The RADIUS server receives user connection requests, authenticates users, and returns all
required information to the device.
Generally, a RADIUS server maintains the following three databases (see
Users: This database stores information about users (such as user name, password, protocol
adopted and IP address).
Clients: This database stores information about RADIUS clients (such as shared key).
Dictionary: The information stored in this database is used to interpret the attributes and attribute
values in the RADIUS protocol.
Figure 1-1 Databases in a RADIUS server
RADIUS servers
User
In addition, a RADIUS server can act as a client of some other AAA server to provide authentication or
accounting proxy service.
Basic message exchange procedure in RADIUS
The messages exchanged between a RADIUS client and a RADIUS server are verified through a
shared key. This enhances the security. The RADIUS protocol combines the authentication and
authorization processes together by sending authorization information along with the authentication
response message.
Figure 1-2
RADIUS server.
Figure 1-2 Basic message exchange procedure of RADIUS
Host
The user inputs the user
( 1 )
name and password
( 9 ) Inform the user the access is ended
The basic message exchange procedure of RADIUS is as follows:
1)
The user enters the user name and password.
Clients
Dictionary
depicts the message exchange procedure between the user, device and
RADIUS Client
(4 )
( 6 ) The user begins to access resources
RADIUS Server
( 2 )
Access -Request
( 3 )
Access -Accept
Accounting-Request (start)
( 5 )
Accounting-Response
( 7 ) Accounting-Request (stop)
( 8 ) Accounting-Response
1-3
Figure
1-1):