H OTS POT GATEWAY ™Quick Reference Guide 231RADIUS AttributesRADIUS (Remote Authentication Dial-In User Service) was originally created toallow remote authentication to the dial-in networks of corporations and dial-up ISPs.It is defined and standardized by the IETF (Internet Engineering Task Force) andseveral RADIUS server packages exist in both the public domain and for commercialsale.RADIUS software stores a database of attributes about their valid subscriber base.For example, usernames, passwords, access privileges, account limits and subscriberattributes can all be stored in a RADIUS database. RADIUS works in conjunctionswith NAS (Network Access Server) devices to determine if access to the servicenetwork should be granted, and if so, with what privileges.When a subscriber attempts to access the service provider's network, the HSGdelivers a Web page to the subscriber asking for a login name and password. Thisinformation (password) is encrypted and sent across the network to the ISP'sRADIUS server. The RADIUS server decrypts the information and compares itagainst its list of valid users. If the subscriber can be authenticated, the RADIUSserver replies to the HSG with a message instructing it to grant access to thesubscriber. Optionally, the RADIUS server can instruct the NAS to perform otherfunctions; for example, the RADIUS server can tell the HSG what upstream anddownstream bandwidth the subscriber should receive. If RADIUS cannot authenticatethe subscriber, it will instruct the NAS to deny access to the network.The Nomadix HSG RADIUS functionality can be broken down into the followingcategories: Authentication-Request Authentication-Reply Accounting-RequestAll subscribers attempting to gain access to thenetwork are validated by RADIUS.
