GS2210 Series User’s Guide
192
CHAPTER 24
AAA
24.1 AAA Overview
This chapter describes how to configure authentication and authorization settings on the Switch.
The external servers that perform authentication and authorization functions are known as AAA
servers. The Switch supports RADIUS (Remote Authentication Dial-In User Service, see Section on
page 193) and TACACS+ (Terminal Access Controller Access-Control System Plus, see Section on
page 193) as external authentication and authorization servers.
Figure 139 AAA Server
24.1.1 What You Can Do
•Use the AAA screen (Section 24.2 on page 193) to enable authentication and authorization or
both of them on the Switch.
•use the Radio Server Setup screen (Section 24.3 on page 193) to configure your RADIUS
server settings.
•Use the TACACS+ Server Setup screen (Section 24.4 on page 195) to configure your TACACS+
authentication settings.
•Use the AAA Setup screen (Section 24.5 on page 197) to specify the methods used to
authenticate users accessing the Switch and specify which database the Switch should use first.
24.1.2 What You Need to Know
Authentication is the process of determining who a user is and validating access to the Switch. The
Switch can authenticate users who try to log in based on user accounts configured on the Switch
itself. The Switch can also use an external authentication server to authenticate a large number of
users.
Authorization is the process of determining what a user is allowed to do. Different user accounts
may have higher or lower privilege levels associated with them. For example, user A may have the
right to create new login accounts on the Switch but user B cannot. The Switch can authorize users
based on user accounts configured on the Switch itself or it can use an external server to authorize
a large number of users.
