1 / 8

Understanding RADIUS Protocol: AAA Functions & FreeRADIUS Benefits

Learn about RADIUS protocol, its AAA functions (Authentication, Authorization, Accounting), and the benefits of FreeRADIUS server. Explore how RADIUS handles user access and tracks usage in network environments.

isaaca
Download Presentation

Understanding RADIUS Protocol: AAA Functions & FreeRADIUS Benefits

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. RADIUS

  2. RADIUS • Stands for “Remote Authentication Dial In User Service” • Network Protocol for remote user authentication • Used by ISPs, Cellular Network Providers and educational networks • Three primary functions (AAA) • Authenticates user or devices before allowing them access to network • Authorizes those users/devices for specific network services • Accounts for and tracks usage of these services

  3. AAA – Authentication, Authorization & Accounting • Authentication: Validating the identity of a user by matching the credentials supplied by user to those found in user directory • Authorization: Determine what permissions are granted to the user, eg. specific VLAN, bandwidth limit,… • Authentication vs. Authorization example: Police road check, you can authenticate yourself with ID, but only show that you are authorized to drive a car with your drivers license • Accounting not relevant in eduroam context, as it is a free service

  4. RADIUS – Components Supplicant Authenticator User Directory Registry

  5. FreeRADIUS • Most widely used open source RADIUS server, but there are others • Created and maintained by Alan DeKok, a no-nonsense type • Benefits • Features usually only seen in commercial servers: EAP, Virtual Servers • Modular - Easy to enable/disable functionalities • Scalable – Thousands of requests handled by a single instance

  6. Support • FreeRADIUS • Online Documentation • Mailing List (Don’t be put off by the tone) • eduroam • Your NRO (National Roaming Operator): NgREN • African eduroam confederation operated by AfREN (UA & WACREN) • eduroam Wiki, OT (Operations Team) and Slack channel

  7. RADIUS – Session Process • User connects to NAS using PPP or other Data Layer link protocol • NAS send an Access-Request message to the RADIUS server, contains user credentials and additional attributes (MAC address, host name) using either PAP, CHAP or EAP protocol • RADIUS server verifies request against user directory • RADIUS server sends back Access Reject, Access Challenge, or Access Accept

  8. RADIUS – Internal Packet Processing pre-auth

More Related