RADIUS Protocol RADIUS is a protocol for carrying information related to authentication, authorization, and configuration between a Network Access Server that desires to authenticate its links and a shared Authentication Server.
RADIUS stands for Remote Authentication Dial In User Service. RADIUS is an AAA protocol for applications such as Network Access or IP Mobility It works in both situations, Local and Mobile. It uses Password Authentication Protocol (PAP), Challenge Handshake Authentication Protocol (CHAP), or Extensible Authentication Protocol (EAP) protocols to authenticate users. It look in text file, LDAP Servers, Database for authentication. After authentication services parameters passed back to NAS. It notifies when a session starts and stop. This data is used for Billing or Statistics purposes. SNMP is used for remote monitoring. It can be used as a proxy. RADIUS is a client/server protocol that runs in the application layer, using UDP as transport. The Remote Access Server, the Virtual Private Network server, the Network switch with portbased authentication, and the Network Access Server (NAS), are all gateways that control access to the network, and all have a RADIUS client component that communicates with the RADIUS server. RADIUS is often the backend of choice for 802.1X authentication as well. RADIUS server is usually a background process running on a UNIX or Microsoft Windows server.
Figure 1 Simple
Network Diagram of Radius
RADIUS was originally specified in an RFI by Merit Network in 1991 to control dial-in access to NSFnet. Livingston Enterprises responded to the RFI with a description of a RADIUS server. Merit Network awarded the contract to Livingston Enterprises that delivered their PortMaster series of Network Access Servers and the initial RADIUS server to Merit. RADIUS was later (1997) published as RFC 2058 and RFC 2059 (current versions are RFC 2865 and RFC 2866). The RADIUS specification RFC 2865 obsoletes RFC 2138. The RADIUS accounting standard RFC 2866 obsoletes RFC 2139.