Authorization; Accounting; Introduction To Isp Domain; Introduction To Aaa Services - H3C S5600 SERIES Operation Manual

Remote authentication: Users are authenticated remotely through RADIUS or HWTACACS
protocol. This device (for example, a H3C series switch) acts as the client to communicate with the
RADIUS or TACACS server. You can use standard or extended RADIUS protocols in conjunction
with such systems as iTELLIN/CAMS for user authentication. Remote authentication allows
convenient centralized management and is feature-rich. However, to implement remote
authentication, a server is needed and must be configured properly.

Authorization

AAA supports the following authorization methods:
Direct authorization: Users are trusted and directly authorized.
Local authorization: Users are authorized according to the related attributes configured for their
local accounts on this device.
RADIUS authorization: Users are authorized after they pass RADIUS authentication. In RADIUS
protocol, authentication and authorization are combined together, and authorization cannot be
performed alone without authentication.
HWTACACS authorization: Users are authorized by a TACACS server.

Accounting

AAA supports the following accounting methods:
None accounting: No accounting is performed for users.
Remote accounting: User accounting is performed on a remote RADIUS or TACACS server.

Introduction to ISP Domain

An Internet service provider (ISP) domain is a group of users who belong to the same ISP. For a
username in the format of userid@isp-name or userid.isp-name, the isp-name following the "@" or "."
character is the ISP domain name. The access device uses userid as the username for authentication,
and isp-name as the domain name.
In a multi-ISP environment, the users connected to the same access device may belong to different
domains. Since the users of different ISPs may have different attributes (such as different forms of
username and password, different service types/access rights), it is necessary to distinguish the users
by setting ISP domains.
You can configure a set of ISP domain attributes (including AAA policy, RADIUS scheme, and so on) for
each ISP domain independently in ISP domain view.

Introduction to AAA Services

Introduction to RADIUS

AAA is a management framework. It can be implemented by not only one protocol. But in practice, the
most commonly used service for AAA is RADIUS.
What is RADIUS
Remote Authentication Dial-in User Service (RADIUS) is a distributed service based on client/server
structure. It can prevent unauthorized access to your network and is commonly used in network
environments where both high security and remote user access service are required.
1-2