Huawei Quidway S3100 Series Operation Manual page 235

Operation Manual – AAA&RADIUS
Quidway S3100 Series Ethernet Switches
RADIUS is based on client/server model. Acting as a RADIUS client, the switch passes
user information to a designated RADIUS server, and makes processing (such as
connecting/disconnecting users) depending on the responses returned from the server.
The RADIUS server receives user's connection requests, authenticate users, and
return all required information to the switch.
Generally, the RADIUS server maintains the following three databases (as shown in
Figure 1-1):
Users: This database stores information about users (such as user name,
password, adopted protocol and IP address).
Clients: This database stores the information about RADIUS clients (such as
shared keys).
Dictionary: This database stores the information used to interpret the attributes
and attribute values of the RADIUS protocol.
Users Users
Figure 1-1 Databases in RADIUS server
In addition, the RADIUS server can act as the client of some other AAA server to
provide the authentication or accounting proxy service.
II. Basic message exchange procedure of RADIUS
The messages exchanged between a RADIUS client (a switch, for example) and the
RADIUS server are verified by using a shared key. This enhances the security. The
RADIUS protocol combines the authentication and authorization processes together by
sending authorization information in the authentication response message. Figure 1-2
depicts the message exchange procedure between user, switch and RADIUS server.
RADIUS server RADIUS server
Dictionary Dictionary
Clients Clients
Huawei Technologies Proprietary
1-3
Chapter 1 AAA&RADIUS Configuration