Operation Manual – AAA RADIUS HWTACACSH3C S7500E Series Ethernet SwitchesChapter 1 AAA/RADIUS/HWTACACSConfiguration1-3AAA can be implemented through multiple protocols. Currently, the device supportsusing RADIUS and HWTACACS for AAA, and RADIUS is often used in practice.1.1.2 Introduction to RADIUSRemote Authentication Dial-In User Service (RADIUS) is a distributed informationinteraction protocol in the client/server model. RADIUS can protect networks againstunauthorized access and is often used in network environments where both highsecurity and remote user access are required. Based on UDP, RADIUS defines theRADIUS packet format and the message transfer mechanism, and uses UDP port 1812as the authentication port and 1813 as the accounting port.RADIUS was originally designed for dial-in user access. With the diversification ofaccess methods, RADIUS has been extended to support more access methods, forexample, Ethernet access and ADSL access. It uses authentication and authorizationto provide access service and uses accounting to collect and record usage of networkresources by users.I. Client/server modelz Client: The RADIUS client runs on the NASs located throughout the network. Itpasses user information to designated RADIUS servers and acts on the response(for example, rejects or accepts user access requests).z Server: The RADIUS server runs on the computer or workstation at the networkcenter and maintains information related to user authentication and networkservice access. It authenticates a user after receiving a connection request andreturns the processing result (for example, rejecting or accepting user accessrequests) to the client.In general, the RADIUS server maintains three databases, namely, Users, Clients, andDictionary, as shown in Figure 1-2:Figure 1-2 RADIUS server componentsz Users: Stores user information such as the username, password, appliedprotocols, and IP address.z Clients: Stores information about RADIUS clients such as the shared keys and IPaddresses.z Dictionary: Stores the information for interpreting RADIUS protocol attributes andtheir values.