1-3z The RADIUS server receives user connection requests, authenticates users, and returns allrequired information to the device.Generally, a RADIUS server maintains the following three databases (see Figure 1-1):z Users: This database stores information about users (such as user name, password, protocoladopted and IP address).z Clients: This database stores information about RADIUS clients (such as shared key).z Dictionary: The information stored in this database is used to interpret the attributes and attributevalues in the RADIUS protocol.Figure 1-1 Databases in a RADIUS serverRADIUS serversUser Clients DictionaryIn addition, a RADIUS server can act as a client of some other AAA server to provide authentication oraccounting proxy service.Basic message exchange procedure in RADIUSThe messages exchanged between a RADIUS client and a RADIUS server are verified through ashared key. This enhances the security. The RADIUS protocol combines the authentication andauthorization processes together by sending authorization information along with the authenticationresponse message. Figure 1-2 depicts the message exchange procedure between the user, device andRADIUS server.Figure 1-2 Basic message exchange procedure of RADIUSRADIUS Client RADIUS Server( 1 ) The user inputs the username and password( 3 ) Access -Accept( 2 ) Access -Request(4 ) Accounting-Request (start)( 5 ) Accounting-Response( 6 ) The user begins to access resources( 7 ) Accounting-Request (stop)( 8 ) Accounting-Response( 9 ) Inform the user the access is endedHostThe basic message exchange procedure of RADIUS is as follows:1) The user enters the user name and password.
