No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E-M2 V800R010C10SPC500 Feature Description - User Access 01

This is NE40E-M2 V800R010C10SPC500 Feature Description - User Access
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
AAA

AAA

Basic Structure

Using the client/server model, AAA has good extensibility and facilitates centralized management over user information. Figure 2-3 shows the basic AAA structure.

Figure 2-3 Server/Client model of AAA

Authentication

AAA supports the following authentication modes:

  • Non-authentication: Users are completely trusted, and validity check is not performed. This mode is rarely used.
  • Local authentication: In this mode, user information, including the user name, password, and attributes, is configured on a Network Access Server (NAS). Local authentication features fast processing speeds at low operation cost. However, the information storage capacity is limited to the capacity of device hardware.
  • Remote authentication: In this mode, user information, including user name, password, and attributes, is configured on an authentication server. AAA can remotely authenticate users through the Remote Authentication Dial In User Service (RADIUS) protocol. As the client, the NAS communicates with the RADIUS server.
In addition, the three authentication modes can be combined.
  • Remote authentication when local authentication fails: In this mode, local authentication takes precedence. Remote authentication is performed only after local authentication fails.
  • Local authentication when there is no response to remote authentication: In this mode, remote authentication takes precedence. If the AAA server does not respond, local authentication is performed.
  • Non-authentication when there is no response to remote authentication: In this mode, remote authentication takes precedence. If the AAA server does not respond, non-authentication is performed.

Authorization

AAA supports the following authorization modes:

  • Non-authorization: No authorization is performed.
  • Local authorization: Users are authorized based on the attributes of local user accounts configured on the NAS.
  • If-authenticated authorization: Users pass authorization after passing authentication (local or remote authentication).
  • RADIUS authorization: Users pass RADIUS authorization after passing RADIUS authentication. In other words, RADIUS integrates authentication and authorization. Therefore, RADIUS authorization cannot be performed separately.
  • Authorization for online users

    The BRAS supports dynamic authorization for online users.

    In dynamic authorization, attributes such as the user group, committed access rate (CAR), and policy name, are re-configured on the AAA server. The AAA server then delivers the attributes to the AAA module through Change of Authorization (CoA) packets and the AAA module dynamically updates the users' authorization information.

Accounting

AAA supports the following accounting modes:

  • Non-accounting: Users are not charged.
  • Remote accounting: Remote accounting is performed through the RADIUS server.
Download
Updated: 2019-01-02

Document ID: EDOC1100058415

Views: 15076

Downloads: 9

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next