Configuring a RADIUS server 309
Access Server Administrators’ Reference Guide C • Technical Reference
RADIUS Authentication Procedure
The procedure for RADIUS authentication and authorization is outlined in figure 125:
Figure 125. RADIUS authentication and authorization procedure
1. User dials into the RAS and establishes a connection.
2. The RAS prompts for user ID and password (PAP) or challenge (CHAP, MS-CHAP V1 and MS-CHAP
V2).
3. User responds with user ID and password (PAP) or challenge response (CHAP, MS-CHAP V1 and MS-
CHAP V2).
4. RAS forwards an authentication request packet to the RADIUS server, containing user identification,
encrypted password, and RAS identification.
5. RADIUS server validates the user and sends the RAS an authentication acknowledgement packet contain-
ing user configuration and one of the following
– Specifying what network services and privileges the RAS should provide to the user (Access-accept), or
– Denying the Authentication Request (Access-reject).
RADIUS Standards
RADIUS was initially developed in January 1977 by Lucent Technologies on recommendation from the Inter-
net Engineering Task Force (IETF). The second generation IETF Standards for RADIUS (RFC 2138) and
RADIUS Accounting (RFC 2139) were published in April 1977. The second set of RFCs changed the assigned
UDP port number for RADIUS from 1645 (conflicting with “datametrics” service) to 1812, and changed the
assigned UDP port number for RADIUS accounting from 1646 (conflicting with “sa-msg-port” service) to
1813. The April 1977 standards have been widely implemented and remain extensively deployed in public and
private networks.
In June 2000, IETF published a third revision of the RADIUS standards, RFC2865 and RFC2866. RFC 5865
defined congestion control mechanisms to solve performance problems sometimes encountered when the ear
-
lier standard is deployed in large-scale networks. RFC2866 defined additional accounting features.
Patton remote access servers (RAS) support the April 1977 standards for RADIUS (RFC2138) and RADIUS
Accounting (RFC2139). The RADIUS attributes Patton RAS supports are listed in Appendix A of the Access
Server Administrator’s Reference Guide, available online at
http://www.patton.com/manuals/AccessServer_Admin-D_lo-res.pdf