Radius authentication and authorization, Radius authentication and authorization 103, Figure 5-1 – Nortel Networks WEB OS 212777 User Manual

Web OS 10.0 Application Guide

Chapter 5: Secure Switch Management

n

103

212777-A, February 2002

RADIUS Authentication and Authorization

RADIUS is an access server authentication, authorization, and accounting protocol used to
secure remote access to networks and network services against unauthorized access.

RADIUS consists of three components:

n

A protocol with a frame format that utilizes UDP over IP (based on RFC 2138 and 2866)

n

A centralized server that stores all the user authorization information

n

A client, in this case, the switch

The operation of RADIUS authentication and authorization protocol is based on the AA model
described previously. The switch—acting as the RADIUS client—will communicate to the
RADIUS server to authenticate and authorize a remote administrator using the protocol defini-
tions specified in RFC 2138 and 2866. Transactions between the client and RADIUS server are
authenticated through the use of a shared secret, which is never sent over the network. In addi-
tion, the remote administrator passwords are sent encrypted between the RADIUS client (the
switch) and the back-end RADIUS server.

Figure 5-1 Authentication and Authorization: How It Works

Internet

1. Remote administrator connects to
switch and provides user name
and password

2. Using Authentication/Authorization
protocol, the switch sends request
to authentication server

3. Authentication server
checks request against
the user ID database

4. Using RADIUS protocol,
the authentication server
instructs the switch to
grant or deny admim access

Authentication
Servers

Alteon Web Switch