H3C S7500 Series Operation Manual page 526
Hide thumbs
Also See for S7500 Series:
- Installation manual (79 pages) ,
- Operation manual (47 pages) ,
- Command manual (39 pages)
Table of Contents
Advertisement
Operation Manual – AAA & RADIUS & HWTACACS & EAD
H3C S7500 Series Ethernet Switches
In addition, the RADIUS server can act as a proxy client to other AAA servers to provide
the authentication or accounting service.
II. Basic message exchange procedure of RADIUS
The messages exchanged between a RADIUS client (a switch, for example) and the
RADIUS server are verified by using a shared key. This enhances the security. The
RADIUS protocol combines the authentication and authorization processes together by
sending authorization information in the authentication response message.
depicts the message exchange procedure between user, switch and RADIUS server.
PC
PC
PC
PC
(1) The user inputs the user name and password
(1) The user inputs the user name and password
(1) The user inputs the user name and password
(1) The user inputs the user name and password
(9) Inform the user the access is ended
(9) Inform the user the access is ended
(9) Inform the user the access is ended
(9) Inform the user the access is ended
Figure 1-2 Basic message exchange procedure of RADIUS
The basic message exchange procedure of RADIUS is as follows:
1)
The user enters the user name and password.
2)
The RADIUS client receives the user name and password and then sends an
authentication request (Access-Request) to the RADIUS server.
3)
The RADIUS server compares the received user information with that in the Users
database to perform authentication for the user. If the authentication succeeds, the
RADIUS server sends back an authentication response (Access-Accept), which
contains the information about the rights authorized to the user, to the RADIUS
client. If the authentication fails, the RADIUS server returns an Access-Reject
response.
4)
The RADIUS client accepts or denies the user depending on the received
authentication result. If the user is authenticated, the RADIUS client sends a
RADIUS
RADIUS
RADIUS
RADIUS
client
Client
client
Client
(2) Access -Request
(2) Access -Request
(2) Access -Request
(2) Access -Request
(3) Access -Accept
(3) Access -Accept
(3) Access -Accept
(3) Access -Accept
(4) Accounting -Request (start)
(4) Accounting -Request (start)
(4) Accounting -Request (start)
(4) Accounting -Request (start)
(5) Accounting -Response
(5) Accounting -Response
(5) Accounting -Response
(5) Accounting -Response
(6) The user starts to access the resources
(6) The user starts to access the resources
(6) The user starts to access the resources
(6) The user starts to access the resources
(7) Accounting - Request (sto
(7) Accounting - Request (sto
(7) Accounting - Request (sto
(7) Accounting - Request (sto
(8) Accounting -Response
(8) Accounting -Response
(8) Accounting -Response
(8) Accounting -Response
1-4
Chapter 1 AAA & RADIUS & HWTACACS
p)
p)
p)
p)
Configuration
Figure 1-2
RADIUS
RADIUS
RADIUS
RADIUS
server
Server
server
Server
Advertisement
Chapters
Table of Contents
Troubleshooting
