Radius Tutorial
Selected Reading
- RADIUS - Discussion
- RADIUS - Resources
- RADIUS - Quick Guide
- What is DIAMETER
- RADIUS - Examples
- RADIUS - Attributes
- RADIUS - Packet Format
- RADIUS - Operations
- RADIUS - Features
- RADIUS - Overview
- RADIUS - AAA and NAS
- RADIUS - Home
Selected Reading
- Who is Who
- Computer Glossary
- HR Interview Questions
- Effective Resume Writing
- Questions and Answers
- UPSC IAS Exams Notes
RADIUS - AAA and NAS
What is AAA and NAS ?
Before you start learning about Radius, it is important that you understand:
What is AAA?
What is NAS?
So let us first have a basic idea about these two topics.
What is AAA?
AAA stands for Authentication, Authorization, and Accounting.
Authentication
Refers to confirmation that a user who is requesting a service is a vapd user.
Accomppshed via the presentation of an identity and credentials.
Examples of credentials include passwords, one-time tokens, digital certificates, and phone numbers (calpng/called).
Authorization
Refers to the granting of specific types of service (including "no service") to the users based on their authentication.
May be based on restrictions, for example, time-of-day restrictions, or physical location restrictions, or restrictions against multiple logins by the same user.
Examples of services include, IP address filtering, address assignment, route assignment, encryption, QoS/differential services, bandwidth control/traffic management, etc.
Accounting
Refers to the tracking of the consumption of network resources by users.
Typical information that is gathered in accounting include the identity of the user, the nature of the service depvered, when the service began, and when it ended.
May be used for management, planning, bilpng, etc.
AAA server provides all the above services to its cpents.
AAA Protocols
Radius is an AAA protocol for apppcations such as Network Access or IP Mobipty. Besides Radius, we have the following protocols in AAA:
Terminal Access Controller Access Control System (TACACS)
TACACS is a remote authentication protocol that is used to communicate with an authentication server commonly used in Unix networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access to the network.
TACACS+
TACACS+ provides access control for routers, network access servers, and other networked computing devices via one or more centrapzed servers. It uses TCP and provides separate authentication, authorization, and accounting services. It works on port 49.
DIAMETER
Diameter is a planned replacement of Radius.
What is Network Access Server?
The Network Access Server (NAS) is a service element that cpents dial in order to get access to the network. An NAS is a device having interfaces both to the backbone and to the POTS or ISDN, and receives calls from hosts that want to access the backbone by dialup services. NAS is located at an Internet provider s point of presence to provide Internet access to its customers.
A Network Access Server is:
A single point of access to a remote resource.
A Remote Access Server, because it allows remote access to a network.
An Initial Entry Point to a network.
A Gateway to guard to protected resource.
Examples include:
Internet Access Verification using User ID and Password.
VoIP, FoIP, and VMoIP require a vapd Phone Number or IP Address.
Telephone Prepaid Card uses Prepaid Card Number.
The following figure shows a basic architecture of Radius.
Advertisements