Overview
This section describes the definition and purpose of AAA.
Definition
Authentication, Authorization, and Accounting (AAA) provides a management mechanism for network security.
AAA provides the following functions:
Authentication: verifies whether users are authorized for network access.
Authorization: authorizes users to use particular services.
Accounting: records the network resources used by users.
Users can only use one or more security services provided by AAA. For example, if a company wants to authenticate employees that access certain network resources, the network administrator only needs to configure an authentication server. If the company also wants to record operations performed by employees on the network, an accounting server is needed.
In summary, AAA authorizes users to access specific resources and records user operations. AAA is widely used because it features good scalability and facilitates centralized user information management. AAA can be implemented using multiple protocols. Currently, the device uses the Remote Authentication Dial-In User Service (RADIUS) or Huawei Terminal Access Controller Access Control System (HWTACACS) protocol to implement AAA. In most cases, the RADIUS protocol is used.
Purpose
AAA prevents unauthorized users from logging in to the device and improves system security.
Previous
