Skip to content
Related Articles
Open in App
Not now

Related Articles

RADIUS Protocol

Improve Article
Save Article
  • Difficulty Level : Hard
  • Last Updated : 31 Jul, 2021
Improve Article
Save Article

If a single administrator wants to access 100 routers and the local database of the device is used for username and password (authentication) then the administrator has to make the same user account at different times. Also, if he wants to keep a different username and password for the devices then he has to manually change the authentication for the devices. Ofcourse, it’s a hectic task. 

To ease this task to some extent, ACS (Access Control Server) is used. ACS provides a centralized management system in which the database of username and password are kept. Also, authorization (means what the user is authorized to do) can be configured. But for this, we have to tell the router to refer to ACS for its decision on authentication and authorization. 

Two protocols are used between the ACS server and the client to serve this purpose:’ 

  1. TACACS+ 
  2. Radius 

But here we will talk about RADIUS only. 

RADIUS stands for Remote Authentication Dial-In User Service, is a security protocol used in the AAA framework to provide centralized authentication for users who want to gain access to the network. 

Features – Some of the features of RADIUS are: 

  1. Open standard protocol for AAA framework i.e it can use between any vendor device and Cisco ACS server. 
  2. It uses UDP as a transmission protocol. 
  3. It uses UDP port number 1812 for authentication and authorization and 1813 for accounting. 
  4. If the device and ACS server are using RADIUS then only the passwords of AAA packets are encrypted. 
  5. No explicit command authorization can be implemented. 
  6. It provides greater extensive accounting support than TACACS+. 
  7. In RADIUS, authentication and authorization are coupled together. 

Working – 
When other devices want to access the Network Access Server (NAS-client of RADIUS ), it will send an access request message to the ACS server for matching the credentials. In response to the access request of the client, the ACS server will provide an access-accept message to the client if the credentials are valid and access-reject if the credentials do not match. 

Advantage – 

  1. As it is an open standard, therefore it can be used between the other devices also. 
  2. Greater extensive accounting support than TACACS+ 

Disadvantage – 

  1. As RADIUS uses UDP, therefore, it is less reliable than TACACS+. 
  2. No explicit command authorization can be implemented. 
  3. RADIUS encrypts only the passwords. It doesn’t protect other data such as username. 
My Personal Notes arrow_drop_up
Related Articles

Start Your Coding Journey Now!