Operation Manual – AAA & RADIUS & HWTACACS & EADH3C S7500 Series Ethernet SwitchesChapter 1 AAA & RADIUS & HWTACACSConfiguration1-31.1.3 Introduction to RADIUSAAA is a management framework. It can be implemented through more than oneprotocol. In practice, the most commonly used protocol for AAA is RADIUS.I. What is RADIUSRADIUS (remote authentication dial-in user service) is a distributed informationexchange protocol based on a client/server model. It can prevent unauthorized accessto the network and is commonly used in network environments where both high securityand remote user access are required.The RADIUS service comprises three components:z Protocol: Based on the UDP/IP layer, RFC 2865 and 2866 define the frame formatand message transfer mechanism of RADIUS, and assign port number 1812 forauthentication and 1813 for accounting.z Server: RADIUS server runs on a central computer or workstation. It stores andmaintains the information about user authentication and network service access.z Client: RADIUS clients run on the dial-in access server device. They can bedeployed anywhere in the network.RADIUS is based on a client/server model. When serving as a RADIUS client, theswitch passes user information to a designated RADIUS server, and acts (such asconnecting/disconnecting users) depending on the responses returned from the server.The RADIUS server receives user's connection requests, authenticates users, andreturns all the required information to the switch.Generally, the RADIUS server maintains the following three databases (as shown inFigure 1-1):z Users: This database stores information about users (such as user name,password, protocol used, and IP address).z Clients: This database stores the information about RADIUS clients (such asshared keys).z Dictionary: This database stores the information used to interpret the attributesand attribute values of the RADIUS protocol.RADIUS serverUsers Clients DictionaryRADIUS serverUsers Clients DictionaryFigure 1-1 Databases in a RADIUS server