No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


NE40E-M2 V800R010C10SPC500 Feature Description - User Access 01

This is NE40E-M2 V800R010C10SPC500 Feature Description - User Access
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Overview of AAA and User Management

Overview of AAA and User Management


Authentication, Authorization, and Accounting (AAA) refers to a combination of security-related technologies used to authenticate and authorize users, as well as to account for the service provided to the users.
  • Authentication: checks whether a user has the rights to access the network.
  • Authorization: authorizes a user so that the user can use a specified service.
  • Accounting: records the usage of network resources for charging purposes.
AAA uses the client/server model. This model features good extensibility and facilitates centralized management over user information, as shown in Figure 2-1.
Figure 2-1 AAA networking


AAA provides authentication, authorization, and accounting for users.


AAA offers the following benefits:

AAA enhances system security by preventing invalid login.


As one of the commonly-used protocols that implement Authentication, Authorization and Accounting (AAA), RADIUS was initially used to manage a large number of geographically-dispersed users that use serial ports and modems. Now it is widely used in the Network Access Server (NAS) system.

In a NAS system, a user must set up a connection with the NAS through a network, such as a telephony network, to obtain the rights to access certain networks or to use certain network resources. In this case, the NAS is in charge of authenticating the user or the connection.

Specifically, the NAS sends the user information to the RADIUS server. RADIUS prescribes how to transmit the user information and accounting information between the NAS and RADIUS servers. Upon receiving requests from users, the RADIUS server authenticates the users and then sends the required configuration information back to the NAS.

The authentication information is transmitted with key encryption between the NAS and RADIUS server to protect the user passwords on less secure networks.

Figure 2-2 shows the format of a RADIUS packet.

Figure 2-2 RADIUS packet format

A RADIUS packet has the following fields:

  • Code: indicates the message type, such as access request, access permit, or accounting request.

  • Identifier: contains numerics in ascending order. It is used to match the request packets and response packets.

  • Length: indicates the total length of all fields.

  • Authenticator: authenticates the reply from the RADIUS server.

  • Attribute: contains user-specific attributes.

Updated: 2019-01-02

Document ID: EDOC1100058415

Views: 14854

Downloads: 9

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next