3Com 7700 Configuration Manual page 194

Hide thumbs Also See for 7700:

Configuration manual (390 pages)

Installation manual (59 pages)

Datasheet (8 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

Table of Contents

186

9: AAA

HAPTER

AND

RADIUS O

PERATION

Authorizes the user with specified services.

■

Accounts for network resources that are consumed by the user.

■

Generally, by applying client/server architecture, AAA framework boasts the

following advantages:

Good scalability.

■

Able to use standard authentication schemes.

■

Easy control and convenient for centralized management of user information.

■

Able to use multiple-level backup systems to enhance the security of the whole

■

framework.

As mentioned above, AAA is a management framework, so it can be implemented

by some protocols. RADIUS is frequently used.

Remote Authentication Dial-In User Service, RADIUS for short, is distributed

information switching protocol in Client/Server architecture. RADIUS can prevent

the network from interruption of unauthorized access and it is often used in the

network environments requiring both high security and remote user access. For

example, it is often used for managing a large number of scattering dial-in users

who use serial ports and modems. RADIUS system is the important auxiliary part of

Network Access Server (NAS).

After RADIUS system is started, if the user wants to access other networks or use

network resources through connection to NAS (dial-in access server in PSTN

environment or Ethernet switch with access function in Ethernet environment),

NAS, namely RADIUS client end and will transmit user AAA request to the RADIUS

server. RADIUS server has a user database recording all the information of user

authentication and network services. When receiving user's request from NAS,

RADIUS server performs AAA through user database query and update and

returns the configuration information and accounting data to NAS. NAS then

controls supplicant and corresponding connections, while RADIUS protocol

regulates how to transmit configuration and accounting information between

NAS and RADIUS.

NAS and RADIUS exchange the information with UDP packets. During the

interaction, both sides encrypt the packets with keys before uploading user

configuration information (like password etc.) to avoid being intercepted or stolen.

RADIUS server generally uses proxy function of the devices like access server to

perform user authentication. The operation process is as follows:

1 Send client username and encrypted password to RADIUS server.

2 User receives one of the following response messages:

ACCEPT: Indicates that the user has passed the authentication

■

REJECT: Indicates that the user has not passed the authentication and needs to

■

input username and password again, otherwise he will be rejected to access.

Implementing AAA/RADIUS on Ethernet Switch

By now, we understand that in the Switch 7700, serving as the user access device

or NAS, is the client end of RADIUS. In other words, the AAA/RADIUS concerning

Table of Contents

3Com 7700 Configuration Manual page 194

Troubleshooting

Related Products for 3Com 7700

3Com 7700 Configuration Manual page 194

Troubleshooting

Related Manuals for 3Com 7700

Related Products for 3Com 7700

Table of Contents