Introduction To Radius - 3Com S7906E Configuration Manual
S7900e family release 6600 series
Hide thumbs
Also See for S7906E:
- Command reference manual (2327 pages) ,
- Getting started manual (155 pages) ,
- Datasheet (8 pages)
Table of Contents
Advertisement
Figure 1-1 AAA networking diagram
When a user tries to establish a connection to the NAS and to obtain the rights to access other networks
or some network resources, the NAS authenticates the user or the corresponding connection. The NAS
can transparently pass the user's AAA information to the server (RADIUS server or HWTACACS server).
The RADIUS/HWTACACS protocol defines how a NAS and a server exchange user information
between them.
In the AAA network shown in
determine the authentication, authorization and accounting methods according to the actual
requirements. For example, you can use the HWTACACS server for authentication and authorization,
and the RADIUS server for accounting.
The three security functions are described as follows:
Authentication: Identifies remote users and judges whether a user is legal.
Authorization: Grants different users different rights. For example, a user logging into the server
can be granted the permission to access and print the files in the server.
Accounting: Records all network service usage information of users, including the service type,
start and end time, and traffic. In this way, accounting can be used for not only charging, but also
network security surveillance.
You can use AAA to provide only one or two security functions, if desired. For example, if your company
only wants employees to be authenticated before they access specific resources, you only need to
configure an authentication server. If network usage information is expected to be recorded, you also
need to configure an accounting server.
As described above, AAA provides a uniform framework to implement network security management. It
is a security mechanism that enables authenticated and authorized entities to access specific resources
and records operations of the entities. As the AAA framework thus allows for excellent scalability and
centralized user information management, it has gained wide application.
AAA can be implemented through multiple protocols. Currently, the device supports using RADIUS, and
HWTACACS for AAA, and RADIUS is often used in practice.
Introduction to RADIUS
Remote Authentication Dial-In User Service (RADIUS) is a distributed information interaction protocol in
a client/server model. RADIUS can protect networks against unauthorized access and is often used in
network environments where both high security and remote user access are required. Based on UDP,
Figure
1-1, there is a RADIUS server and an HWTACACS server. You can
1-2
- Quick Links:
- Configuration Guide
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
