beautypg.com

Protocols and standards, Radius attributes, Commonly used standard radius attributes – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

Page 26

background image

12

Login users—Users who want to log in to the device, including SSH users, Telnet users, Web users,

FTP users, and terminal users.

Portal users—Users who must pass portal authentication to access the network.

PPP users—Users who access through PPP.

In addition, AAA provides the following services for login users to enhance device security:

Command authorization—Enables the NAS to defer to the authorization server to determine
whether a command entered by a login user is permitted for the user, making sure that login users

execute only commands they are authorized to execute. For more information about command

authorization, see Fundamentals Configuration Guide.

Command accounting—Allows the accounting server to record all commands executed on the
device or all authorized commands successfully executed. For more information about command

accounting, see Fundamentals Configuration Guide.

Level switching authentication—Allows the authentication server to authenticate users who perform
privilege level switching. As long as passing level switching authentication, users can switch their

user privilege levels, without logging out and disconnecting current connections. For more

information about user privilege level switching, see Fundamentals Configuration Guide.

You can configure different authentication, authorization, and accounting methods for different users in
a domain. See "

Configuring AAA methods for ISP domains

."

Protocols and standards

The following protocols and standards are related to AAA, RADIUS, HWTACACS, and LDAP:

RFC 2865, Remote Authentication Dial In User Service (RADIUS)

RFC 2866, RADIUS Accounting

RFC 2867, RADIUS Accounting Modifications for Tunnel Protocol Support

RFC 2868, RADIUS Attributes for Tunnel Protocol Support

RFC 2869, RADIUS Extensions

RFC 1492, An Access Control Protocol, Sometimes Called TACACS

RFC 1777, Lightweight Directory Access Protocol

RFC 2251, Lightweight Directory Access Protocol (v3)

RADIUS attributes

Commonly used standard RADIUS attributes

No. Attribute

Description

1

User-Name

Name of the user to be authenticated.

2 User-Password

User password for PAP authentication, present only in Access-Request packets in
PAP authentication mode.

3 CHAP-Password

Digest of the user password for CHAP authentication, present only in
Access-Request packets in CHAP authentication mode.

4 NAS-IP-Address

IP address for the server to identify a client. Usually, a client is identified by the IP
address of the access interface of the NAS, namely the NAS IP address. This
attribute is present in only Access-Request packets.