what is radius server and how it works

Today we will discuss about security framework and what is radius server and how it works. Before start what is radius server & how it works we need to understand AAA Model-Network security architecture

AAA stands for authentication authorization and accounting

what is AAA

it is a fundamental security framework for controlling a user’s access to a network determining access levels or users privileges based on policies and user identity and keeping track of the user activities

Authentication is the first component of Triple AAA suppose you are the user it basically asks who are you you need some credentials normally username and a password to verify your identity after your identity is verified you will be granted with some privileges

The second component of triple AAA framework Authorization it is about what you can do the privileges can include what cancel resources or services you can assess what a tasks you can perform and how long you can use

third resources accounting is the third component of a triple a framework in a keep track of your log activities which may include what resources you used and how much you used and how long you used and etc data collected at this stage

what is radius server and how it works

what is radius server and how it works
what is radius server and how it works

Two different protocols are used to communicate between the AAA security servers and authenticating devices

Cisco secure ACS supports both TACACS+ and RADIUS

-TACACS+ remains more secure than RADIUS

-RADIUS has a robust application programming interface and strong accounting.

Radius stands for Remote Authentication Dial-In User Service (RADIUS) is a client-server networking protocol that runs in the application layer. it is a client-server protocol and A system that enables a network access server or to communicate with a central server to authenticate  users authorize their access to the network and it keeps the track of their activities in radius

radius is not adjusted for remote users as its name suggests but it can be used for local users for local users it can be through wireless or wired connection

In below example i will demonstrate what is radius server and how it works

Authenticating Router Access
Authenticating Router Access
AAA accounting command
AAA accounting command
AAA Authentication commands
AAA Authentication commands
AAA Authentication enable default command
AAA Authentication enable default command
AAA Command
AAA Command
AAA commands to lines and interface
AAA commands to lines and interface
AAA Configuration
AAA Configuration
AAA Example
AAA Example
AAA Login command
AAA Login command

what is radius server and how it works Summary

  • AAA Services provide a higher degree of scalability than the line-level and privileged EXEC authentication
  • AAA Services may be self-contained in the router or network access server(NAS) itself.This form of authentication is also known as local authentication
  • In situations where local authentication will not scale well such as for many remote clients connecting to the network from different locations,it is better to implement a remote security database
  • TACAS+ and radius are two predominant AAA protocols used by Cisco security appliances routers and switches for implementing AAA with a remote security database
  • The most common authentication method is the use of a username and password Authentication strength varies from the weakest which is to use a database of usernames and password to the strongest which is to use OTPs
  • PPP enables authentication between remote clients and servers using PAP,CHAP, or MS-CHAP
  • Administrative access to a router and remote LAN access through perimeter routers is secured using aaa commands
  • To configure AAA for local authentication on a router first enable AAA with the aaa new model command second specify a username and password with the username password password command and third specify local authentication with the aaa authentication login default local command
  • There are three commands to use when debugging AAA:debug  aaa authentication debug aaa authorization and debug aaa accounting
  • You can configure AAA with Cisco SDM by following the Configure > Additional Tasks > AAA path.

 

Leave a Comment