1-11 RADIUSOverviewRemote Authentication Dial-In User Service (RADIUS) is protocol for implementing Authentication,Authorization, and Accounting (AAA). For details about AAA, refer to AAA Configuration.Introduction to RADIUSRADIUS is a distributed information interaction protocol using the client/server model. RADIUS canprotect networks against unauthorized access and is often used in network environments where bothhigh security and remote user access are required. RADIUS uses UDP, and its packet format andmessage transfer mechanism are based on UDP. It uses UDP port 1812 for authentication and 1813 foraccounting.RADIUS was originally designed for dial-in user access. With the diversification of access methods,RADIUS has been extended to support more access methods, for example, Ethernet access and ADSLaccess. It uses authentication and authorization in providing access services and uses accounting tocollect and record usage information of network resources.Client/Server Modelz Client: The RADIUS client runs on the NASs located throughout the network. It passes userinformation to designated RADIUS servers and acts on the responses (for example, rejects oraccepts user access requests).z Server: The RADIUS server runs on the computer or workstation at the network center andmaintains information related to user authentication and network service access. It listens toconnection requests, authenticates users, and returns the processing results (for example,rejecting or accepting the user access request) to the clients.In general, the RADIUS server maintains three databases, namely, Users, Clients, and Dictionary, asshown in Figure 1-1.Figure 1-1 RADIUS server componentsz Users: Stores user information such as the usernames, passwords, applied protocols, and IPaddresses.z Clients: Stores information about RADIUS clients, such as the shared keys and IP addresses.z Dictionary: Stores information about the meanings of RADIUS protocol attributes and their values.