Domain; Radius Protocol Overview - Huawei Quidway S6500 Series Operation Manual

Operation Manual - Security
Quidway S6500 Series Ethernet Switches
III. Accounting
AAA accounting supports the following modes:
None: Requires no accounting.
Remote: The accounting is conducted through a RADIUS server.

2.1.2 Domain

The NAS provides two levels of user management: domain management (users are
grouped into domains and managed by their domains) and account management
(users are managed by their accounts).
A ISP domain is a group of users belonging to the same ISP. In ISP domain view, you
can configure a complete set of exclusive ISP domain attributes on a per-ISP domain
basis, which includes AAA scheme.

2.1.3 RADIUS Protocol Overview

AAA is a management framework, so it can be implemented by some protocols.
RADIUS is such a protocol frequently used.
I. What is RADIUS
Remote Authentication Dial-In User Service (RADIUS) is a kind of distributed
information switching protocol in Client/Server architecture. RADIUS can prevent the
network from interruption of unauthorized access and it is often used in the network
environments requiring both high security and remote user access. For example, it is
often used for managing a large number of scattering dial-in users who use serial ports
and modems. RADIUS system is the important auxiliary part of Network Access Server
(NAS).
After RADIUS system is started, if the user wants to have right to access other network
or consume some network resources through connection to NAS (dial-in access server
in PSTN environment or Ethernet switch with access function in Ethernet environment),
NAS, namely RADIUS client end, will transmit user AAA request to the RADIUS server.
RADIUS server has a user database recording all the information of user authentication
and network service access. When receiving user's request from NAS, RADIUS server
performs AAA through user database query and update and returns the configuration
information and accounting data to NAS. Here, NAS controls supplicant and
corresponding connections, while RADIUS protocol regulates how to transmit
configuration and accounting information between NAS and RADIUS.
NAS and RADIUS exchange the information with UDP packets. During the interaction,
both sides encrypt the packets with keys before uploading user configuration
information (like password etc.) to avoid being intercepted or stolen.
Huawei Technologies Proprietary
2-2
Chapter 2 AAA and RADIUS Protocol
Configuration