RADIUS Terms ExplainedIntroduction to 8950 AAA
................................................................................................................................... .........................................................................................................................
365-360-001 R6.0
Issue 1, December 2008 1-3
.................................................................................................................................... ........................................................................................................................
RADIUS Terms Explained
Radius Overview
RADIUS is a client-server data communications protocol. The RADIUS protocol defines
the types and contents of messages that can be exchanged in order to successfully access a
system or service. The term RADIUS is an acronym that stands for Remote
Authentication Dial-In User Services.
A RADIUS server is an example of an authentication, authorization and accounting
(AAA-pronounced as “triple-A”) server because it authenticates a user, authorizes network
access, records usage:
Authentication–validating the user’s identity
Authorization validating that the user is allowed to do what was requested
Accounting – recording information about a user’s session
The AAA environment is based on a client/server relationship. 8950 AAA implements the
server functions and communicates with clients, such as Network Access Servers (NASs).
The client is responsible for passing user information to RADIUS servers and acting on
the response it receives. RADIUS servers are responsible for receiving user connection
requests, authenticating the user, and authorizing access, and then returning configuration
information necessary for the client to deliver service to the user.
The RADIUS client controls the access protocols that are used. Within the protocol,
RADIUS Attributes provide the vocabulary used for communication between RADIUS
clients and servers. They provide authentication and authorization information, define
session parameters, and record session accounting information. In the RADIUS protocol,
attributes are defined by a number, a name, and a data type. For example, attribute number
1 is called User-Name and contains string, that is, character data. Each attribute contained
in a RADIUS packet is assigned a value. For example, User-Name = Bob. This
combination of an attribute name and an associated value is called an Attribute Value Pair
(AVP).
When configuring 8950 AAA, attributes are used in two ways: to return session settings to
the client and to provide access check data in the authorization process. When used in
these two ways, attributes are often called reply-items and check-items, respectively.
8950 AAA uses policies to define a set of rules that the server uses to determine access
rights, user privileges, and accounting practices based on information contained in the
Access-Request and information about the user who is requesting access. A policy defines
the rules and steps the server follows to complete the process described above.