RADIUS System Components

Like many protocols, RADIUS uses a client-server model. A RADIUS client (also called a Network Access Server, or NAS) sends requests to a RADIUS server. The RADIUS server then processes the request and sends back a response.

Common NAS products include wireless access points such as the Linksys WRT54G and dial-up equipment commonly available from large network manufacturers. Common RADIUS server products include Cisco ISE, Microsoft NPS, Steel Belted RADIUS, Open Systems Radiator, and FreeRADIUS.

While the RADIUS protocol shares the general concept of client-server communication with many other protocols such as HTTP and SMTP, the specifics of RADIUS communications differ. The following sections describe the RADIUS system in more detail, including the roles of the NAS, the server, and databases such as MySQL and Lightweight Directory Access Protocol (LDAP).

Table 1. RADIUS components and their descriptions.
Component Name Functions Examples

User/Device

Requests access to the network.

Laptop

Asymmetric Digital Subscriber Line (ADSL) Modem

VOIP Phone

Network Access Server (NAS)

Provides access to the network for the user/device.

Switch

Wireless Access Point

DSLAM

VPN Terminator

RADIUS Server

Receives authentication requests from the NAS.
Returns authorization information to the NAS.
Optionally requests user and configuration information from the database or directory.
May return configuration parameters to the NAS.
Receives accounting information from the NAS.

FreeRADIUS

Radiator

ISE

NPS

databases

System which stores user credentials, accounting information, etc.

SQL Database

Kerberos Service Server

LDAP Directory