ZyXEL Communications metrogigabit switch Plumbing Product User Manual


 
MGS3700-12C User’s Guide
255
CHAPTER 25
AAA
This chapter describes how to configure authentication, authorization and
accounting settings on the Switch.
25.1 Authentication, Authorization and
Accounting (AAA)
Authentication is the process of determining who a user is and validating access to
the Switch. The Switch can authenticate users who try to log in based on user
accounts configured on the Switch itself. The Switch can also use an external
authentication server to authenticate a large number of users
Authorization is the process of determining what a user is allowed to do. Different
user accounts may have higher or lower privilege levels associated with them. For
example, user A may have the right to create new login accounts on the Switch
but user B cannot. The Switch can authorize users based on user accounts
configured on the Switch itself or it can use an external server to authorize a large
number of users.
Accounting is the process of recording what a user is doing. The Switch can use an
external server to track when users log in, log out, execute commands and so on.
Accounting can also record system related actions such as boot up and shut down
times of the Switch.
The external servers that perform authentication, authorization and accounting
functions are known as AAA servers. The Switch supports RADIUS (Remote
Authentication Dial-In User Service, see Section 25.1.2 on page 256) and
TACACS+ (Terminal Access Controller Access-Control System Plus, see Section