AAA supports configuring different authentication, authorization, and accounting methods for different types of users in an ISP domain. The NAS determines the ISP domain and access type of a user. The NAS also uses the methods configured for the access type in the domain to control the user's access.
AAA also supports configuring a set of default methods for an ISP domain. These default methods are applied to users for whom no AAA methods are configured.
The device supports the following authentication methods:
No authentication—This method trusts all users and does not perform authentication. For security purposes, do not use this method.
Local authentication—The NAS authenticates users by itself, based on the locally configured user information including the usernames, passwords, and attributes. Local authentication allows high speed and low cost, but the amount of information that can be stored is limited by the size of the storage space.
Remote authentication—The NAS works with a RADIUS, LDAP, or HWTACACS server to authenticate users. The server manages user information in a centralized manner. Remote authentication provides high capacity, reliable, and centralized authentication services for multiple NASs. You can configure backup methods to be used when the remote server is not available.
The device supports the following authorization methods:
No authorization—The NAS performs no authorization exchange. The following default authorization information applies after users pass authentication:
Non-login users can access the network.
Login users obtain the level-0 user role. For more information about the level-0 user role, see RBAC configuration in Fundamentals Configuration Guide.
The working directory for FTP, SFTP, and SCP login users is the root directory of the NAS. However, the users do not have permission to access the root directory.
Local authorization—The NAS performs authorization according to the user attributes locally configured for users.
Remote authorization—The NAS works with a RADIUS, HWTACACS, or LDAP server to authorize users. RADIUS authorization is bound with RADIUS authentication. RADIUS authorization can work only after RADIUS authentication is successful, and the authorization information is included in the Access-Accept packet. HWTACACS authorization is separate from HWTACACS authentication, and the authorization information is included in the authorization response after successful authentication. You can configure backup methods to be used when the remote server is not available.
The device supports the following accounting methods:
No accounting—The NAS does not perform accounting for the users.
Local accounting—Local accounting is implemented on the NAS. It counts and controls the number of concurrent users that use the same local user account, but does not provide statistics for charging.
Remote accounting—The NAS works with a RADIUS server or HWTACACS server for accounting. You can configure backup methods to be used when the remote server is not available.
Which of the following are characteristics of TACACS +? -Remote access -Radius combines authentication and authorization into a single function. TACAS+ allows these services to be split between different servers. -Configure the remote access servers as -RADIUS clients. -Allowing for a possible of three different servers, one each for authentication, authorization, and accounting.
-Uses TCP.
-Allowing for a possible of three different servers, one each for authentication, authorization, and accounting.
-Uses TCP.
You have decided to implement a remote access solution that uses multiple remote access servers. You want to implement RADIUS to centralize remote access authentication and authorization.Which of the following would be a required part of your configuration? -RADIUS -Configure the remote access servers as RADIUS clients.-Remote access-TACACS+
Configure the remote access servers as RADIUS clients.
Which of the following are differences between RADIUS and TACACS+? -Radius combines authentication and authorization into a single function. -TACAS+ allows these services to be split between different servers. -Allowing for a possible of three different servers, one each for authentication, authorization, and accounting.
-Radius combines authentication and authorization into a single function.
-TACAS+ allows these services to be split
You have just signed up for Internet access using a local provider that gives you a fiber optic line into your house. From there, the Ethernet and wireless connections are used to create a small network within your home.Which of the following protocols would be used to provide authentication, authorization, and accounting for the Internet connection? PPP PPPoE RADIUS
RAS
You want to set up a service to allow multiple users to dial in to the office server from modems on their home computers. What service should you implement? RADIUS RAS PPPoE PPP
Which of the following is a platform independent authentication system that maintains a database of user accounts and passwords that centralizes the maintenance of those accounts? RADIUS PPPoE RAS
PPP
You often travel away from the office. While traveling, you would like to use a modem on your laptop computer to connect directly to a server in your office and access files on that server that you need.You want the connection to be as secure as possible. Which type of connection will you need? RAS PPPoE RADIUS
Remote access
Which of the following protocols or services is commonly used on cable Internet connections for user authentication? RADIUS PPP PPPoE RAS
Which of the following are methods for providing centralized authentication, authorization, and accounting for remote access? RADIUS Remote access TACACS+RADIUS RAS
You are configuring your computer to dial up to the Internet. What protocol should you use? PPP RADIUS RAS PPPoE