System Description
H3C S3600 Series Ethernet Switches
Chapter 3 Software Features
3-17
II. RADIUS
RADIUS is a distributed system in the client/server model. It can fend off invalid users
and is often used in a network environment where both high security and remote user
access are desired. For example, it can be used to manage the access based on
802.1x.
RADIUS is based on the client/server model where user authentication always involves
a device that can provide the proxy function, such as NAS. Between the RADIUS client
and server, the exchanged messages are authenticated using a shared key and user
passwords are sent encrypted over the network. The security is thus ensured.
III. HWTACACS
Huawei terminal access controller access control system (HWTACACS) is an
enhanced security protocol based on TACACS (RFC 1492). Similar to the RADIUS
protocol, HWTACACS adopts the server-client mode to implement authentication,
authorization and accounting (AAA) of different access users, including PPP users,
VPDN users and login users. (PPP: point to point protocol; VPDN: virtual private data
network)
Compared with RADIUS, HWTACACS is more reliable in transmission and encryption,
and so is more suitable for security control.
3.9.12 MAC-IP-Port Binding
After MAC-IP-port binding is enabled on a port, the port can pass IP and ARP packets
for only those hosts whose IP and MAC addresses have been bound to the port. The
binding configuration on the port neither affects the passing of other types of packets on
the port, nor affects the other ports on the switch.
3.10 Reliability
3.10.1 VRRP
Note:
A VRRP-enabled Ethernet switch can function as a router. The routers mentioned in
this manual refer to common routers and VRRP-enabled Layer 3 switches.
