3com 2928 User Guide
1-1
1
RADIUS
Overview
Remote Authentication Dial-In User Service (RADIUS) is protocol for implementing Authentication,
Authorization, and Accounting (AAA). For details about AAA, refer to AAA Configuration.
Authorization, and Accounting (AAA). For details about AAA, refer to AAA Configuration.
Introduction to RADIUS
RADIUS is a distributed information interaction protocol using the client/server model. RADIUS can
protect networks against unauthorized access and is often used in network environments where both
high security and remote user access are required. RADIUS uses UDP, and its packet format and
message transfer mechanism are based on UDP. It uses UDP port 1812 for authentication and 1813 for
accounting.
RADIUS was originally designed for dial-in user access. With the diversification of access methods,
RADIUS has been extended to support more access methods, for example, Ethernet access and ADSL
access. It uses authentication and authorization in providing access services and uses accounting to
collect and record usage information of network resources.
protect networks against unauthorized access and is often used in network environments where both
high security and remote user access are required. RADIUS uses UDP, and its packet format and
message transfer mechanism are based on UDP. It uses UDP port 1812 for authentication and 1813 for
accounting.
RADIUS was originally designed for dial-in user access. With the diversification of access methods,
RADIUS has been extended to support more access methods, for example, Ethernet access and ADSL
access. It uses authentication and authorization in providing access services and uses accounting to
collect and record usage information of network resources.
Client/Server Model
z
Client: The RADIUS client runs on the NASs located throughout the network. It passes user
information to designated RADIUS servers and acts on the responses (for example, rejects or
accepts user access requests).
information to designated RADIUS servers and acts on the responses (for example, rejects or
accepts user access requests).
z
Server: The RADIUS server runs on the computer or workstation at the network center and
maintains information related to user authentication and network service access. It listens to
connection requests, authenticates users, and returns the processing results (for example,
rejecting or accepting the user access request) to the clients.
maintains information related to user authentication and network service access. It listens to
connection requests, authenticates users, and returns the processing results (for example,
rejecting or accepting the user access request) to the clients.
In general, the RADIUS server maintains three databases, namely, Users, Clients, and Dictionary, as
shown in
shown in
Figure 1-1
RADIUS server components
z
Users: Stores user information such as the usernames, passwords, applied protocols, and IP
addresses.
addresses.
z
Clients: Stores information about RADIUS clients, such as the shared keys and IP addresses.
z
Dictionary: Stores information about the meanings of RADIUS protocol attributes and their values.