Overview: Configure RADIUS Authentication

About RADIUS authentication

The RADIUS protocol provides access control for network devices using one or more centralized servers. RADIUS operates over User Datagram Protocol (UDP) and provides Authentication, Authorization, and Accounting (AAA) management for users connecting to a network service. BIG-IP Next Access supports authenticating and authorizing the client against external RADIUS servers.

With the RADIUS Auth item, when a client connects with the user name and password, BIG-IP Next operates as the RADIUS client. It passes user information to the designated RADIUS server requesting authorization. The RADIUS server then processes the request and issues one of three responses to the BIG-IP Next system: Access Accept, Access Challenge, or Access Reject.

The authentication process occurs as follows:

An administrative user attempts to log into BIG-IP Next using an appropriate username and password.

  1. The BIG-IP Next Access compiles the user information and sends an ‘Access-Request’ message to the RADIUS server containing the user attributes.

  2. The RADIUS server receives the request and validates the user information.

  3. If the request is valid, the RADIUS server consults the user database to verify the user attributes.

  4. If any condition is not met, the RADIUS server sends an ‘Access-Reject’ response indicating that the request is invalid.

  5. If all conditions are met, the RADIUS server sends an ‘Access-Accept’ response containing a list of configuration values for the user.

Configure RADIUS Authentication

You can configure RADIUS authentication using the following method:

Configure RADIUS Authentication using BIG-IP Central Manager