RADIUS
From Free net encyclopedia
| Layer | Protocols |
|---|---|
| Application | DNS, TLS/SSL, TFTP, FTP, HTTP, IMAP, IRC, NNTP, POP3, SIP, SMTP, SNMP, SSH, TELNET, BitTorrent, RTP, rlogin, ENRP, … |
| Transport | TCP, UDP, DCCP, SCTP, IL, RUDP, … |
| Network | IP (IPv4, IPv6), ICMP, IGMP, ARP, RARP, … |
| Link | Ethernet, Wi-Fi, Token ring, PPP, SLIP, FDDI, ATM, DTM, Frame Relay, SMDS, … |
Remote authentication dial-in user service (RADIUS) is an AAA (authentication, authorization and accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.
When you connect to an ISP using a modem, DSL, cable or wireless connection, for some providers you must enter your username and password. This information is passed to a Network Access Server (NAS) device over the Point-to-Point Protocol (PPP), then to a RADIUS server over the RADIUS protocol. The RADIUS server checks that the information is correct using authentication schemes like PAP, CHAP or EAP. If accepted, the server will then authorize access to the ISP system and select an IP address, L2TP parameters, etc.
The RADIUS server will also be notified if and when the session starts and stops, so that the user can be billed accordingly; or the data can be used for statistical purposes.
RADIUS was originally developed by Livingston Enterprises for their PortMaster series of Network Access Servers, but later (1997) published as RFC 2058 and RFC 2059 (current versions are RFC 2865 and RFC 2866). Now, several commercial and open-source RADIUS servers exist. Features can vary, but most can look up the users in text files, LDAP servers, various databases, etc. Accounting tickets can be written to text files, various databases, forwarded to external servers, etc. SNMP is often used for remote monitoring. RADIUS proxy servers are used for centralized administration and can rewrite RADIUS packets on the fly (for security reasons, or to convert between vendor dialects).
RADIUS is a common authentication protocal utilized by the 802.1x wireless security standard. Although RADIUS was not initially intended to be a wireless security authentication method, it improves the WEP encryption key standard, in conjunction with other security methods such as EAP-PEAP.
RADIUS is extensible; most vendors of RADIUS hardware and software implement their own dialects.
The DIAMETER protocol is the planned replacement for RADIUS, but is still backwards compatible.
Standards
The RADIUS protocol is currently defined in:
Other relevant RFCs are:
- RFC 2548 Microsoft Vendor-specific RADIUS Attributes
- RFC 2607 Proxy Chaining and Policy Implementation in Roaming
- RFC 2618 RADIUS Authentication Client MIB
- RFC 2619 RADIUS Authentication Server MIB
- RFC 2620 RADIUS Accounting Client MIB
- RFC 2621 RADIUS Accounting Server MIB
- RFC 2809 Implementation of L2TP Compulsory Tunneling via RADIUS
- RFC 2867 RADIUS Accounting Modifications for Tunnel Protocol Support
- RFC 2868 RADIUS Attributes for Tunnel Protocol Support
- RFC 2869 RADIUS Extensions
- RFC 2882 Network Access Servers Requirements: Extended RADIUS Practices
- RFC 3162 RADIUS and IPv6
- RFC 3575 IANA Considerations for RADIUS
- RFC 3576 Dynamic Authorization Extensions to RADIUS
- RFC 3579 RADIUS Support for EAP
- RFC 3580 IEEE 802.1X RADIUS Usage Guidelines
- RFC 4014 RADIUS Attributes Suboption for the DHCP Relay Agent Information Option
See also
- TACACS
- [[TACACS+|TACACS+]]
External links
- An Analysis of the RADIUS Authentication Protocol
- List of RADIUS attributes
- The Beginnings and History of RADIUS by John Vollbrechtde:RADIUS
es:RADIUS fr:Radius (informatique) nl:RADIUS ja:RADIUS pl:RADIUS ru:RADIUS fi:RADIUS sv:RADIUS