A CCESS GATEWAYQuick Reference Guide 317RADIUS AttributesRADIUS (Remote Authentication Dial-In User Service) was originally created to allow remoteauthentication to the dial-in networks of corporations and dial-up ISPs. It is defined andstandardized by the IETF (Internet Engineering Task Force) and several RADIUS serverpackages exist in both the public domain and for commercial sale.RADIUS software stores a database of attributes about their valid subscriber base. Forexample, usernames, passwords, access privileges, account limits and subscriber attributes canall be stored in a RADIUS database. RADIUS works in conjunctions with NAS (NetworkAccess Server) devices to determine if access to the service network should be granted, and ifso, with what privileges.When a subscriber attempts to access the service provider's network, the Access Gatewaydelivers a Web page to the subscriber asking for a login name and password. This information(password) is encrypted and sent across the network to the ISP's RADIUS server. TheRADIUS server decrypts the information and compares it against its list of valid users. If thesubscriber can be authenticated, the RADIUS server replies to the Access Gatewaywith amessage instructing it to grant access to the subscriber. Optionally, the RADIUS server caninstruct the NAS to perform other functions; for example, the RADIUS server can tell theAccess Gatewaywhat upstream and downstream bandwidth the subscriber should receive. IfRADIUS cannot authenticate the subscriber, it will instruct the NAS to deny access to thenetwork.All subscribers attempting to gain access tothe network are validated by RADIUS.AG
