Architecture

RADIUS is a network protocol, a system that defines rules and conventions for communication between network device. Like many protocols, RADIUS uses a client-server model. A RADIUS client (also called a Network Access Server, or NAS) sends requests to a RADIUS server. The RADIUS server then processes the request and sends back a response.

Common NAS products include wireless access points such as the Linksys WRT54G and dial-up equipment commonly available from large network manufacturers. Common RADIUS server products include Cisco ACS, Microsoft IAS, Funk (now Juniper) Steel Belted RADIUS, Open Systems Radiator, and FreeRADIUS.

RADIUS Components

The RADIUS protocol shares the general concept of client-server communication with many other protocols such as HTTP and SMTP, the specifics of RADIUS communications differ. This section describes the RADIUS system in more detail, including the specific roles of the NAS, the server, and datastores such as MySQL and Lightweight Directory Access Protocol (LDAP).

User / Device

Requests access to the network. A device may be a laptop, modem, or VOIP Phone

Network Access Server (NAS)

Provides access to the network for the user/device. The NAS can be a switch, Wireless Access Point, or VPN Terminator.

Authentication Server

Receives authentication requests from the NAS and returns authentication results to the NAS. Optionally requests user and configuration information from the database or directory. The server may return configuration parameters to the NAS. Receives accounting information from the NAS. Some exanples of a RADIUS server are FreeRADIUS, Radiator, NPS, or IAS.

Datastore

Optional database or directory with user authentication and authorisation information. RADIUS server communicates with the data store using DB API or LDAP. Types of data stores include SQL Database, Kerberos Service Server, or an LDAP Directory.