Introduction to AAA Services 239
■ Users: This database stores information about users (such as user name,
password, protocol adopted and IP address).
■ Clients: This database stores information about RADIUS clients (such as shared
key).
■ Dictionary: The information stored in this database is used to interpret the
attributes and attribute values in the RADIUS protocol.
Figure 77 Databases in a RADIUS server
In addition, a RADIUS server can act as a client of some other AAA server to
provide authentication or accounting proxy service.
Basic message exchange procedure in RADIUS
The messages exchanged between a RADIUS client (a switch, for example) and a
RADIUS server are verified through a shared key. This enhances the security. The
RADIUS protocol combines the authentication and authorization processes
together by sending authorization information along with the authentication
response message.
Figure 78 depicts the message exchange procedure between
user, switch and RADIUS server.
Figure 78 Basic message exchange procedure of RADIUS
RADIUS servers
User Clients Dictionary
RADIUS Client RADIUS Serve
(1)
The user inputs the user
name and password
( 3 ) Access-Accept
( 2 ) Access-Request
(4 ) Accounting-Request (start)
( 5 ) Accounting-Response
( 6 ) The user begins to access resources
( 7 ) Accounting-Request (stop)
( 8 ) Accounting-Response
( 9 ) Inform the user the access is ended
Host
To Next Page
Loading...
