Operation Manual - Security
Quidway S3000 Series Ethernet Switches
Chapter 2 AAA and RADIUS Protocol Configuration
2-1
Chapter 2 AAA and RADIUS Protocol
Configuration
2.1 AAA and RADIUS Protocol Overview
2.1.1 AAA Overview
Authentication, Authorization and Accounting (AAA) provide a uniform framework used
for configuring these three security functions to implement the network security
management.
The network security mentioned here refers to access control and it includes:
z
Which user can access the network server?
z
Which service can the authorized user enjoy?
z
How to keep accounts for the user who is using network resource?
Accordingly, AAA shall provide the following services:
z
Authentication: authenticates if the user can access the network sever.
z
Authorization: authorizes the user with specified services.
z
Accounting: traces network resources consumed by the user.
Generally applying Client/Server architecture, in which client ends run as managed
sources and the servers centralize and store user information, AAA framework owns
the good scalability, and is easy to realize the control and centralized management of
user information.
2.1.2 RADIUS Protocol Overview
As mentioned above, AAA is a management framework, so it can be implemented by
some protocols. RADIUS is such a protocol frequently used.
I. What is RADIUS
Remote Authentication Dial-In User Service, RADIUS for short, is a kind of distributed
information switching protocol in Client/Server architecture. RADIUS can prevent the
network from interruption of unauthorized access and it is often used in the network
environments requiring both high security and remote user access. For example, it is
often used for managing a large number of scattering dial-in users who use serial ports