Accounting; Introduction To Isp Domain; Introduction To Aaa Services; Introduction To Radius - H3C S5100-SI Series Operation Manual
Hide thumbs
Also See for S5100-SI Series:
- Operation manual (830 pages) ,
- Installation manual (104 pages) ,
- Quick start manual (78 pages)
Table of Contents
Advertisement
Operation Manual – AAA
H3C S5100-SI/EI Series Ethernet Switches
RADIUS authorization: Users are authorized after they pass RADIUS
authentication. In RADIUS protocol, authentication and authorization are
combined together, and authorization cannot be performed alone without
authentication.
HWTACACS authorization: Users are authorized by a TACACS server.
1.1.3 Accounting
AAA supports the following accounting methods:
None accounting: No accounting is performed for users.
Remote accounting: User accounting is performed on a remote RADIUS or
TACACS server.
1.1.4 Introduction to ISP Domain
An Internet service provider (ISP) domain is a group of users who belong to the same
ISP. For a username in the format of userid@isp-name or userid.isp-name, the
isp-name following the "@" or "." character is the ISP domain name. The access device
uses userid as the username for authentication, and isp-name as the domain name.
In a multi-ISP environment, the users connected to the same access device may
belong to different domains. Since the users of different ISPs may have different
attributes (such as different forms of username and password, different service
types/access rights), it is necessary to distinguish the users by setting ISP domains.
You can configure a set of ISP domain attributes (including AAA policy, RADIUS
scheme, and so on) for each ISP domain independently in ISP domain view.
1.2 Introduction to AAA Services
1.2.1 Introduction to RADIUS
AAA is a management framework. It can be implemented by not only one protocol. But
in practice, the most commonly used service for AAA is RADIUS.
I. What is RADIUS
Remote Authentication Dial-in User Service (RADIUS) is a distributed service based on
client/server structure. It can prevent unauthorized access to your network and is
commonly used in network environments where both high security and remote user
access service are required.
The RADIUS service involves three components:
Protocol: Based on the UDP/IP layer, RFC 2865 and 2866 define the message
format and message transfer mechanism of RADIUS, and define 1812 as the
authentication port and 1813 as the accounting port.
1-2
Chapter 1 AAA Overview
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
