Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
191192193194195196197198199200
188
223BRADIUS
Remote Authentication Dial-In User Service (RADIUS) is a distributed information interaction protocol that
uses a client/server model. It can protect networks against unauthorized access and is often used in
network environments that require both high security and remote user access.
RADIUS uses UDP port 1812 for authentication and UDP port 1813 for accounting.
RADIUS was originally designed for dial-in user access. With the addition of new access methods,
RADIUS has been extended to support additional access methods, including Ethernet and ADSL.
RADIUS provides access authentication, authorization, and accounting services. The accounting function
collects and records network resource usage information.
415BClient/server model
RADIUS clients run on NASs located throughout the network. NASs pass user information to RADIUS
servers, and determine to reject or accept user access requests depending on the responses from RADIUS
servers.
The RADIUS server runs on the computer or workstation at the network center and maintains information
related to user authentication and network access. It receives connection requests, authenticates users,
and returns access control information (for example, rejecting or accepting the user access request) to the
clients.
The RADIUS server typically maintains the following databases: Users, Clients, and Dictionary.
See
695HFigure 137.
Figure 137 RADIUS server databases
Users—Stores user information, such as usernames, passwords, applied protocols, and IP
addresses.
Clients—Stores information about RADIUS clients, such as shared keys and IP addresses.
Dictionary—Stores RADIUS protocol attributes and their values.
416BSecurity and authentication mechanisms
The RADIUS client and the RADIUS server use a shared key to authenticate RADIUS packets and encrypt
user passwords exchanged between them. For security, this key must be manually configured on the
client and the server.
RADIUS servers support multiple authentication protocols, including PPP PAP and CHAP. A RADIUS
server can also act as the client of another AAA server to provide authentication proxy services.
417BBasic RADIUS message exchange process
696HFigure 138 illustrates the interactions between the host, the RADIUS client, and the RADIUS server.
RADIUS servers
Users Clients Dictionary