H3C S7500 Series Ethernet Switches Operation Manual

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

521

522

523

524

525

526

527

528

529

530

Operation Manual – AAA & RADIUS & HWTACACS & EAD

H3C S7500 Series Ethernet Switches

Chapter 1 AAA & RADIUS & HWTACACS

Configuration

1-4

In addition, the RADIUS server can act as a proxy client to other AAA servers to provide

the authentication or accounting service.

II. Basic message exchange procedure of RADIUS

The messages exchanged between a RADIUS client (a switch, for example) and the

RADIUS server are verified by using a shared key. This enhances the security. The

RADIUS protocol combines the authentication and authorization processes together by

sending authorization information in the authentication response message.

Figure 1-2

depicts the message exchange procedure between user, switch and RADIUS server.

RADIUS

Server

(1) The user inputs the user name and password

(2)

Access -Request

RADIUS

Client

(3) Access -Accept

(4) Accounting -Request (start)

(5) Accounting -Response

(7) Accounting - Request (sto

(8) Accounting -Response

(9) Inform the user the access is ended

(6) The user starts to access the resources

RADIUS

server

(1) The user inputs the user name and password

(2)

Access -Request

RADIUS

client

(3) Access -Accept

(4) Accounting -Request (start)

(5) Accounting -Response

(7) Accounting - Request (sto

(8) Accounting -Response

(9) Inform the user the access is ended

(6) The user starts to access the resources

RADIUS

Server

(1) The user inputs the user name and password

(2)

Access -Request

RADIUS

Client

(3) Access -Accept

(4) Accounting -Request (start)

(5) Accounting -Response

(7) Accounting - Request (sto

(8) Accounting -Response

(9) Inform the user the access is ended

(6) The user starts to access the resources

RADIUS

server

(1) The user inputs the user name and password

(2)

Access -Request

RADIUS

client

(3) Access -Accept

(4) Accounting -Request (start)

(5) Accounting -Response

(7) Accounting - Request (sto

(8) Accounting -Response

(9) Inform the user the access is ended

(6) The user starts to access the resources

Figure 1-2 Basic message exchange procedure of RADIUS

The basic message exchange procedure of RADIUS is as follows:

1) The user enters the user name and password.

2) The RADIUS client receives the user name and password and then sends an

authentication request (Access-Request) to the RADIUS server.

3) The RADIUS server compares the received user information with that in the Users

database to perform authentication for the user. If the authentication succeeds, the

RADIUS server sends back an authentication response (Access-Accept), which

contains the information about the rights authorized to the user, to the RADIUS

client. If the authentication fails, the RADIUS server returns an Access-Reject

response.

4) The RADIUS client accepts or denies the user depending on the received

authentication result. If the user is authenticated, the RADIUS client sends a