Overview, Radius protocol, C h a p t e r – Cisco Cisco Access Registrar 3.5 User Manual
Page 13: Chapter 1, “overview
C H A P T E R
1-1
Cisco Access Registrar 3.5 Concepts and Reference Guide
OL-2683-02
1
Overview
The chapter provides an overview of the RADIUS server, including connection steps, RADIUS message
types, and using Cisco Access Registrar as a proxy server.
Cisco Access Registrar is a RADIUS (Remote Authentication Dial-In User Service) server that allows
multiple dial-in Network Access Server (NAS) devices to share a common authentication, authorization,
and accounting database.
Cisco Access Registrar handles the following tasks:
•
Authentication—determines the identity of users and whether they may be allowed to access the
network
•
Authorization—determines the level of network services available to authenticated users after they
are connected
•
Accounting—keeps track of each user’s network activity
•
Session and resource management—tracks user sessions and allocates dynamic resources
Using a RADIUS server allows you to better manage the access to your network, as it allows you to store
all security information in a single, centralized database instead of distributing the information around
the network in many different devices. You can make changes to that single database instead of making
changes to every network access server in your network.
RADIUS Protocol
Cisco Access Registrar is based on a client/server model, which supports AAA (authentication,
authorization, and accounting). The client is the Network Access Server (NAS) and the server is Cisco
Access Registrar. The client passes user information on to the RADIUS server and acts on the response
it receives. The server, on the other hand, is responsible for receiving user access requests, authenticating
and authorizing users, and returning all of the necessary configuration information the client can then
pass on to the user.
The protocol is a simple packet exchange in which the NAS sends a request packet to the Cisco Access
Registrar with a name and a password. Cisco Access Registrar looks up the name and password to verify
it is correct, determines for which dynamic resources the user is authorized, then returns an accept packet
that contains configuration information for the user session (
).