3Com Switch 8800 Configuration Guide
Chapter 40 AAA and RADIUS/ Protocol Con
figuration
40-1
Chapter 40 AAA and RADIUS/ Protocol
Configuration
40.1 AAA and RADIUS/ Protocol Overview
40.1.1 AAA Overview
Authentication, Authorization and Accounting (AAA) provide a uniform framework used
for configuring these three security functions to implement the network security
management.
The network security mentioned here refers to access control and it includes:
z
Which user can access the network server?
z
Which service can the authorized user enjoy?
z
How to keep accounts for the user who is using network resource?
Accordingly, AAA shall provide the following services:
z
Authentication: authenticates if the user can access the network sever.
z
Authorization: authorizes the user with specified services.
z
Accounting: traces network resources consumed by the user.
Generally, AAA adopts Client/Server architecture, with its client running at the managed
side and its server centralizes and stores the user information. Therefore AAA
framework takes good scalability, and is easy to realize the control and centralized
management of user information.
40.1.2 RADIUS Protocol Overview
As mentioned above, AAA is a management framework, so it can be implemented by
some protocols. RADIUS is such a protocol frequently used.
I. What is RADIUS
Remote Authentication Dial-In User Service, RADIUS for short, is a kind of distributed
information switching protocol in Client/Server architecture. RADIUS can prevent the
network from interruption of unauthorized access and it is often used in the network
environments requiring both high security and remote user access. For example, it is
often used for managing a large number of scattering dial-in users who use serial ports
and modems. RADIUS system is the important auxiliary part of Network Access Server
(NAS).
After RADIUS system is started, if the user wants to have right to access other network
or consume some network resources through connection to NAS (dial-in access server