Open In App

RADIUS Protocol

Improve
Improve
Like Article
Like
Save
Share
Report

If a single administrator wants to access 100 routers and the local database of the device is used for username and password (authentication) then the administrator has to make the same user account at different times. Also, if he wants to keep a different username and password for the devices then he has to manually change the authentication for the devices. Ofcourse, it’s a hectic task. 

To ease this task to some extent, ACS (Access Control Server) is used. ACS provides a centralized management system in which the database of username and password are kept. Also, authorization (means what the user is authorized to do) can be configured. But for this, we have to tell the router to refer to ACS for its decision on authentication and authorization. 

Two protocols are used between the ACS server and the client to serve this purpose:’ 
 

  1. TACACS+ 
     
  2. Radius 
     

But here we will talk about RADIUS only. 

RADIUS – 
RADIUS stands for Remote Authentication Dial-In User Service, is a security protocol used in the AAA framework to provide centralized authentication for users who want to gain access to the network. 

Features – Some of the features of RADIUS are: 
 

  1. Open standard protocol for AAA framework i.e it can use between any vendor device and Cisco ACS server. 
     
  2. It uses UDP as a transmission protocol. 
     
  3. It uses UDP port number 1812 for authentication and authorization and 1813 for accounting. 
     
  4. If the device and ACS server are using RADIUS then only the passwords of AAA packets are encrypted. 
     
  5. No explicit command authorization can be implemented. 
     
  6. It provides greater extensive accounting support than TACACS+. 
     
  7. In RADIUS, authentication and authorization are coupled together. 
     

Working – 
When other devices want to access the Network Access Server (NAS-client of RADIUS ), it will send an access request message to the ACS server for matching the credentials. In response to the access request of the client, the ACS server will provide an access-accept message to the client if the credentials are valid and access-reject if the credentials do not match. 

Advantage – 

  1. As it is an open standard, therefore it can be used between the other devices also. 
     
  2. Greater extensive accounting support than TACACS+ 
  3. Centralized authentication and authorization: RADIUS enables centralized authentication and authorization, which means that user credentials can be stored in a central database, simplifying network administration and reducing the risk of security breaches.
  4. Flexible user management: With RADIUS, administrators can manage users and their access permissions more easily and with greater granularity. This makes it possible to tailor network access to specific user needs, without sacrificing security.
  5. Integration with other network protocols: RADIUS can be integrated with other network protocols, such as LDAP or Kerberos, to provide even greater flexibility and functionality.
  6. Scalability: RADIUS is highly scalable and can support large networks with many users and devices.
     

Disadvantage – 

  1. As RADIUS uses UDP, therefore, it is less reliable than TACACS+. 
     
  2. No explicit command authorization can be implemented. 
     
  3. RADIUS encrypts only the passwords. It doesn’t protect other data such as username. 
  4. Limited support for command authorization: While RADIUS can authenticate users and authorize access to the network, it does not provide explicit command authorization. It means that it may not be suitable for environments where strict control over user actions is required.
  5. Vulnerability to attacks: RADIUS is vulnerable to various types of attacks, such as spoofing, replay attacks, and dictionary attacks, which can compromise network security.
  6. Lack of built-in encryption: RADIUS only encrypts user passwords, and not other sensitive data such as usernames or access credentials. This can make it easier for attackers to intercept and steal network credentials.
  7. Complexity: RADIUS can be complex to configure and manage, especially in larger network environments. T
  8. Compatibility issues: While RADIUS is an open standard, it may not be compatible with all network devices and protocols.
     

Last Updated : 09 May, 2023
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads