5-3
RADIUS Authentication and Accounting
Terminology
Terminology
CHAP (Challenge-Handshake Authentication Protocol): A challenge-
response authentication protocol that uses the Message Digest 5 (MD5)
hashing scheme to encrypt a response to a challenge from a RADIUS server.
EAP (Extensible Authentication Protocol): A general PPP authentication
protocol that supports multiple authentication mechanisms. A specific
authentication mechanism is known as an EAP type, such as MD5-Challenge,
Generic Token Card, and TLS (Transport Level Security).
Host: See RADIUS Server.
NAS (Network Access Server): In this case, a ProCurve switch configured
for RADIUS security operation.
RADIUS (Remote Authentication Dial In User Service):
RADIUS Client: The device that passes user information to designated
RADIUS servers.
RADIUS Host: See RADIUS server.
RADIUS Server: A server running the RADIUS application you are using on
your network. This server receives user connection requests from the switch,
authenticates users, and then returns all necessary information to the switch.
For the ProCurve switch, a RADIUS server can also perform accounting
functions. Sometimes termed a RADIUS host.
Shared Secret Key: A text value used for encrypting data in RADIUS packets.
Both the RADIUS client and the RADIUS server have a copy of the key, and
the key is never transmitted across the network.