)and the server maintains user information centrally. In an AAA network, a NAS is a server forusers but a client for the AAA servers. See Figure 1.Figure 1 AAA networking diagramWhen attempting to establish a connection to the NAS and to obtain the rights to access othernetworks or network resources, the NAS authenticates you or the corresponding connection. TheNAS can transparently pass your AAA information to the server (RADIUS server or HWTACACSserver). The RADIUS/HWTACACS protocol defines how a NAS and a server exchange useinformation.In the AAA network, there is a RADIUS server and an HWTACACS server. See Figure 1. You candetermine the authentication, authorization, and accounting methods according to the actualrequirements. For example, you can use the HWTACACS server for authentication andauthorization, and the RADIUS server for accounting.The three security functions are described as follows:• Authentication: Identifies remote users and determines if they are legal.• Authorization: Grants user’s rights. For example, a user logging into the server can begranted the permission to access and print the files on the server.