ImageMedia Gateway, also commonly referred to as VoIP Gateway is device which provides connection between an endpoint on VoIP packet-switched network and PSTN circuit-switched network.

The gateway translates between transmission formats and the communication protocols that are used on each side. The gateway packetizes the voice and routes it over VoIP network. In carrier class system, media gateways are provided as stand-alone devices.

Home arrow Carrier Grade VoIP
Radius Server Print E-mail

ImageRemote Authentication Dial-In User Service (RADIUS) is a client/server protocol and software that enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or service. RADIUS allows a company to maintain user profiles in a central database that all remote servers can share.


It provides better security, allowing a company to set up a policy that can be applied at a single administered network point. Having a central service also means that it's easier to track usage for billing and for keeping network statistics. RADIUS is a de facto industry standard used by a number of network product companies and is a proposed IETF standard.

RADIUS primary use is for Internet Service Provider though it may as well be used on any network that needs a centralized authentication and/or accounting service for its workstations. The package includes an authentication and accounting server and some administrator tools.


1. Authentication Scheme

Radius supports a wide variety of authentication schemes. A user supplies his authentication data to the server either directly by answering the terminal server's login/password prompts, or using PAP or CHAP protocols. The server obtains the user's personal data from one of the following places:

  • System Database. The user's login and password are stored in /etc/passwd on the server, i.e. they are a "normal" UNIX user on the system.

  • Internal Database. The user's login ID, password etc. are stored in the internal radius database. The user's password is stored in encrypted form using either MD5 or DES hash, whichever is appropriate. Alternatively, a plaintext password can also be used if CHAP protocol is being used, CHAP usage is strongly discouraged for security reasons.

  • SQL authentication. User's details are stored in an SQL database. The database structure is fully determined by the system administrator, Radius does not restrict it in any way. See Interaction with SQ. L Servers.

  • PAM authentication. User is authenticated via PAM (Pluggable Authentication Service) framework. See the Linux PAM homepage for more details.


2. Accounting Scheme

Radius has three built-in accounting schemes: 

  • Unix accounting. Accounting data are stored in radutmp/radwtmp files and can be viewed using radwho and radlast commands. Both commands are upward compatible with their Unix counterparts who and last.

  • Detailed accounting. The detailed accounting information is stored in plain text format. The resulting files can easily be parsed using standard text processing tools (grep, awk, etc.)

  • SQL accounting. Upon receiving accounting information Radius stores it in an SQL database. This can then be processed using standard SQL queries.Radius is extensible and new accounting methods can be added using the extension language.


3. Interaction with SQL Servers

Radius is currently able to communicate with MySQL and PostgreSQL servers. Other DBMS are supported via ODBC interface. Radius imposes no restrictions on the structure of authentication and accounting tables. The queries it uses to store and retrieve records are supplied by the system administrator thus allowing complete freedom in creating and configuring the databases.


4. Extensibility

Radius is a fully extensible system. It supports two extension languages: the built-in Rewrite language and Scheme. Rewrite has a syntax reminiscent of C and is designed primarily for modifying ("rewriting") the contents of incoming requests. The two extension mechanisms can interoperate with each other: e.g. Scheme functions can call Rewrite functions.


5. SNMP Management

Radius allows for SNMP management of its activities. Its MIB tree contains MIBs proposed by RFC 2619 and 2621 as well as its private extensions.


6. Terminal Servers

Radius is compatible with any existing terminal server. It can even communicate with terminal servers that have some deviations from the RADIUS protocol. The built-in extension language allows the administrator to write his own rules for ad hoc parsing and restructuring of the packets coming from terminal servers.

Clarisense Digital Media 2006 | Privacy Policy | Terms Of Use