multiSwitch – user manual
© TOPEX 2008 47
7.8 RADIUS activation
RADIUS (Remote Authentication Dial In User Service) is a networking protocol that provides
centralized access, authorization and accounting management (AAA) for people or computers to
connect and use a network service.
It is a protocol for carrying authentication, authorization, and configuration information
between a Network Access Server which desires to authenticate its links and a shared Authentication
Server.
The key features of RADIUS protocols are:
Client/Server Model
- A Network Access Server (NAS) operates as a client of RADIUS. The
client is responsible for passing user information to designated RADIUS servers, and then
acting on the response which is returned.
RADIUS servers are responsible for receiving user connection requests, authenticating the
user, and then returning all configuration information necessary for the client to deliver service to the
user. A RADIUS server can act as a proxy client to other RADIUS servers or other kinds of
authentication servers.
Network Security
- Transactions between the client and RADIUS server are authenticated
through the use of a shared secret, which is never sent over the network. In addition, any
user passwords are sent encrypted between the client and RADIUS server, to eliminate the
possibility that someone snooping on an unsecured network could determine a user's
password.
Flexible Authentication Mechanisms –
the RADIUS server can support a variety of methods
to authenticate a user. When it is provided with the user name and original password given by
the user, it can support PPP PAP or CHAP, UNIX login, and other authentication mechanisms.
Extensible Protocol
- All transactions are comprised of variable length Attribute -Length-
Value 3-tuples. New attribute values can be added without disturbing existing implementations
of the protocol.
TOPEX multiSwitch uses RADIUS protocol for the interconnection with an external billing
system. For instance, at this moment, multiSwitch RADIUS interface supports three types of RADIUS
dictionary – TOPEX, Quintum and Mind.
To activate the RADIUS interconnection with an external system you must configure first the
“
/mnt/app/cfg/exec.cfg
” configuration file. The lines which must be modified are detailed in the table
below and also were presented in chapter 8.3.3. Radius activation.
Radius parameter
Significance
radius_billing 1 radius_billing.cfg
Enable / disable RADIUS AAA main pool.
The last field is the name of the configuration
file used by this pool.
radius_billing_alt 1 radius_billing_alt.cfg
Enable / disable alternative pool for AAA
RADIUS.
The last field is the name of the configuration
file used by this pool.
radius_dictionary 0
0 = TOPEX; 1 = Quintum; default 0
tx_access_request 1
Send or not “access_request” for
authentication. The possible values are 0/1
tx_accounting_start 1
Send or not “accounting_start” for billing.
The possible values are 0/1. The billing can
be made also without sending “accounting
