Manualshelf

3Com Switch 8800 Advanced Software V5 Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 9400sl 4-Port 10-GbE Module
871872873874875876877878879880
AAA, RADIUS and HWTACACS Configuration Overview 881
Introduction to RADIUS As described previously, AAA is a management framework and can be
implemented through multiple protocols. However, RADIUS is usually used in
practice.
What is RADIUS
Remote authentication dial-in user service (RADIUS) is a distributed information
interaction protocol in the client/server model. RADIUS can prevent the network
from interruption of unauthorized access and is often used in network
environments where both high security and remote user access are required. For
example, it is often used for managing a large number of geographically dispersed
dial-in users that use Modems.
The RADIUS service involves three components:
Protocol: Based on the UDP, RFC 2865 and RFC 2866 define the RADIUS frame
format and the message transfer mechanism, and use 1812 as the
authentication port and 1813 as the accounting port.
Server: The RADIUS server runs on the computer or workstation at the center,
and maintains information for user authentication and network service access.
Client: The RADIUS client runs on the NASs located throughout the network.
In the client/server model of RADIUS, the client, a router or a switch, passes user
information to the designated RADIUS server and acts on the response of the
server (such as connecting/disconnecting users). The RADIUS server receives user
connection requests, authenticates users, and returns the required information to
the client.
In general, the RADIUS server maintains three databases, namely, Users, Clients,
and Dictionary, as shown in
Figure 256:
Users: Stores user information such as the username, password, applied
protocols, and IP address.
Clients: Stores information about RADIUS clients such as the shared key.
Dictionary: Stores the information for interpreting RADIUS protocol attributes
and their values.
Figure 256 Components of the RADIUS server
In addition, a RADIUS server can act as the client of another AAA server to provide
the proxy authentication or accounting service. A RADIUS server supports multiple
user authentication methods, such as PPP-based PAP, CHAP, and UNIX-based
login.
RADIUS server
User Clients Dictionary