Wireless connection validating identity networking wireless
A RADIUS client is usually referred to as a The RADIUS server receives user authentication requests and subsequently returns configuration information required for the client (in this case, the Cisco ASA) to support the specific service to the user.The RADIUS server does this by sending Internet Engineering Task Force (IETF) or vendor-specific attributes.The TACACS authentication concept is similar to RADIUS.The NAS sends an authentication request to the TACACS server (daemon).TACACS uses port 49 for communication and allows vendors to use either User Datagram Protocol (UDP) or TCP encoding.Cisco ASA uses the TCP version for its TACACS implementation.Cisco ASA supports local and external authorization, depending on the service used. NOTE Local authorization for administrative sessions can be used only for command authorization.
The RADIUS server can also send IETF or vendor-specific attributes to the Cisco ASA, depending on the implementation and services used.
NOTE Passwords are sent as encrypted messages from the Cisco ASA to the RADIUS server.
This is useful to protect this critical information from an intruder.
These attributes can contain information such as an IP address to assign the client and authorization information.
RADIUS servers combine authentication and authorization phases into a single request-and-response communication cycle.The Cisco ASA hashes the password, using the shared secret that is defined on the Cisco ASA and the RADIUS server.