Table of Contents
Advertisement
272
C
11: 802.1
HAPTER
AAA and RADIUS
Protocol
Configuration
RADIUS Protocol
Overview
C
X
ONFIGURATION
Authentication, Authorization and Accounting (AAA) provide a uniform
framework used for configuring these three security functions to implement the
network security management.
The network security mentioned here refers to access control and it includes:
Which user can access the network server?
■
Which service can the authorized user enjoy?
■
How to keep accounts for the user who is using the network resource?
■
Accordingly, AAA provides the following services:
Authentication: authenticates if the user can access the network server.
■
Authorization: authorizes the user with specified services.
■
Accounting: traces network resources consumed by the user.
■
As mentioned above, AAA is a management framework, so it can be implemented
by some protocols. RADIUS is such a protocol that is frequently used.
What is RADIUS?
Remote Authentication Dial-In User Service, RADIUS for short, is a type of
distributed information switching protocol in Client/Server architecture. RADIUS
can prevent the network from interruption of unauthorized access and it is often
used in the network environments requiring both high security and remote user
access. For example, it is often used for managing a large number of scattering
dial-in users who use serial ports and modems. RADIUS system is the important
auxiliary part of Network Access Server (NAS).
After RADIUS system is started, if the user wants to have the right to access other
networks or consume some network resources through connection to NAS (dial-in
access server in PSTN environment or a Switch with the access function in an
Ethernet environment), NAS, namely RADIUS client end, will transmit user AAA
request to the RADIUS server. A RADIUS server has a user database recording all
the information of user authentication and network service access. When
receiving a user's request from NAS, the RADIUS server performs AAA through
user database query and update and returns the configuration information and
accounting data to NAS. Here, NAS controls users and corresponding connections,
while the RADIUS protocol regulates how to transmit configuration and
accounting information between NAS and RADIUS.
NAS and RADIUS exchange the information with UDP packets. During the
interaction, both sides encrypt the packets with keys before uploading user
configuration information (for example, password) to avoid being intercepted or
stolen.
RADIUS Operation
A RADIUS server generally uses proxy function of the devices such as an access
server to perform user authentication. The operation process is as follows: First,
the user sends a request message (the client username and encrypted password is
included in the message ) to the RADIUS server. Second, the user will receive from
- Quick Links:
- Configuration Guide
Hide quick links:
Advertisement
Table of Contents
