H3C S3100 8C SI Operation Manual page 390

Operation Manual – AAA
H3C S3100 Series Ethernet Switches
Server: RADIUS Server runs on a computer or workstation at the center. It stores
and maintains user authentication information and network service access
information.
Client: RADIUS Client runs on network access servers throughout the network.
RADIUS operates in the client/server model.
A switch acting as a RADIUS client passes user information to a specified
RADIUS server, and takes appropriate action (such as establishing/terminating
user connection) depending on the responses returned from the server.
The RADIUS server receives user connection requests, authenticates users, and
returns all required information to the switch.
Generally, a RADIUS server maintains the following three databases (see
Users: This database stores information about users (such as user name,
password, protocol adopted and IP address).
Clients: This database stores information about RADIUS clients (such as shared
key).
Dictionary: The information stored in this database is used to interpret the
attributes and attribute values in the RADIUS protocol.
Figure 1-1 Databases in a RADIUS server
In addition, a RADIUS server can act as a client of some other AAA server to provide
authentication or accounting proxy service.
II. Basic message exchange procedure in RADIUS
The messages exchanged between a RADIUS client (a switch, for example) and a
RADIUS server are verified through a shared key. This enhances the security. The
RADIUS protocol combines the authentication and authorization processes together by
sending authorization information along with the authentication response message.
Figure 1-2
RADIUS server.
depicts the message exchange procedure between user, switch and
1-3
Chapter 1 AAA Overview
Figure 1-1):