Radius - HP 5500 HI Series Configuration Manual
Security
Hide thumbs
Also See for 5500 HI Series:
- Installation manual (72 pages) ,
- Compliance and safety manual (62 pages) ,
- Quickspecs (35 pages)
Table of Contents
Advertisement
RADIUS
Remote Authentication Dial-In User Service (RADIUS) is a distributed information interaction protocol that
uses a client/server model. It can protect networks against unauthorized access and is often used in
network environments where both high security and remote user access are required.
RADIUS uses UDP as the transport protocol. It uses UDP port 1812 for authentication and UDP port 1813
for accounting.
RADIUS was originally designed for dial-in user access. With the addition of new access methods,
RADIUS has been extended to support additional access methods, such as Ethernet and ADSL. RADIUS
provides access authentication and authorization services, and its accounting function collects and
records network resource usage information.
Client/server model
The RADIUS client runs on the NASs located throughout the network. It passes user information to
designated RADIUS servers and acts on the responses (for example, rejects or accepts user access
requests).
The RADIUS server runs on the computer or workstation at the network center and maintains information
related to user authentication and network service access. It listens to connection requests, authenticates
users, and returns user access control information (for example, rejecting or accepting the user access
request) to the clients.
In general, the RADIUS server maintains the following databases: Users, Clients, and Dictionary.
Figure 2 RADIUS server components
Users
•
Users—Stores user information, such as usernames, passwords, applied protocols, and IP
addresses.
Clients—Stores information about RADIUS clients, such as shared keys and IP addresses.
•
Dictionary—Stores RADIUS protocol attributes and their values.
•
Security and authentication mechanisms
A RADIUS client and the RADIUS server use the shared key to authenticate RADIUS packets and encrypt
user passwords that are exchanged between them. The keys are never transmitted over the network. This
security mechanism improves the security of RADIUS communication and prevents user passwords from
being intercepted on insecure networks.
A RADIUS server supports multiple user authentication methods. A RADIUS server can also act as the
client of another AAA server to provide authentication proxy services.
Basic RADIUS message exchange process
Figure 3
illustrates the interactions between the host, the RADIUS client, and the RADIUS server.
RADIUS servers
Clients
Dictionary
2
- Quick Links:
- Configuration Guide
- Configuring Aaa
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
