AG 5000Quick Reference Guide 231RADIUS AttributesRADIUS (Remote Authentication Dial-In User Service) was originally created toallow remote authentication to the dial-in networks of corporations and dial-up ISPs.It is defined and standardized by the IETF (Internet Engineering Task Force) andseveral RADIUS server packages exist in both the public domain and for commercialsale.RADIUS software stores a database of attributes about their valid subscriber base.For example, usernames, passwords, access privileges, account limits and subscriberattributes can all be stored in a RADIUS database. RADIUS works in conjunctionswith NAS (Network Access Server) devices to determine if access to the servicenetwork should be granted, and if so, with what privileges.When a subscriber attempts to access the service provider's network, the AG 5000delivers a Web page to the subscriber asking for a login name and password. Thisinformation (password) is encrypted and sent across the network to the ISP'sRADIUS server. The RADIUS server decrypts the information and compares itagainst its list of valid users. If the subscriber can be authenticated, the RADIUSserver replies to the AG 5000 with a message instructing it to grant access to thesubscriber. Optionally, the RADIUS server can instruct the NAS to perform otherfunctions; for example, the RADIUS server can tell the AG 5000 what upstream anddownstream bandwidth the subscriber should receive. If RADIUS cannot authenticatethe subscriber, it will instruct the NAS to deny access to the network.The Nomadix AG 5000 RADIUS functionality can be broken down into thefollowing categories: Authentication-Request Authentication-Reply Accounting-RequestAll subscribers attempting to gain access to thenetwork are validated by RADIUS.