Operation Manual - Security
Quidway S6500 Series Ethernet Switches
Chapter 2 AAA and RADIUS Protocol
Configuration
Huawei Technologies Proprietary
2-3
II. RADIUS operation
RADIUS server generally uses proxy function of the devices like access server to
perform user authentication. The operation process is as follows: First, the user send
request message (the client username and encrypted password is included in the
message ) to RADIUS server. Second, the user will receive from RADIUS server
various kinds of response messages in which the ACCEPT message indicates that the
user has passed the authentication, and the REJECT message indicates that the user
has not passed the authentication and needs to input username and password again,
otherwise he will be rejected to access.
2.2 Configuring AAA
AAA configuration tasks include:
Table 2-1 AAA configuration
Subsectio
n
Task Command View Description
domain
System
view
Creating an ISP
domain
scheme
ISP
domain
view
Configuring the
AAA scheme
state
ISP
domain
view
Configuring the
ISP domain state
access-limit
ISP
domain
view
Configuring the
access limit
idle-cut enable
ISP
domain
view
Enabling idle-cut
function
accounting
optional
ISP
domain
view
Enabling
accounting
optional
messenger
time
ISP
domain
view
Enabling/disabli
ng message
alert
1
Creating an ISP
domain and
configuring the
related
attributes
self-service-url
ISP
domain
view
Configuring the
self-service
server URL