HP 6125G HP 6125G & 6125G/XG Blade Switches Security Configuration Gui - Page 12
RADIUS, Client/server model, Security and authentication mechanisms
View all HP 6125G manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 12 highlights
RADIUS Remote Authentication Dial-In User Service (RADIUS) is a distributed information interaction protocol that uses a client/server model. It can protect networks against unauthorized access and is often used in network environments where both high security and remote user access are required. RADIUS uses UDP as the transport protocol. It uses UDP port 1812 for authentication and UDP port 1813 for accounting. RADIUS was originally designed for dial-in user access. With the addition of new access methods, RADIUS has been extended to support additional access methods, such as Ethernet and ADSL. RADIUS provides access authentication and authorization services, and its accounting function collects and records network resource usage information. Client/server model The RADIUS client runs on the NASs located throughout the network. It passes user information to designated RADIUS servers and acts on the responses (for example, rejects or accepts user access requests). The RADIUS server runs on the computer or workstation at the network center and maintains information related to user authentication and network service access. It listens to connection requests, authenticates users, and returns user access control information (for example, rejecting or accepting the user access request) to the clients. In general, the RADIUS server maintains the following databases: Users, Clients, and Dictionary. Figure 2 RADIUS server components RADIUS servers Users Clients Dictionary • Users-Stores user information, such as usernames, passwords, applied protocols, and IP addresses. • Clients-Stores information about RADIUS clients, such as shared keys and IP addresses. • Dictionary-Stores RADIUS protocol attributes and their values. Security and authentication mechanisms A RADIUS client and the RADIUS server use the shared key to authenticate RADIUS packets and encrypt user passwords that are exchanged between them. The keys are never transmitted over the network. This security mechanism improves the security of RADIUS communication and prevents user passwords from being intercepted on insecure networks. A RADIUS server supports multiple user authentication methods. A RADIUS server can also act as the client of another AAA server to provide authentication proxy services. Basic RADIUS message exchange process Figure 3 illustrates the interactions between the host, the RADIUS client, and the RADIUS server. 2