1-4Figure 1-2 Databases in a RADIUS serverIn addition, a RADIUS server can act as a client of some other AAA server to provide authentication oraccounting proxy service.Basic message exchange procedure in RADIUSThe messages exchanged between a RADIUS client (a switch, for example) and a RADIUS server areverified through a shared key. This enhances the security. The RADIUS protocol combines theauthentication and authorization processes together by sending authorization information along withthe authentication response message. Figure 1-3 depicts the message exchange procedure betweenuser, switch and RADIUS server.Figure 1-3 Basic message exchange procedure of RADIUSRADIUS Client RADIUS Server( 1 ) The user inputs the username and password( 3 ) Access-Accept( 2 ) Access-Request(4 ) Accounting-Request (start)( 5 ) Accounting-Response( 6 ) The user begins to access resources( 7 ) Accounting-Request (stop)( 8 ) Accounting-Response( 9 ) Inform the user the access is endedHostThe basic message exchange procedure of RADIUS is as follows:1) The user enters the username and password.2) The RADIUS client receives the username and password, and then sends an authenticationrequest (Access-Request) to the RADIUS server.3) The RADIUS server compares the received user information with that in the Users database toauthenticate the user. If the authentication succeeds, the RADIUS server sends back to theRADIUS client an authentication response (Access-Accept), which contains the user’sauthorization information. If the authentication fails, the server returns an Access-Reject response.
