Loading...
RADIUS Auth Protocol
The RADIUS (Remote Authentication Dial-In User Service) protocol is a security protocol primarily used to provide centralized Authentication and Authorization services for users attempting to access a network. It facilitates the validation of user credentials and determines user permissions before granting access. Widely adopted by ISPs and enterprise WLANs, RADIUS enables scalable and secure user management across various network access servers..
RADIUS, specified in RFC 2865, is a client/server protocol that operates on port 1812 over both UDP and TCP. It acts as a centralized service for managing user authentication and authorization for network access. Network devices like VPN concentrators, wireless access points, or switches act as RADIUS clients by forwarding user credentials to the RADIUS server, which validates them against a user database or identity provider.
Typically, a RADIUS exchange involves an Access-Request from the client with user credentials in response to which the server sends an Access-Accept or Access-Reject, depending on the verification outcome. The protocol supports attribute-value pairs allowing flexible policy enforcement and granular authorization control through vendor-specific attributes.
RADIUS is designed to work efficiently across large-scale infrastructures, supporting roaming and multiple access technologies. While originally over UDP for lightweight communication, modern implementations frequently support TCP or even TLS-secured variants (RadSec) to address reliability and security concerns.