Accounting; Introduction To Isp Domain; Introduction To Aaa Services; Introduction To Radius - 3Com WX3000 Series Operation Manual

Local authorization: Users are authorized according to the related attributes configured for their
local accounts on this device.
RADIUS authorization: Users are authorized after they pass RADIUS authentication. In RADIUS
protocol, authentication and authorization are combined together, and authorization cannot be
performed alone without authentication.
HWTACACS authorization: Users are authorized by a TACACS server.

Accounting

AAA supports the following accounting methods:
None accounting: No accounting is performed for users.
Remote accounting: User accounting is performed on a remote RADIUS or TACACS server.

Introduction to ISP Domain

An Internet service provider (ISP) domain is a group of users who belong to the same ISP. For a user
name in the format of userid@isp-name or userid.isp-name, the isp-name following the "@" or "."
character is the ISP domain name. The access device uses userid as the user name for authentication,
and isp-name as the domain name.
In a multi-ISP environment, the users connected to the same access device may belong to different
domains. Since the users of different ISPs may have different attributes (such as different forms of user
name and password, different service types/access rights), it is necessary to distinguish the users by
setting ISP domains.
You can configure a set of ISP domain attributes (including AAA policy, RADIUS scheme, and so on) for
each ISP domain independently in ISP domain view.

Introduction to AAA Services

Introduction to RADIUS

AAA is a management framework. It can be implemented by not only one protocol. But in practice, the
most commonly used service for AAA is RADIUS.
What is RADIUS
RADIUS (remote authentication dial-in user service) is a distributed service based on client/server
structure. It can prevent unauthorized access to your network and is commonly used in network
environments where both high security and remote user access service are required.
The RADIUS service involves three components:
Protocol: Based on the UDP/IP layer, RFC 2865 and 2866 define the message format and
message transfer mechanism of RADIUS, and define 1812 as the authentication port and 1813 as
the accounting port.
Server: RADIUS Server runs on a computer or workstation at the center. It stores and maintains
user authentication information and network service access information.
Client: RADIUS Client runs on network access servers throughout the network.
RADIUS operates in the client/server model.
A device acting as a RADIUS client passes user information to a specified RADIUS server, and
takes appropriate action (such as establishing/terminating user connection) depending on the
responses returned from the server.
1-2