to prevent user passwords from being intercepted on insecure networks, RADIUS encrypts passwords before transmitting them.
A RADIUS server supports multiple user authentication methods. Moreover, a RADIUS server can act as the client of another AAA server to provide authentication proxy services.
Basic message exchange process of RADIUS
a illustrates the interaction of the host, the RADIUS client, and the RADIUS server.
a.Basic message exchange process of RADIUS
RADIUS operates in the following manner:
Table 122 The host initiates a connection request that carries the user’s username and password to the RADIUS client.
Table 123 After receiving the username and password, the RADIUS client sends an authentication request
Table 124 The RADIUS server authenticates the username and password. If the authentication succeeds, the server sends back an
Table 125 The RADIUS client permits or denies the user according to the returned authentication result. If it permits the user, it sends a
Table 126 The RADIUS server returns a
Table 127 The user accesses the network resources.
Table 128 The host requests the RADIUS client to tear down the connection and the RADIUS client sends a