Security And Authentication Mechanisms; Basic Message Exchange Process Of Radius - 3Com 4210G Series Configuration Manual

Figure 1-2 RADIUS server components
Users: Stores user information such as the usernames, passwords, applied protocols, and IP
addresses.
Clients: Stores information about RADIUS clients, such as the shared keys and IP addresses.
Dictionary: Stores information about the meanings of RADIUS protocol attributes and their values.

Security and Authentication Mechanisms

Information exchanged between a RADIUS client and the RADIUS server is authenticated with a
shared key, which is never transmitted over the network. This enhances the information exchange
security. In addition, to prevent user passwords from being intercepted in non-secure networks,
RADIUS encrypts passwords before transmitting them.
A RADIUS server supports multiple user authentication methods, for example, the Password
Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP). Moreover, a
RADIUS server can act as the client of another AAA server to provide authentication proxy services.

Basic Message Exchange Process of RADIUS

Figure 1-3 illustrates the interaction of the host, the RADIUS client, and the RADIUS server.
Figure 1-3 Basic message exchange process of RADIUS
Host
1) Username and password
9) Notification of access termination
The following is how RADIUS operates:
RADIUS client
2) Access-Request
3) Access-Accept/Reject
4) Accounting-Request (start)
5) Accounting-Response
6) The host accesses the resources
7) Accounting-Request (stop)
8) Accounting-Response
1-3
RADIUS server