Authentication, Authorization, and Accounting (AAA) Servers

AAA provides an extra level of protection and control for user access in the following ways:

• Authentication determines the firewall user.
• Authorization determines what the firewall user can do.
• Accounting determines what the firewall user did on the network.

You can use authentication alone or with authorization and accounting. Authorization always requires a user to be authenticated first. You can use accounting alone, or with authentication and authorization.

Once the user's credentials are collected, they are processed in one of the following ways:

• Administrative authentication supports the following types of servers:
  • local
  • RADIUS
  • TACACS+

    For more information on administrative authentication, see the JUNOS Software Administration Guide).

• Firewall user authentication supports the following types of servers:
  • Local authentication and authorization
  • RADIUS authentication and authorization (compatible with Funk RADIUS server)
  • LDAP authentication only (supports LDAP version 3 and compatible with Windows AD)
  • SecurID authentication only (using an RSA SecurID external authentication server)

Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice.