Manualshelf

H3C S7500E Series Ethernet Switches Operation Manual

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
841842843844845846847848849850
Operation Manual – AAA RADIUS HWTACACS
H3C S7500E Series Ethernet Switches
Chapter 1 AAA/RADIUS/HWTACACS
Configuration
1-3
AAA can be implemented through multiple protocols. Currently, the device supports
using RADIUS and HWTACACS for AAA, and RADIUS is often used in practice.
1.1.2 Introduction to RADIUS
Remote Authentication Dial-In User Service (RADIUS) is a distributed information
interaction protocol in the client/server model. RADIUS can protect networks against
unauthorized access and is often used in network environments where both high
security and remote user access are required. Based on UDP, RADIUS defines the
RADIUS packet format and the message transfer mechanism, and uses UDP port 1812
as the authentication port and 1813 as the accounting port.
RADIUS was originally designed for dial-in user access. With the diversification of
access methods, RADIUS has been extended to support more access methods, for
example, Ethernet access and ADSL access. It uses authentication and authorization
to provide access service and uses accounting to collect and record usage of network
resources by users.
I. Client/server model
z Client: The RADIUS client runs on the NASs located throughout the network. It
passes user information to designated RADIUS servers and acts on the response
(for example, rejects or accepts user access requests).
z Server: The RADIUS server runs on the computer or workstation at the network
center and maintains information related to user authentication and network
service access. It authenticates a user after receiving a connection request and
returns the processing result (for example, rejecting or accepting user access
requests) to the client.
In general, the RADIUS server maintains three databases, namely, Users, Clients, and
Dictionary, as shown in
Figure 1-2:
Figure 1-2 RADIUS server components
z Users: Stores user information such as the username, password, applied
protocols, and IP address.
z Clients: Stores information about RADIUS clients such as the shared keys and IP
addresses.
z Dictionary: Stores the information for interpreting RADIUS protocol attributes and
their values.