No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Feature Description - Security 01

This is NE40E V800R010C10SPC500 Feature Description - Security
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
AAA

AAA

Basic Structure

Using the client/server model, AAA has good extensibility and facilitates centralized management over user information. Figure 2-4 shows the basic AAA structure.

Figure 2-4 Server/Client model of AAA

Authentication

AAA supports the following authentication modes:

  • Non-authentication: Users are completely trusted, and validity check is not performed. This mode is rarely used.
  • Local authentication: In this mode, user information, including the user name, password, and attributes, is configured on a Network Access Server (NAS). Local authentication features fast processing speeds at low operation cost. However, the information storage capacity is limited to the capacity of device hardware.
  • Remote authentication: In this mode, user information, including user name, password, and attributes, is configured on an authentication server. AAA can remotely authenticate users through the Remote Authentication Dial In User Service (RADIUS) protocol or the Huawei Terminal Access Controller Access Control System (HWTACACS) protocol. As the client, the NAS communicates with the RADIUS or HWTACACS server.
In addition, the three authentication modes can be combined.
  • Remote authentication when local authentication fails: In this mode, local authentication takes precedence. Remote authentication is performed only after local authentication fails.
  • Local authentication when there is no response to remote authentication: In this mode, remote authentication takes precedence. If the AAA server does not respond, local authentication is performed.
  • Non-authentication when there is no response to remote authentication: In this mode, remote authentication takes precedence. If the AAA server does not respond, non-authentication is performed.

Authorization

AAA supports the following authorization modes:

  • Non-authorization: No authorization is performed.
  • Local authorization: Users are authorized based on the attributes of local user accounts configured on the NAS.
  • HWTACACS authorization: Users are authorized through the TACACS server.
  • If-authenticated authorization: Users pass authorization after passing authentication (local or remote authentication).
  • RADIUS authorization: Users pass RADIUS authorization after passing RADIUS authentication. In other words, RADIUS integrates authentication and authorization. Therefore, RADIUS authorization cannot be performed separately.
  • Authorization for online users

    The BRAS supports dynamic authorization for online users.

    In dynamic authorization, attributes such as the user group, committed access rate (CAR), and policy name, are re-configured on the AAA server. The AAA server then delivers the attributes to the AAA module through Change of Authorization (CoA) packets and the AAA module dynamically updates the users' authorization information.

Accounting

AAA supports the following accounting modes:

  • Non-accounting: Users are not charged.
  • Remote accounting: Remote accounting is performed through the RADIUS server or HWTACACS server.
Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055047

Views: 12482

Downloads: 29

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next