AAA and Network Security for Mobile Access: Radius, Diameter, EAP, PKI and IP Mobility
by Mahsa Nakhjiri, Madjid Nakhjiri
6.1. RADIUS Basics
RADIUS is a client-server mechanism, in which a Network Access Server (NAS) usually acts as a RADIUS client. It is, however, important to understand the distinction between a RADIUS client and an end client in a communications scenario. In the RADIUS context, the client is an entity that acts as a client in RADIUS messaging (a client-server protocol). As mentioned, NAS is the RADIUS client. The end user or the device that is authenticating to the network through the NAS is not the client in RADIUS discussions. We may call the end user or device: "the end client" or in the EAP discussions: "the supplicant" to make a clear distinction.
During authentication procedures, the RADIUS client is responsible for passing user information in the form of requests to the RADIUS server and waits for a response from the server. Depending on the policy, the NAS may only need a successful authentication or further authorization directives from the server to open its traffic ports to the client's traffic. As we will see in Chapter 10, the NAS may need to establish secure communications channels with the client before engaging in any communications with the end user. Furthermore, when accounting is required, the NAS is also responsible for collecting resource usage data and reporting back to the server.
The RADIUS server, on the other hand, is responsible for processing requests, authenticating the users, and returning the information necessary for client configuration to deliver ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access