RADIUS Protocol

If a single administrator wants to access 100 routers and local database of the device is used for username and password (authentication) then the administrator have to make the same user account different times. Also, if he wants to keep different username and password for the devices then he have to manually change the authentication for the devices. Ofcourse, it’s a hectic task.

To ease this task to some extent, ACS (Access Control Server) is used. ACS provides a centralised management system in which the database of username and password are kept. Also, authorization (means what the user is authorised to do) can be configured. But for this we have to tell the router to refer to ACS for its decision on authentication and authorization.

Two protocols are used between the ACS server and the client to serve this purpose:’

  1. TACACS+
  2. Radius

But here we will talk about RADIUS only.

RADIUS, stands for Remote Authentication Dial In User service, is a security protocol used in AAA framework to provide centralised authentication for users who want to gain access to the network.

Features – Some of the features of RADIUS are:

  1. Open standard protocol for AAA framework i.e it can used between any vendor device and Cisco ACS server.
  2. It uses UDP as transmission protocol.
  3. It uses UDP port number 1812 for authentication and authorisation and 1813 for accounting.
  4. If the device and ACS server is using RADIUS then only the passwords of AAA packets are encrypted.
  5. No explicit command authorization can be implemented.
  6. It provides greater extensive accounting support than TACACS+.
  7. In RADIUS, authentication and authorization are coupled together.

Working –
When other device want to access Network Access Server (NAS-client of RADIUS ), it will send access-request message to ACS server for the matching the credentials. In response to the access-request of the client, the ACS server will provide an access-accept message to the client if the credentials are valid and access-reject if the credentials do not match.

Advantage –

  1. As it is open standard, therefore it can be used between the other devices also.
  2. Greater extensive accounting support than TACACS+

Disadvantage –

  1. As RADIUS uses UDP therefore it is less reliable than TACACS+.
  2. No explicit command authorization can be implemented.
  3. RADIUS encrypt only the passwords. It doesn’t protect other data such as username.

Don’t stop now and take your learning to the next level. Learn all the important concepts of Data Structures and Algorithms with the help of the most trusted course: DSA Self Paced. Become industry ready at a student-friendly price.

My Personal Notes arrow_drop_up

Check out this Author's contributed articles.

If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to contribute@geeksforgeeks.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.

Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.

Article Tags :
Practice Tags :


Please write to us at contribute@geeksforgeeks.org to report any issue with the above content.