Operation Manual – AAAH3C S5600 Series Ethernet Switches Chapter 1 AAA Overview1-31.2 Introduction to AAA Services1.2.1 Introduction to RADIUSAAA is a management framework. It can be implemented by not only one protocol. Butin practice, the most commonly used service for AAA is RADIUS.I. What is RADIUSRemote Authentication Dial-in User Service (RADIUS) is a distributed service based onclient/server structure. It can prevent unauthorized access to your network and iscommonly used in network environments where both high security and remote useraccess service are required.The RADIUS service involves three components:z Protocol: Based on the UDP/IP layer, RFC 2865 and 2866 define the messageformat and message transfer mechanism of RADIUS, and define 1812 as theauthentication port and 1813 as the accounting port.z Server: RADIUS Server runs on a computer or workstation at the center. It storesand maintains user authentication information and network service accessinformation.z Client: RADIUS Client runs on network access servers throughout the network.RADIUS operates in the client/server model.z A switch acting as a RADIUS client passes user information to a specifiedRADIUS server, and takes appropriate action (such as establishing/terminatinguser connection) depending on the responses returned from the server.z The RADIUS server receives user connection requests, authenticates users, andreturns all required information to the switch.Generally, a RADIUS server maintains the following three databases (see Figure 1-1):z Users: This database stores information about users (such as username,password, protocol adopted and IP address).z Clients: This database stores information about RADIUS clients (such as sharedkey).z Dictionary: The information stored in this database is used to interpret theattributes and attribute values in the RADIUS protocol.Figure 1-1 Databases in a RADIUS server