3com WX3000 Manuel D’Utilisation
1-3
z
The RADIUS server receives user connection requests, authenticates users, and returns all
required information to the device.
Generally, a RADIUS server maintains the following three databases (see
z
Users: This database stores information about users (such as user name, password, protocol
adopted and IP address).
z
Clients: This database stores information about RADIUS clients (such as shared key).
z
Dictionary: The information stored in this database is used to interpret the attributes and attribute
values in the RADIUS protocol.
Figure 1-1 Databases in a RADIUS server
RADIUS servers
User
Clients
Dictionary
In addition, a RADIUS server can act as a client of some other AAA server to provide authentication or
accounting proxy service.
Basic message exchange procedure in RADIUS
The messages exchanged between a RADIUS client and a RADIUS server are verified through a
shared key. This enhances the security. The RADIUS protocol combines the authentication and
authorization processes together by sending authorization information along with the authentication
response message.
depicts the message exchange procedure between the user, device and
RADIUS server.
Figure 1-2 Basic message exchange procedure of RADIUS
RADIUS Client
RADIUS Server
( 1 )
The user inputs the user
name and password
( 3 )
Access -Accept
( 2 )
Access -Request
(4 )
Accounting-Request (start)
( 5 )
Accounting-Response
( 6 )
The user begins to access resources
( 7 ) Accounting-Request (stop)
( 8 ) Accounting-Response
( 9 ) Inform the user the access is ended
Host
The basic message exchange procedure of RADIUS is as follows:
1) The user enters the user name and password.