Introduction To Radius Protocol - H3C SecPath F1800-A Operation Manual

Operation Manual - Security Defence
H3C SecPath F1800-A Firewall
It completely trusts users and does not check their validity. It is not used usually.
Local authentication
It configures the user information, including the user name, password and attributes,
on a Broadband Access Server (BAS). Its advantage lies in fast processing speed,
which reduces the operation cost. Its disadvantage is that information storage
capacity is limited by its hardware.
Remote authentication
It authenticates the user over RADIUS or HWTACACS protocol. BAS acts as client to
communicate with RADIUS or HWTACACS server. RADIUS protocol can be either
the standard RADIUS protocol or the extended RADIUS protocol of Huawei-3Com,
and cooperates with iTELLIN or CAMS to complete the authentication.
II. Authorization
AAA supports the following authorization modes:
Direct authorization
It completely trusts users and directly authorizes them to pass through.
Local authorization
It authorizes users based on the relative attributes of the local user account
configured on the BAS.
HWTACACS authorization
It authorizes users through the HWTACACS server.
If-authenticated authorization
It authorizes users that pass through local or remote authentication.
RADIUS authorization
It authorizes users after they pass through the RADIUS authentication.
III. Accounting
AAA supports the following accounting modes:
None accounting
Services are free.
Remote accounting
It supports the remote accounting through the RADIUS or HWTACACS server.

5.1.2 Introduction to RADIUS Protocol

AAA can be fulfilled over various protocols, in which RADIUS protocol is a common
one. The RADIUS is first used to manage a large number of scattered users that use
6-87
Chapter 5 AAA