H3C Technologies H3C WX3000 Series Unified Switches User Manual
Page 246
25-3
z
A device acting as a RADIUS client passes user information to a specified RADIUS server, and
takes appropriate action (such as establishing/terminating user connection) depending on the
responses returned from the server.
z
The RADIUS server receives user connection requests, authenticates users, and returns all
required information to the device.
Generally, a RADIUS server maintains the following three databases (see
z
Users: This database stores information about users (such as user name, password, protocol
adopted and IP address).
z
Clients: This database stores information about RADIUS clients (such as shared key).
z
Dictionary: The information stored in this database is used to interpret the attributes and attribute
values in the RADIUS protocol.
Figure 26-1
Databases in a RADIUS server
RADIUS servers
User
Clients
Dictionary
In addition, a RADIUS server can act as a client of some other AAA server to provide authentication or
accounting proxy service.
Basic message exchange procedure in RADIUS
The messages exchanged between a RADIUS client and a RADIUS server are verified through a
shared key. This enhances the security. The RADIUS protocol combines the authentication and
authorization processes together by sending authorization information along with the authentication
response message.
depicts the message exchange procedure between the user, device
and RADIUS server.