Information About RADIUS
AAA Overview
AAA stands for Authentication, Authorization and Accounting.
AAA is actually a management of network security. Here, the network security mainly refers to the access control, including the users who can access the network server; what services are available to users with access rights; and how users are using network resources for billing.
AAA generally adopts the client/server structure: the client runs on the managed resource side, and the server stores the user information centrally. Therefore, the AAA framework has good scalability, and easy to achieve the centralized management of user information.
AAA Realization
There are two ways to realize AAA:
-
via NAS.
-
via RADIUS, TACACS +, etc.
RADIUS Overview
RADIUS creates a unique user database, stores the user name and password of the user to authenticate, and stores the service type and corresponding configuration information that is passed to the user to complete the authorization. After the user is authorized, the RADIUS server performs the function of accounting for user accounts.
RADIUS stands for Remote Authentication Dial in User Service.
-
RADIUS is an AAA protocol for applications such as Network Access or IP Mobility.
-
It works in both situations, Local and Mobile.
-
It uses Password Authentication Protocol (PAP), Challenge Handshake Authentication Protocol (CHAP), or Extensible Authentication Protocol (EAP) protocols to authenticate users.
-
It looks in text file, LDAP Servers, Database for authentication.
-
After authentication services parameters passed back to NAS.
-
It notifies when a session starts and stop. This data is used for Billing or Statistics purposes.
-
SNMP is used for remote monitoring.
-
It can be used as a proxy.
Here is a list of all the key features of Radius:
-
Client/Server Model
-
NAS works as a client for the Radius server.
-
Radius server is responsible for getting user connection requests, authenticating the user, and then returning all the configuration information necessary for the client to deliver service to the user.
-
A Radius server can act as a proxy client to other Radius servers.
-
-
Network Security
-
Transactions between a client and a server are authenticated through the use of a shared key. This key is never sent over the network.
-
Password is encrypted before sending it over the network.
-
-
Flexible Authentication Mechanisms
-
Point-to-Point Protocol (PPP)
-
Password Authentication Protocol (PAP)
-
Challenge Handshake Authentication Protocol (CHAP)
-
Simple UNIX Login
-
-
Extensible Protocol
-
Radius is extensible; most vendors of Radius hardware and software implement their own dialects.
-