RADIUS Server

Maybe you have heard of this triple A, but what they really mean?

1) Authentication
Authentication is the act of establishing or confirming that someone/something is authentic. This means that AAA server is confirming that some specific user is from the list of users that are allowed to be on the network.

2) Authorization
Authorization is the function of specifying access rights to resources. To translate this in networking, authorization defines who can do what on the network. These are access policies for users.

3) Accounting
Accounting in this case is list when and for how long users were active on the network. From this data specific user can be billed, but this can also be used for statistical purposes and for monitoring of network.

Client or device that wants to connect to the wireless network sends a request to the wireless router. This request contains the credentials (username and password). These credentials are passed to the RADIUS that decides is it going to grant access to the wireless router. AAA server checks this information using the authentication methods like PAP, CHAP or EAP.

It can return three responses:
- Access Reject – access is denied to the user, because of incorrect identification, unknown or inactive account.
- Access Challenge – some additional information is needed from the user to gain access like secondary password or token.
- Access Accepted – access is granted to the user. After that, AAA server will often check the credentials of the user.

There are many types of the AAA servers on the market, I will mention only some of them, which are mainly used in enterprises:

New! Comments