Operation Manual – AAA & RADIUS & HWTACACS & EAD
Quidway S3900 Series Ethernet Switches-Release 1510
Chapter 1 AAA & RADIUS & HWTACACS
Configuration
Huawei Technologies Proprietary
1-3
z Server: The RADIUS server runs on a computer or workstation at the center. It
stores and maintains the information on user authentication and network service
access.
z Client: The RADIUS clients run on the dial-in access server device. They can be
deployed anywhere in the network.
RADIUS is based on client/server model. Acting as a RADIUS client, the switch passes
user information to a designated RADIUS server, and makes processing (such as
connecting/disconnecting users) depending on the responses returned from the server.
The RADIUS server receives user's connection requests, authenticates users, and
returns all required information to the switch.
Generally, the RADIUS server maintains the following three databases (as shown in
Figure 1-1):
z Users: This database stores information about users (such as user name,
password, adopted protocol and IP address).
z Clients: This database stores the information about RADIUS clients (such as
shared keys).
z Dictionary: This database stores the information used to interpret the attributes
and attribute values of the RADIUS protocol.
RADIUS server
Users Clients
Dictionary
RADIUS server
Users Clients
Dictionary
Figure 1-1 Databases in RADIUS server
In addition, the RADIUS server can act as the client of some other AAA server to
provide the authentication or accounting proxy service.
II. Basic message exchange procedure of RADIUS
The messages exchanged between a RADIUS client (a switch, for example) and the
RADIUS server are verified by using a shared key. This enhances the security. The
RADIUS protocol combines the authentication and authorization processes together by
sending authorization information in the authentication response message.
Figure 1-2
depicts the message exchange procedure between user, switch and RADIUS server.
To Next Page
Loading...
