Table of Contents
Advertisement
Configuring RADIUS
Overview
Remote Authentication Dial-In User Service (RADIUS) is a distributed information interaction
protocol that uses a client/server model to implement AAA. It can protect networks against
unauthorized access and is often used in network environments that require both high security and
remote user access. For more information about AAA, see
RADIUS uses UDP port 1812 for authentication and UDP port 1813 for accounting.
RADIUS was originally designed for dial-in user access. With the addition of new access methods,
RADIUS has been extended to support additional access methods, including Ethernet and ADSL.
RADIUS provides access authentication, authorization, and accounting services. The accounting
function collects and records network resource usage information.
Client/server model
RADIUS clients run on NASs located throughout the network. NASs pass user information to
RADIUS servers, and determine to reject or accept user access requests depending on the
responses from RADIUS servers.
The RADIUS server runs on the computer or workstation at the network center and maintains
information related to user authentication and network service access. It receives connection
requests, authenticates users, and returns access control information (for example, rejecting or
accepting the user access request) to the clients.
The RADIUS server typically maintains the following databases: Users, Clients, and Dictionary.
See
Figure
Figure 311 RADIUS server databases
•
Users—Stores user information such as usernames, passwords, applied protocols, and IP
addresses.
•
Clients—Stores information about RADIUS clients, such as shared keys and IP addresses.
•
Dictionary—Stores RADIUS protocol attributes and their values.
Security and authentication mechanisms
The RADIUS client and the RADIUS server use a shared key to authenticate RADIUS packets and
encrypt user passwords exchanged between them. For security, this key must be manually
configured on the client and the server.
RADIUS servers support multiple authentication protocols, including PPP PAP and CHAP. A
RADIUS server can act as the client of another AAA server to provide authentication proxy services.
311.
"Configuring
293
AAA."
Hide quick links:
Advertisement
Table of Contents
