530 CHAPTER 38: CONFIGURING AAA AND RADIUS PROTOCOL
responsible for receiving a user's request for connection, authenticating the user,
and returning the required information to NAS.
The RADIUS server maintains three databases:
■ Users: stores user information, such as username, password, applied protocols,
IP address
■ Clients: stores information about the RADIUS client, such as the shared key
■ Dictionary: explains the meaning of RADIUS protocol attributes
The following figure shows the three components of a RADIUS server.
Figure 165 Components of RADIUS server
In addition, a RADIUS server can act as the client of other AAA servers to perform
authentication or accounting. A RADIUS server supports multiple ways to
authenticate the user, such as PPP-based PAP, CHAP and UNIX-based login.
Basic Information
Interaction Procedure of
RADIUS
The RADIUS server usually uses the agent authentication function of the devices
like NAS to authenticate the user. The RADIUS client and server authenticate their
interactive messages through shared keys, and the user password is transmitted
over the network in ciphertext mode to enhance security. The RADIUS protocol
integrates the authentication and authority processes and the response packet
carries authority information. The operation process is shown in the following
figure.
RADIUS Server
Users Clients
Dictionary