1 Introduction The Remote Authentication Dial-In User Service (Remote AuthenTIcaTIon Dial In User Service, RADIUS) was originally proposed by Livingston to provide authentication and billing protocols for dial-up users. After many improvements, it has gradually become a general network authentication and charging protocol, and is defined in the RFC2865 and RFC2866 documents submitted by the IETF. The RADIUS protocol works in Client / Server mode. The client is a network access server (NAS). It submits authentication and accounting information to the RADIUS server. The RADIUS server processes the information and returns the result to the NAS. The RADIUS protocol has a wide range of applications, and is used in authentication and billing systems for services such as mobile, data, and intelligent networks. In the 802.1X authentication framework of the wireless local area network, it is also recommended to use the RADIUS protocol at the authentication end. This article will discuss the principles of the RADIUS protocol and discuss its application and implementation in WLAN. 2 RADIUS protocol 2.1 WLAN network model In practical commercial wireless LANs, LAN switches can be used to implement port control functions in the 802.1X authentication protocol. To ensure the security of the network, a firewall should be added to the exit and authentication end of the wireless LAN. RADIUS server and database can also adopt the main and backup structure to ensure the robustness of the network. The network model is shown below: Figure 1 WLAN network model The authentication end of the wireless local area network is composed of a RADIUS server, a network access server (NAS) and a database. among them: NAS: As the client of the RADIUS server, it transfers the user's authentication information to the RADIUS server. And after the user passes the authentication, it sends accounting information to the RADIUS server. RADIUS server: As the central server of the authentication system, it is connected to the NAS and the database. It accepts the information submitted by the NAS, performs corresponding operations on the database, and returns the processing results to the NAS. Database: used to store all user information, billing information and other information. User information is added to the database by the network administrator; billing information comes from the RADIUS server; other information includes log information. 2.2 RADIUS packet structure RADIUS is a protocol at the application layer. At the transport layer, its packets are encapsulated in UDP packets and then encapsulated into IP packets. RADIUS authentication uses port 1812, and accounting uses port 1813. Packet structure after RADIUS encapsulation on Ethernet: The RADIUS packet is divided into 5 parts: (1) Code: 1 byte, used to distinguish the type of RADIUS packet: Common types are: Access request (Access-Request), Code = 1; Access response (Access-Accept), Code = 2; Access rejection (Access-Reject), Code = 3; Charging request (AccounTIng-Request), Code = 4th. (2) IdenTIfier: One byte, used for matching request and response packets. (3) Length: Two bytes, indicating the length of the RADIUS data area (including Code, Identifier, Length, Authenticator, Attributes), the unit is byte, the minimum is 20, and the maximum is 4096. (4) Authenticator: 16 bytes, used to verify the server-side response, and also used to encrypt user passwords. The shared secret (Shared Secret), request authenticator (Request Authenticator) and response authenticator (Response Authenticator) of the RADIUS server and NAS together support the integrity and authentication of the sent and received messages. In addition, the user password cannot be transmitted in clear text between the NAS and the RADIUS server, and generally uses a shared secret (Shared Secret) and authentication code (Authenticator) to encrypt and hide through the MD5 encryption algorithm. (5) Attributes: Indefinite length, the minimum can be 0 bytes, describing the attributes of the RADIUS protocol, such as user name, password, IP address and other information are stored in this data segment. 2.3 RADIUS authentication and accounting process As shown in Figure 1 network model: (1) When the applicant logs in to the network, the NAS will have a Login prompt defined by the customer requesting the applicant to enter user information (user name and password). After the applicant enters the relevant authentication information, it waits for the authentication result. (2) After obtaining user information, the NAS will send an "Access-Request" packet to the RADIUS server according to the RADIUS data packet format. The package generally includes the following RADIUS attribute values: user name, user password, access server ID, access port ID. (3) After the RADIUS server receives the "access request" packet, it first verifies whether the NAS shared password is consistent with the preset value in the RADIUS server to confirm that it belongs to the RADIUS client. After checking the correctness of the package, the RADIUS server will query the user database for the user record based on the user name in the package. If the user information does not match, it sends an Access-Reject packet to the NAS. After receiving the rejection packet, the NAS will immediately stop the service request of the user connection port, and the user is forced to quit. (4) If the user information is all consistent, the server sends an "Access Challenge" package (Access-Challenge) to the NAS to further verify the user's login request. Including: user password, user login access server IP, user login physical port number, etc. After receiving the "Access Challenge" package, the NAS displays a message to the user, asking the user to further confirm the login request. After the user confirms again, the RADIUS server will compare the two request information and decide how to respond to the user (send Access-Accept, Access-Reject or Access-Challenge again). (5) After all authentication conditions and handshake sessions are passed, the RADIUS server will return the user configuration information in the database to the NAS in the "Access-Accept" package, which will be based on the The configuration information limits the user's specific network access capabilities. Including service types: SLIP, PPP, Login User, Rlogin, Framed, Callback, etc. It also includes configuration information related to the type of service: IP address, time limit, etc. (6) After all authentication and authorization are completed, the control port of the LAN switch is opened. Users can enter the network through the switch. At the same time, the NAS sends an "Accounting-Request Start" packet to the RADIUS server to notify the RADIUS server to start accounting. When the user goes offline, the NAS sends an "Accounting-Request Stop" packet to the RADIUS server. The RADIUS server calculates the user's network usage fee based on the information in the accounting packet.
Magic 5 Inch LED Downlights can be detachable in two parts. One 12W/15W module, and 4 Inch size rings.
5 Inch LED Downlights 5 Inch LED Downlights,5 Inch Square LED Downlights,5 Inch Dimmable LED Downlights,Recessed LED Downlight SHENZHEN KEHEI LIGHTING TECHNOLOGY CO.LTD , https://www.keheiled.com
1. 5 Inch LED Downlights long life up to 25000Hrs.
2. 5 Inch Led Downlights can save 80% energy
3. Color temperature of 5 Inch LED Downlights: warm white, nature white, cool white.
4. Rate voltage of 5 Inch LED Downlights: AC100-240V.
5. Frequency of 5 Inch LED Downlights: 50HZ.
6. 5 Inch LED Downlights with 2 years Warranty.
7. Dimmable & CCT Changeable Downlight can be abvailable.
8. White, black, silver corlor for option.
