Manualsbrain.com
  1. Manuals
  2. Brands
  3. 3com
  4. WX3000
  5. User Manual

3com WX3000 User Manual

Download
Page of 715
 
1-2 
Local authorization: Users are authorized according to the related attributes configured for their 
local accounts on this device. 
RADIUS authorization: Users are authorized after they pass RADIUS authentication. In RADIUS 
protocol, authentication and authorization are combined together, and authorization cannot be 
performed alone without authentication. 
HWTACACS authorization: Users are authorized by a TACACS server. 
Accounting 
AAA supports the following accounting methods: 
None accounting: No accounting is performed for users. 
Remote accounting: User accounting is performed on a remote RADIUS or TACACS server. 
Introduction to ISP Domain 
An Internet service provider (ISP) domain is a group of users who belong to the same ISP. For a user 
name in the format of userid@isp-name or userid.isp-name, the isp-name following the "@" or “.” 
character is the ISP domain name. The access device uses userid as the user name for authentication, 
and isp-name as the domain name. 
In a multi-ISP environment, the users connected to the same access device may belong to different 
domains. Since the users of different ISPs may have different attributes (such as different forms of user 
name and password, different service types/access rights), it is necessary to distinguish the users by 
setting ISP domains. 
You can configure a set of ISP domain attributes (including AAA policy, RADIUS scheme, and so on) for 
each ISP domain independently in ISP domain view. 
Introduction to AAA Services 
Introduction to RADIUS 
AAA is a management framework. It can be implemented by not only one protocol. But in practice, the 
most commonly used service for AAA is RADIUS. 
What is RADIUS 
RADIUS (remote authentication dial-in user service) is a distributed service based on client/server 
structure. It can prevent unauthorized access to your network and is commonly used in network 
environments where both high security and remote user access service are required. 
The RADIUS service involves three components: 
Protocol: Based on the UDP/IP layer, RFC 2865 and 2866 define the message format and 
message transfer mechanism of RADIUS, and define 1812 as the authentication port and 1813 as 
the accounting port. 
Server: RADIUS Server runs on a computer or workstation at the center. It stores and maintains 
user authentication information and network service access information. 
Client: RADIUS Client runs on network access servers throughout the network. 
RADIUS operates in the client/server model.  
A device acting as a RADIUS client passes user information to a specified RADIUS server, and 
takes appropriate action (such as establishing/terminating user connection) depending on the 
responses returned from the server.