Skip to content
Related Articles
Open in App
Not now

Related Articles

RADIUS Protocol

Improve Article
Save Article
  • Difficulty Level : Hard
  • Last Updated : 31 Jul, 2021
Improve Article
Save Article

If a single administrator wants to access 100 routers and the local database of the device is used for username and password (authentication) then the administrator has to make the same user account at different times. Also, if he wants to keep a different username and password for the devices then he has to manually change the authentication for the devices. Ofcourse, it’s a hectic task. 

To ease this task to some extent, ACS (Access Control Server) is used. ACS provides a centralized management system in which the database of username and password are kept. Also, authorization (means what the user is authorized to do) can be configured. But for this, we have to tell the router to refer to ACS for its decision on authentication and authorization. 

Two protocols are used between the ACS server and the client to serve this purpose:’ 
 

  1. TACACS+ 
     
  2. Radius 
     

But here we will talk about RADIUS only. 

RADIUS – 
RADIUS stands for Remote Authentication Dial-In User Service, is a security protocol used in the AAA framework to provide centralized authentication for users who want to gain access to the network. 

Features – Some of the features of RADIUS are: 
 

  1. Open standard protocol for AAA framework i.e it can use between any vendor device and Cisco ACS server. 
     
  2. It uses UDP as a transmission protocol. 
     
  3. It uses UDP port number 1812 for authentication and authorization and 1813 for accounting. 
     
  4. If the device and ACS server are using RADIUS then only the passwords of AAA packets are encrypted. 
     
  5. No explicit command authorization can be implemented. 
     
  6. It provides greater extensive accounting support than TACACS+. 
     
  7. In RADIUS, authentication and authorization are coupled together. 
     

Working – 
When other devices want to access the Network Access Server (NAS-client of RADIUS ), it will send an access request message to the ACS server for matching the credentials. In response to the access request of the client, the ACS server will provide an access-accept message to the client if the credentials are valid and access-reject if the credentials do not match. 

Advantage – 

  1. As it is an open standard, therefore it can be used between the other devices also. 
     
  2. Greater extensive accounting support than TACACS+ 
     

Disadvantage – 

  1. As RADIUS uses UDP, therefore, it is less reliable than TACACS+. 
     
  2. No explicit command authorization can be implemented. 
     
  3. RADIUS encrypts only the passwords. It doesn’t protect other data such as username. 
     
My Personal Notes arrow_drop_up
Related Articles
1. Hot Standby Router Protocol (HSRP) and Virtual Router Redundancy Protocol (VRRP)
2. Cisco Discovery Protocol (CDP) and Link Layer Discovery Protocol (LLDP) in Data Link Layer
3. Difference between Border Gateway Protocol (BGP) and Routing Information Protocol (RIP)
4. Difference between Serial Line Internet Protocol (SLIP) and Point-to-Point Protocol (PPP)
5. Difference between File Transfer Protocol (FTP) and Secure File Transfer Protocol (SFTP)
6. Difference between Spanning Tree Protocol (STP) and Rapid Spanning Tree Protocol (RSTP)
7. Difference between Stop and Wait protocol and Sliding Window protocol
8. Difference between TACACS+ and RADIUS
9. Difference between Kerberos and RADIUS
10. Difference between LDAP and RADIUS
Previous
Difference between TACACS+ and RADIUS
Next
Message switching techniques
Article Contributed By :
https://media.geeksforgeeks.org/auth/avatar.png
saurabhsharma56
@saurabhsharma56
Vote for difficulty
Current difficulty : Hard
Improved By :
Article Tags :
Practice Tags :
Report Issue
We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox

Start Your Coding Journey Now!