H3C S5120-EI Series Operation Manual page 587

1 AAA Configuration ····································································································································1-1
Introduction to AAA ·································································································································1-1
Introduction to RADIUS···························································································································1-2
Client/Server Model ·························································································································1-2
Security and Authentication Mechanisms ·······················································································1-3
Basic Message Exchange Process of RADIUS ··············································································1-3
RADIUS Packet Format···················································································································1-4
Extended RADIUS Attributes ··········································································································1-7
Introduction to HWTACACS····················································································································1-7
Differences Between HWTACACS and RADIUS············································································1-7
Basic Message Exchange Process of HWTACACS ·······································································1-8
Protocols and Standards·······················································································································1-10
AAA Configuration Task List ·················································································································1-10
AAA Configuration Task List ·········································································································1-11
RADIUS Configuration Task List ···································································································1-11
HWTACACS Configuration Task List ····························································································1-12
Configuring AAA····································································································································1-12
Configuration Prerequisites ···········································································································1-12
Creating an ISP Domain················································································································1-12
Configuring ISP Domain Attributes································································································1-13
Configuring AAA Authentication Methods for an ISP Domain·······················································1-14
Configuring AAA Authorization Methods for an ISP Domain ························································1-15
Configuring AAA Accounting Methods for an ISP Domain····························································1-17
Configuring Local User Attributes··································································································1-19
Configuring User Group Attributes ································································································1-20
Tearing down User Connections Forcibly ·····················································································1-21
Displaying and Maintaining AAA ···································································································1-21
Configuring RADIUS ·····························································································································1-22
Creating a RADIUS Scheme ·········································································································1-22
Specifying the RADIUS Authentication/Authorization Servers······················································1-22
Specifying the RADIUS Accounting Servers and Relevant Parameters·······································1-23
Setting the Shared Key for RADIUS Packets················································································1-24
Setting the Upper Limit of RADIUS Request Retransmission Attempts ·······································1-24
Setting the Supported RADIUS Server Type ················································································1-25
Setting the Status of RADIUS Servers ··························································································1-25
Configuring Attributes Related to Data to Be Sent to the RADIUS Server ···································1-26
Setting Timers Regarding RADIUS Servers··················································································1-27
Specifying Security Policy Servers································································································1-28
Enabling the Listening Port of the RADIUS Client ········································································1-29
Displaying and Maintaining RADIUS·····························································································1-29
Configuring HWTACACS ······················································································································1-30
Creating a HWTACACS scheme···································································································1-30
Specifying the HWTACACS Authentication Servers·····································································1-30
Table of Contents
i