Skip to content
Related Articles

Related Articles

Improve Article

RADIUS Protocol

  • Difficulty Level : Hard
  • Last Updated : 09 Aug, 2019

If a single administrator wants to access 100 routers and local database of the device is used for username and password (authentication) then the administrator have to make the same user account different times. Also, if he wants to keep different username and password for the devices then he have to manually change the authentication for the devices. Ofcourse, it’s a hectic task.

To ease this task to some extent, ACS (Access Control Server) is used. ACS provides a centralised management system in which the database of username and password are kept. Also, authorization (means what the user is authorised to do) can be configured. But for this we have to tell the router to refer to ACS for its decision on authentication and authorization.

Two protocols are used between the ACS server and the client to serve this purpose:’

  1. TACACS+
  2. Radius

But here we will talk about RADIUS only.

RADIUS, stands for Remote Authentication Dial In User service, is a security protocol used in AAA framework to provide centralised authentication for users who want to gain access to the network.

Features – Some of the features of RADIUS are:

  1. Open standard protocol for AAA framework i.e it can used between any vendor device and Cisco ACS server.
  2. It uses UDP as transmission protocol.
  3. It uses UDP port number 1812 for authentication and authorisation and 1813 for accounting.
  4. If the device and ACS server is using RADIUS then only the passwords of AAA packets are encrypted.
  5. No explicit command authorization can be implemented.
  6. It provides greater extensive accounting support than TACACS+.
  7. In RADIUS, authentication and authorization are coupled together.

Working –
When other device want to access Network Access Server (NAS-client of RADIUS ), it will send access-request message to ACS server for the matching the credentials. In response to the access-request of the client, the ACS server will provide an access-accept message to the client if the credentials are valid and access-reject if the credentials do not match.

Advantage –

  1. As it is open standard, therefore it can be used between the other devices also.
  2. Greater extensive accounting support than TACACS+

Disadvantage –

  1. As RADIUS uses UDP therefore it is less reliable than TACACS+.
  2. No explicit command authorization can be implemented.
  3. RADIUS encrypt only the passwords. It doesn’t protect other data such as username.

Attention reader! Don’t stop learning now. Get hold of all the important CS Theory concepts for SDE interviews with the CS Theory Course at a student-friendly price and become industry ready.


My Personal Notes arrow_drop_up
Recommended Articles
Page :