3com 8807 User Guide
26
AAA
AND
RADIUS/HWTACACS
P
ROTOCOL
C
ONFIGURATION
AAA and
RADIUS/HWTACACS
Protocol Overview
RADIUS/HWTACACS
Protocol Overview
AAA Overview
Authentication, Authorization and Accounting (AAA) provide a uniform
framework used for configuring these three security functions to implement the
network security management.
framework used for configuring these three security functions to implement the
network security management.
The network security mentioned here refers to access control and it includes:
■
Which user can access the network server?
■
Which service can the authorized user enjoy?
■
How to keep accounts for the user who is using network resource?
Accordingly, AAA shall provide the following services:
■
Authentication: authenticates if the user can access the network sever.
■
Authorization: authorizes the user with specified services.
■
Accounting: traces network resources consumed by the user.
Generally, AAA adopts Client/Server architecture, with its client running at the
managed side and its server centralizes and stores the user information. Therefore
AAA framework takes good scalability, and is easy to realize the control and
centralized management of user information.
managed side and its server centralizes and stores the user information. Therefore
AAA framework takes good scalability, and is easy to realize the control and
centralized management of user information.
RADIUS Protocol
Overview
As mentioned above, AAA is a management framework, so it can be implemented
by some protocols. RADIUS is such a protocol frequently used.
by some protocols. RADIUS is such a protocol frequently used.
What is RADIUS
Remote Authentication Dial-In User Service, RADIUS for short, is a kind of
distributed information switching protocol in Client/Server architecture. RADIUS
can prevent the network from interruption of unauthorized access and it is often
used in the network environments requiring both high security and remote user
access. For example, it is often used for managing a large number of scattering
dial-in users who use serial ports and modems. RADIUS system is the important
auxiliary part of Network Access Server (NAS).
distributed information switching protocol in Client/Server architecture. RADIUS
can prevent the network from interruption of unauthorized access and it is often
used in the network environments requiring both high security and remote user
access. For example, it is often used for managing a large number of scattering
dial-in users who use serial ports and modems. RADIUS system is the important
auxiliary part of Network Access Server (NAS).
After RADIUS system is started, if the user wants to have right to access other
network or consume some network resources through connection to NAS (dial-in
access server in PSTN environment or Ethernet switch with access function in
Ethernet environment), NAS, namely RADIUS client end, will transmit user AAA
network or consume some network resources through connection to NAS (dial-in
access server in PSTN environment or Ethernet switch with access function in
Ethernet environment), NAS, namely RADIUS client end, will transmit user AAA