Chapter 2 Aaa And Radius Protocol Configuration; Aaa Overview; Aaa - Huawei Quidway S6500 Series Operation Manual

Operation Manual - Security
Quidway S6500 Series Ethernet Switches
Chapter 2 AAA and RADIUS Protocol

2.1 AAA Overview

2.1.1 AAA

Authentication, Authorization and Accounting (AAA) provide a uniform framework to
implement the network security management.
AAA serves to determine:
Who can access the network?
Which services can an authorized user enjoy?
How to keep accounts for users who are using network resources?
The generally adopted Client/Server model, with clients running on the managed
resources and user information stored on servers, endows AAA frameworks with well
scalability, and centralized management of user information.
I. Authentication
AAA authentication supports the following modes:
None: Users are trusted and not authenticated. Generally, this mode is not
recommended.
Local: User information (including username, password, and attributes) is
configured on the network access server (NAS); users are locally authenticated.
Although this mode is high speed and cost effective, the information storage is
restricted by hardware capacity.
Remote: Users are authenticated remotely through RADIUS. In this mode, the
NAS acts as a client to communicate with a RADIUS server. With RADIUS, either
the standard RADIUS or Huawei's extended RADIUS protocol.
II. Authorization
AAA authorization supports the following modes:
Local: Users are authorized according to the attributes related to their accounts on
the NAS.
RADIUS: Users are authorized only after they pass the authentication. Because
authorization is binding with authentication for RADIUS and cannot be performed
alone.
Configuration
Huawei Technologies Proprietary
2-1
Chapter 2 AAA and RADIUS Protocol
Configuration