Radius Protocol

Radius stands for Remote Authentication Dial-In User Service, it is a widely deployed protocol for enabling centralized authentication, authorization, and accounting for network access.

Triple A(AAA) frame work

AAA stands for Authentication, Authorization and Accounting. Radius protocol implements AAA framework. Radius protocol provides centralized Authentication, Authorization, and Accounting (AAA) management for users who connect and use a network service..

As shown in the above figure following are the key components in Radius protocol

a.   User

b.   Radius client

c.    Radius server

d.   User store (Database)

Step1: User submits his credentials (username and password) to Radius client.

Step2: Radius client sends user credentials in the form of radius message to a radius server. Radius client can be a dial-up server, VPN server, or wireless access point.

Step3: Radius server receives radius request message from radius client and process the request (Mostly validates user credentials against database like MySQL, LDAP etc.,), sends back radius response to radius client.

Step 4: Based on response from Radius server, Radius client grant/deny access to the user.

Next sub sequent post explains about Radius protocol, later posts explain about FreeRadius.

Note:

1. RFC 2865 covers Radius protocol

http://freeradius.org/rfc/rfc2865.html

2. RFC 2866 covers Radius accounting.

http://freeradius.org/rfc/rfc2866.html

3. The officially assigned port number for RADIUS is 1812.

4. Radius accounting server runs on port 1813.

Prevoius                                                 Next                                                 Home