8.2 Introduction to RADIUS
RADIUS protocol that support EAP extention should be used for Internation between switch and
authentication server system when user is being authenticated. RADIUS protocol is use of
supplicant/server model, switch needs implement RADIUS supplicant system, but authentication
server system needs implement RADIUS service system.
In order to ensure safe Internation between switch and authentication server system and
prevent unauthorized Internation, there must be a mutual authentication between switch and
authentication server system. Both of them need the same key, and all protocol packets should
accounding to password use of HMAC calculation to make information summary if switch and
authentication server system send RADIUS protocol packet, after switch and authentication
server system receive RADIUS protocol packet, all information summary of protocol packet
should be checked by password, if successful it is legal RADIUS protocol packet, instead it is
illegal RADIUS protocol packet that will be thrown away.
In this Section following contents included:
Introduction to protocol packet
Internation of Protocol Flow
Users validation ways
1. Introduction to protocol packet
RADIUS is a kind of protocol built on UDP, and RADIUS can pack authentication info. and
accounting info. Early RADIUS authentication port is 1645, but now is 1812, and early RADIUS
accounting port is 1646, but now is 1813.
For RADIUS is loaded on UDP, so RADIUS should be equipped with overtime-recurrent system.
Meantime in order to improve reliability of authenticator system and RADIUS server
communications, generally two RADIUS server schemes are used that is to say use of standby
server system.
About RADIUS packet format please refer to Figure 8-6. Code means the RADIUS protocol
packet type. Identifier is for identifying purpose, used for matching request and response.
Length indicates the total length of the whole packet (including head). Authenticator is a string
including 16 byte, which is a random number for request packet, and the message summary