Authentication, Authorization, and Accounting (AAA) on AAA-capable devices to verify user identities and assign rights to authorized users.
Definition:
Authentication, Authorization, and Accounting (AAA) provides a user management mechanism and includes the following functions:
•Authentication: verifies the identity of users for network access.
•Authorization: authorizes users to use particular services.
•Accounting: records the network resources used by users.
For your reference, please kindly refer to the link below:
Users can only use one or more security services provided by AAA. For example, if a company wants to authenticate employees that access certain network resources, the network administrator only needs to configure an authentication server. If the company also wants to record operations performed by employees on the network, an accounting server is needed.In summary, AAA authorizes users to access specific resources and records user operations.
AAA is widely used because it features good scalability and facilitates centralized user information management. AAA can be implemented using multiple protocols, such as Remote Authentication Dial-In User Service (RADIUS) and Huawei Terminal Access Controller Access Control System (HWTACACS). RADIUS is most widely used.
Purpose:
AAA prevents unauthorized users from logging in to a device and improves system security.
The local-user command creates a local user and sets parameters of the local user.
The undo local-user [/b]command deletes a local user.
By default, the local user
admin exists in the system. The password of the user is
admin@huawei.com, the irreversible encryption algorithm is used, the level is none, and service type is http.
You can refer to the link below:
The remote-aaa-user authen-fail command enables the remote AAA authentication account locking function, and sets the authentication retry interval, maximum number of consecutive authentication failures, and account locking period.
The undo remote-aaa-user authen-fail command disables the remote AAA authentication account locking function.
By default, the remote AAA account locking function is enabled, authentication retry interval is 30 minutes, maximum number of consecutive authentication failures is 30, and account locking period is 30 minutes.
You can refer to the link below:
The remote-user authen-fail unblock command unlocks remote AAA authentication accounts.
You can refer to the link below:
The local-aaa-user password policy access-user command enables the password policy for local access users and enters the local access user password policy view.
The undo local-aaa-user password policy access-user command disables the password policy of local access users.
By default, the password policy of local access users is disabled.
For AAA Commands, please see below: