An Overview of AAA
The framework around which RADIUS is built is known as the AAA process, consisting of authentication, authorization, and accounting. While there’s nothing specific to RADIUS in the AAA model, a general background is needed to justify most of RADIUS’s behavior. RADIUS was created before the AAA model was developed, but it was the first real AAA-based protocol exhibiting the AAA functionality to earn industry acceptance and widespread use. However, that’s not to say there aren’t other protocols that satisfy the architecture’s requirements.
This model serves to manage and report all transactions from start to finish. The following questions serve well as a mimicking of the functionality by asking:
Who are you?
What services am I allowed to give you?
What did you do with my services while you were using them?
To begin, let’s look at why the AAA architecture is a better overall strategy than others. Before AAA was introduced, individual equipment had to be used to authenticate users. Without a formal standard, each machine likely had a different method of authentication—some might have used profiles, while others might have used Challenge/Handshake Authentication Protocol (CHAP) authentication, and still others might have queried a small internal database with SQL. The major problem with this helter-skelter model is one of scalability: while keeping track of users on one piece of network equipment might not be a huge manageability obstacle, increasing capacity by ...