ES-2024 Series User’s Guide
145
CHAPTER 20
Authentication & Accounting
This chapter describes how to configure authentication and accounting settings on the Switch.
20.1 Authentication, Authorization and Accounting
Authentication is the process of determining who a user is and validating access to the Switch.
The Switch can authenticate users who try to log in based on user accounts configured on the
Switch itself. The Switch can also use an external authentication server to authenticate a large
number of users
Authorization is the process of determining what a user is allowed to do. Different user
accounts may have higher or lower privilege levels associated with them. For example, user A
may have the right to create new login accounts on the Switch but user B cannot. The Switch
can authorize users based on user accounts configured on the Switch itself or it can use an
external server to authorize a large number of users.
Accounting is the process of recording what a user is doing. The Switch can use an external
server to track when users log in, log out, execute commands and so on. Accounting can also
record system related actions such as boot up and shut down times of the Switch.
The external servers that perform authentication, authorization and accounting functions are
known as AAA servers. The Switch supports RADIUS (Remote Authentication Dial-In User
Service, see Section 20.1.2 on page 146) and TACACS+ (Terminal Access Controller Access-
Control System Plus, see Section 20.1.2 on page 146) as external authentication, authorization
and accounting servers.
Figure 75 AAA Server
20.1.1 Local User Accounts
By storing user profiles locally on the Switch, your Switch is able to authenticate and
authorize users without interacting with a network AAA server. However, there is a limit on
the number of users you may authenticate in this way (See Chapter 27 on page 197).
Client AAA Server