Manualshelf

H3C S7500E Series Ethernet Switches Operation Manual

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
841842843844845846847848849850
Operation Manual – AAA RADIUS HWTACACS
H3C S7500E Series Ethernet Switches
Chapter 1 AAA/RADIUS/HWTACACS
Configuration
1-4
II. Security authentication mechanism
Information exchanged between the RADIUS client and the RADIUS server is
authenticated with a shared key, which is never transmitted over the network, thus
enhancing the security of information exchange. To prevent user passwords from being
intercepted in non-secure networks, the passwords are encrypted during transmission.
A RADIUS server supports multiple user authentication methods, such as the
Password Authentication Protocol (PAP) and Challenge Handshake Authentication
Protocol (CHAP) of Point-to-Point Protocol (PPP). In addition, a RADIUS server can act
as the client of another AAA server to provide proxy authentication or accounting
service.
III. Basic message exchange process of RADIUS
For the interaction among the host, the RADIUS client, and the RADIUS server, see
Figure 1-3.
Figure 1-3 Basic message exchange process of RADIUS
The following is how RADIUS operates:
1) The host initiates a connection request carrying the username and password to
the RADIUS client.
2) Having received the username and password, the RADIUS client sends an
authentication request (Access-Request) to the RADIUS server, where the user
password is encrypted by the Message-Digest 5 (MD5) algorithm with the shared
key.