3Com WX2200 3CRWX220095A Switch User Manual


 
AAA Tools for Network Users 441
Authorization for access control. Authorization provides access
control by means of such mechanisms as per-user security access
control lists (ACLs), VLAN membership, Mobility Domain assignment,
and timeout enforcement. Because authorization is always performed
on network access users so they can use a particular VLAN, the WX
automatically uses the same AAA method (RADIUS server group or
local database) for authorization that you define for a user
authentication.
Local authorization control. You can override any AAA assignment
of VLAN or security ACL for individual network users on a particular
WX switch by configuring the location policy on the WX.
SSID default authorization attributes. You can configure service
profiles with a set of default AAA authorization attributes that are
used when the normal AAA process or a location policy does not
provide them.
Accounting for tracking users and resources. Accounting collects
and sends information used for billing, auditing, and reporting — for
example, user identities, connection start and stop times, the number
of packets received and sent, and the number of bytes transferred.
You can track sessions through accounting information stored locally
or on a remote RADIUS server. As network users roam throughout a
Mobility Domain, accounting records track them and their network
usage.
AAA Tools for
Network Users
Authentication verifies network user identity and is required before a
network user is granted access to the network. A WX switch
authenticates user identity by username-password matching, digital
signatures and certificates, or other methods (for example, by MAC
address).
You must decide whether to authenticate network users locally on the
WX, remotely via one or more external RADIUS server groups, or both
locally and remotely. (For server group details, see “Configuring RADIUS
Server Groups” on page 524.)