.................................................................................................................................... ........................................................................................................................
What is 8950 AAA?Introduction to 8950 AAA
1-2 365-360-001 R6.0
Issue 1, December 2008
.................................................................................................................................... ........................................................................................................................
Figure 1-1 Accessing a Service
The NAS places this information into a RADIUS data packet called an Access-Request.
This data packet identifies the NAS, the port used for connection, the user name, the
password, and other information about the session.
The Access-Request is sent from the client to the server and asks the server if the user is
allowed to use the requested services and access the network.
The process the server then follows may include the following actions, although none are
required:
•Finding information about the user
•Validating the user’s identity against information in a user profile
•Returning an answer (accept or reject) to the RADIUS client
A user profile contains information about a user that 8950 AAA uses to process a
RADIUS request. The information usually includes the user name and password, and
might include other information needed to implement local access policies. User profiles
can be stored in files, databases, directories, Web-based services, etc. We call the location
of the user profile the user source.
If local policy requirements are met then an authentication acknowledgement called an
Access-Accept, is sent to the NAS along with other information defining specific settings
for the user session. If local policy requirements are not matched, then the Access-Request
is rejected by sending an Access-Reject message to the NAS.
USER
8950 AAA SERVER
REQUEST
FOR
SERVICE
ACCESS-
REQUEST
ACCESS
RESPONSE
SESSION
STARTS
NETWORK
ACCESS
SERVER
(NAS)
Radius
Server
Configuration
Server
UNIVERSAL
STATE
SERVER
USSV2
Server
Configuration