Access Server Administrators’ Reference Guide

C • Technical Reference

 

 

RADIUS Authentication Procedure

The procedure for RADIUS authentication and authorization is outlined in figure 125:

Figure 125. RADIUS authentication and authorization procedure

1.User dials into the RAS and establishes a connection.

2.The RAS prompts for user ID and password (PAP) or challenge (CHAP, MS-CHAP V1 and MS-CHAP V2).

3.User responds with user ID and password (PAP) or challenge response (CHAP, MS-CHAP V1 and MS- CHAP V2).

4.RAS forwards an authentication request packet to the RADIUS server, containing user identification, encrypted password, and RAS identification.

5.RADIUS server validates the user and sends the RAS an authentication acknowledgement packet contain- ing user configuration and one of the following

Specifying what network services and privileges the RAS should provide to the user (Access-accept), or

Denying the Authentication Request (Access-reject).

RADIUS Standards

RADIUS was initially developed in January 1977 by Lucent Technologies on recommendation from the Inter- net Engineering Task Force (IETF). The second generation IETF Standards for RADIUS (RFC 2138) and RADIUS Accounting (RFC 2139) were published in April 1977. The second set of RFCs changed the assigned UDP port number for RADIUS from 1645 (conflicting with “datametrics” service) to 1812, and changed the assigned UDP port number for RADIUS accounting from 1646 (conflicting with “sa-msg-port” service) to 1813. The April 1977 standards have been widely implemented and remain extensively deployed in public and private networks.

In June 2000, IETF published a third revision of the RADIUS standards, RFC2865 and RFC2866. RFC 5865 defined congestion control mechanisms to solve performance problems sometimes encountered when the ear- lier standard is deployed in large-scale networks. RFC2866 defined additional accounting features.

Patton remote access servers (RAS) support the April 1977 standards for RADIUS (RFC2138) and RADIUS Accounting (RFC2139). The RADIUS attributes Patton RAS supports are listed in Appendix A of the Access Server Administrator’s Reference Guide, available online at http://www.patton.com/manuals/AccessServer_Admin-D_lo-res.pdf

Configuring a RADIUS server

309

Page 308 Page 310
Page 309
Image 309
Patton electronic 29XX manual Radius Authentication Procedure, Radius Standards
Page 308 Page 310
Top Page Image Contents