Introduction To Radius; Client/Server Model - H3C S9500E Series Security Configuration Manual

Routing switches

Hide thumbs Also See for S9500E Series:

Configuration manual (459 pages)

Command reference manual (225 pages)

Installation manual (154 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

Table of Contents

•

Accounting: Records all network service usage information of users. This includes the service

type, start and end time, and traffic. In this way, accounting can be used for charging and

network security surveillance.

You can use AAA to provide one or two security functions. For example, if your company only

wants employees to be authenticated before they access specific resources, you only need to

configure an authentication server. If network usage information is needs to be recorded, you must

also configure an accounting server.

AAA provides a uniform framework to implement network security management. It is a security

mechanism that enables authenticated and authorized entities to access specific resources and

records operations of the entities. The AAA framework thus allows for scalability and centralized

user information management.

AAA can be implemented through multiple protocols. Currently, the switch supports using RADIUS,

and HWTACACS for AAA, and RADIUS is often used in practice.

Introduction to RADIUS

Remote authentication dial-in user service (RADIUS) is a distributed information interaction protocol

in a client/server model. RADIUS can protect networks against unauthorized access and is often

used in network environments where both high security and remote user access are required.

Based on UDP, RADIUS uses UDP port 1812 for authentication and 1813 for accounting. RADIUS

defines the RADIUS packet format and message transfer mechanism.

RADIUS was originally designed for dial-in user access. With the diversification of access

methods, RADIUS now supports additional access methods, such as Ethernet and ADSL access.

RADIUS uses authentication and authorization when providing access services and uses

accounting to collect and record usage information of network resources.

Client/Server model

•

Client: The RADIUS client runs on the NASs located throughout the network. It passes user

information to designated RADIUS servers and acts on the responses (for example, rejects or

accepts user access requests).

•

Server: The RADIUS server runs on the computer or workstation at the network center and

maintains information related to user authentication and network service access. It listens to

connection requests, authenticates users, and returns the processing results (for example,

rejecting or accepting the user access request) to the clients.

In general, the RADIUS server maintains three databases: Users, Clients, and Dictionary. See

Figure 2:

Table of Contents

Introduction To Radius; Client/Server Model - H3C S9500E Series Security Configuration Manual

Introduction to RADIUS

Client/Server model

Troubleshooting

Related Manuals for H3C S9500E Series

Related Content for H3C S9500E Series

Table of Contents