AAA Scheme

You can add, modify, and delete an authentication scheme, authorization scheme, or accounting scheme. The S2710SI-52P,S2700EI-52P, S2700EI or S2700SI switches do not support this function.

Context

Authentication, authorization, and accounting are three independent service processes.

In the authentication process, a device authenticates the user name, password, or user information of an access request or a service request. The device, however, neither delivers authorization information to the user nor triggers the accounting process. In AAA, a device can adopt only authentication.
In the authorization process, a device sends authorization requests to the authorization server. After users pass authorization, the device sends authorization information to users. If the authorization scheme is none, users do not need to be authorized. In this case, users passing authentication have the default authority granted by the system.
In the accounting process, a device sends accounting-start packets, accounting-update packets, or accounting-stop packets to the accounting server. In AAA, an accounting scheme is optional. If you do not configure an accounting scheme.

Procedure

Create an authentication scheme.

NOTE:

You can create an authentication scheme, authorization scheme, or accounting scheme. Here the authentication scheme is used as an example.

Choose Security > AAA > AAA Scheme in the navigation tree to open the AAA Scheme page.

Click New to open the Create Authentication Scheme page.

Table 1 describes the parameters on the Create Authentication Scheme page.

**Table 1** Create Authentication Scheme
Item	Description
Authentication Scheme Name	Indicates the name of an authentication scheme.
Authentication Scheme Mode	Indicates the authentication mode. There are four authentication modes for you to select. NOTE: The options are none, hwtacacs, radius, and local. You can use the combination of authentication modes. If the authentication mode is none or local, you cannot configure an authentication scheme.
Authorization Scheme Mode	Indicates the authorization mode. There are four authorization modes for you to select. NOTE: The options are none, hwtacacs, if-authenticated, and local. You can use the combination of authorization modes. If the authentication mode is none, you cannot configure an authorization scheme.
Accounting Scheme Mode	Indicates the accounting mode. There are three accounting modes for you to select. NOTE: The options are none, hwtacacs, radius.

Set parameters.
Click OK.

Modify an authentication scheme.
NOTE:
You can modify an authentication scheme, authorization scheme, or accounting scheme. Here the authentication scheme is used as an example.
1. Choose Security > AAA > AAA Scheme in the navigation tree to open the AAA Scheme page.
2. Click to open the Modify Authentication Scheme page.
  NOTE:
  - Table 1 describes the parameters on the Modify Authentication Scheme page.
  - The authentication scheme name cannot be changed.
3. Set the authentication type as required.
4. Click OK.
Delete an authentication scheme.
1. Choose Security > AAA > AAA Scheme in the navigation tree to open the AAA Scheme page.
2. Select a record that you want to delete and click Delete. The system asks you whether to delete the record.
  NOTE:
  - To select a record, click the check box of the record.
  - To delete records in batches, click the check boxes of the records.
3. Click OK.