1 aaa and radius, Radius, Aaa radius – Panasonic 8000 User Manual

1 AAA troubleshooting

Nortel Secure Router 8000 Series

_________ Troubleshooting - VAS

1.1.1 AAA and RADIUS

AAA

RADIUS

Authentication, Authorization, and Accounting (AAA) contains the following three types of

security services.

•

Authentication: specifies what type of user can access the network.

•

Authorization: specifies what type of service the user can use.

•

Accounting: records the network resource utilization of the user.

AAA adopts the client/server model, in which the client runs on the resource side and the

server stores information about the user. This model is extensible and provides an effective

way to manage users.

The two communication protocols used between the client and the server are as follows:

•

Remote Authentication Dial-In User Service (RADIUS) protocol

•

Huawei Terminal Access Controller Access Control System (HWTACACS) protocol
(HWTACACS is an enhancement of TACACS)

RADIUS is used for communication between the Network Access Server (NAS) and the
RADIUS server on the application layer.

RADIUS adopts the client/server model in which the client runs on the resource side and the
server stores information about the user.

To ensure reliability, RADIUS supports User Datagram Protocol (UDP) packets and a
retransmission and backup server mechanism. The authentication and accounting ports used
by RADIUS are 1645/1646 or 1812/1813.

Figure 1-1 shows the RADIUS packet format.

Figure 1-1 RADIUS message structure

0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7

/

1

Code

Identifier

Length

Authenticator

1

Attribute......

_____________

The following list describes the RADIUS message structure:

•

Code—contains 1 byte, indicating the RADIUS message type. The common code values

are as follows.

1-2

Nortel Networks Inc.

Issue 01.01 (30 March 2009)