Introduction To Aaa Services; Introduction To Radius - H3C S3100-52P Operation Manual

Operation Manual – AAA
H3C S3100-52P Ethernet switch

1.2 Introduction to AAA Services

1.2.1 Introduction to RADIUS

AAA is a management framework. It can be implemented by not only one protocol. But
in practice, the most commonly used service for AAA is RADIUS.
I. What is RADIUS
Remote Authentication Dial-in User Service (RADIUS) is a distributed service based on
client/server structure. It can prevent unauthorized access to your network and is
commonly used in network environments where both high security and remote user
access service are required.
The RADIUS service involves three components:
Protocol: Based on the UDP/IP layer, RFC 2865 and 2866 define the message
format and message transfer mechanism of RADIUS, and define 1812 as the
authentication port and 1813 as the accounting port.
Server: RADIUS Server runs on a computer or workstation at the center. It stores
and maintains user authentication information and network service access
information.
Client: RADIUS Client runs on network access servers throughout the network.
RADIUS operates in the client/server model.
A switch acting as a RADIUS client passes user information to a specified
RADIUS server, and takes appropriate action (such as establishing/terminating
user connection) depending on the responses returned from the server.
The RADIUS server receives user connection requests, authenticates users, and
returns all required information to the switch.
Generally, a RADIUS server maintains the following three databases (see
Users: This database stores information about users (such as username,
password, protocol adopted and IP address).
Clients: This database stores information about RADIUS clients (such as shared
key).
Dictionary: The information stored in this database is used to interpret the
attributes and attribute values in the RADIUS protocol.
Figure 1-1 Databases in a RADIUS server
1-3
Chapter 1 AAA Overview
Figure 1-1):