Security and authentication mechanisms, Basic message exchange process of radius, Security and authentication mechanisms -2 – H3C Technologies H3C WX6000 Series Access Controllers User Manual
Page 437: Basic message exchange process of radius -2, Figure 38-1
38-2
Figure 38-1 RADIUS server components
Users: Stores user information such as the usernames, passwords, applied protocols, and IP
addresses.
Clients: Stores information about RADIUS clients, such as the shared keys and IP addresses.
Dictionary: Stores information about the meanings of RADIUS protocol attributes and their values.
Security and Authentication Mechanisms
Information exchanged between a RADIUS client and the RADIUS server is authenticated with a
shared key, which is never transmitted over the network. This enhances the information exchange
security. In addition, to prevent user passwords from being intercepted on insecure networks, RADIUS
encrypts passwords before transmitting them.
A RADIUS server supports multiple user authentication methods, for example, the Password
Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP) of the
Point-to-Point Protocol (PPP). Moreover, a RADIUS server can act as the client of another AAA server
to provide authentication proxy services.
Basic Message Exchange Process of RADIUS
illustrates the interaction of the host, the RADIUS client, and the RADIUS server.