Cisco Systems CSACS3415K9

A-12

User Guide for Cisco Secure Access Control System 5.4

OL-26225-01

AppendixA AAA Protocols

Overview of RADIUS

When the RADIUS server receives the access-request from the NAD, it searches a database for the

username. Depending on the result of the database query, an accept or reject is sent. A text message can

accompany the access-reject message to indicate the reason for the refusal.

In RADIUS, authentication and authorization are coupled. If the RADIUS server finds the username and

the password is correct, the RADIUS server returns an access-accept response, including a list of

attribute-value pairs that describe the parameters to use for this session. This list of parameters sets the

authorization rights for the user.

Typical parameters include:

•Service type

•Protocol type

•IP address to assign the user (static or dynamic)

•Access list to apply

•A static route to install in the NAD routing table

The configuration information in the RADIUS server defines which parameters to set on the NAD during

installation.