Configuring AAA for AOS-CX

Authentication, Authorization, and Accounting (AAAAuthentication, Authorization, and Accounting. AAA is a security framework to authenticate users, authorize the type of access based on user credentials, and record authentication events and information about the network access and network resource consumption.) is a security framework to authenticate users, authorize the type of access based on user credentials, and record authentication events and information about the network access and network resource consumption.

From the Administrator page, you can configure the following AAA properties:

• Authentication using TACACSTerminal Access Controller Access Control System. TACACS is a family of protocols that handles remote authentication and related services for network access control through a centralized server. , RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. , and local server groups.
• Authorization using TACACS and local server groups.
• Accounting using TACACS, RADIUS, and local server groups.

To configure AAA properties for AOS-CX switches, complete the following steps:

1. In the Network Operations app, select one of the following options:
   • To select a switch group in the filter:
     1. Set the filter to a group.
        

        The dashboard context for the group is displayed.

     2. Under Manage, click Devices > Switches.
     3. Click the AOS-CX or Config icon to view the switch configuration dashboard.
   • To select a switch in the filter:
     1. Set the filter to Global or a group containing at least one switch.
     2. Under Manage, click Devices > Switches.
        

        A list of switches is displayed in the List view.

     3. Click an AOS-CX switch under Device Name.
        

        The dashboard context for the switch is displayed.

     4. Under Manage, click Device.
        

        The AOS-CX UI configuration page is displayed.

2. Click System > Administrator.

   The Administrator page is displayed with Authentication, Authorization, and Accounting tables.

3. You can configure Authentication, Authorization and Accounting from the respective tables.
   • To configure Authentication, click + in the Authentication table and configure the following parameters.

     Table 1: Authentication Parameters

     Name	Description	Value
     Protocol	The type of protocol to enable connection to the server groups for authentication. You can add one or more protocols by clicking + in the Authentication table.	Console, Default, HTTPS Server, and SSH.
     Server Groups	The list of server groups to be used for authentication. You can select one server group at a time. To add the next server group, click + either in the protocol row or any of the server group rows. The server groups are accessed in the top-down order. You can rearrange the order by dragging the server group to a different position using the drag-and-drop icon.	TACACS, RADIUS, and Local.

   • To configure Authorization, click + in the Authorization table and configure the following parameters.

     Table 2: Authorization parameters

     Name	Description	Value
     Protocol	The type of protocol to enable connection to the server groups for authorization. You can add one or more protocols by clicking + in the Authorization table.	Console, Default, and SSH.
     Server Groups	The list of server groups to be used for authorization. You can select one server group at a time. To add the next server group, click + either in the protocol row or any of the server group rows. The server groups are accessed in the top-down order. You can rearrange the order by dragging the server group to a different position using the drag-and-drop icon.	TACACS, Local, and None.

   • To configure Accounting, click + in the Accounting table and configure the following parameters.

     Table 3: Accounting Parameters

     Name	Description	Value
     Protocol	The type of protocol to enable connection to the server groups for accounting. You can add one or more protocols by clicking + in the Accounting table.	Console, Default, HTTPS Server, and SSH.
     Server Groups	The list of server groups to be used for accounting. You can select one server group at a time. To add the next server group, click + either in the protocol row or any of the server group rows. The server groups are accessed in the top-down order. You can rearrange the order by dragging the server group to a different position using the drag-and-drop icon.	TACACS, RADIUS, and Local.

4. Click Save.

Deleting AAA properties

To delete Authentication, Authorization, or Accounting, point to the row for the AAA property in the respective tables, and click the delete icon.