RADIUS (Remote Authentication Dial-In User Service) is a widely used client-server protocol that offers centralized authentication, authorization, and accounting (AAA) management for users connecting to a network. Developed in 1991, RADIUS allows the transfer of user authentication and configuration information between devices and servers on a network.

How RADIUS Works

RADIUS uses the User Datagram Protocol (UDP) for communication between the client and the server. When a user attempts to connect to a network, the client (like a VPN server or wireless access point) forwards the authentication request to the RADIUS server. The server then checks the user’s credentials against its user database or forwards the request to another authentication server.

Upon successful authentication, the RADIUS server sends back an Access-Accept message, as well as user-specific access policies (such as VLAN assignments or firewall rules). If the authentication fails, the server sends an Access-Reject message. Additionally, RADIUS tracks and reports user activity, making it responsible for the accounting aspect of AAA.

Benefits of RADIUS


Another popular AAA protocol is Terminal Access Controller Access-Control System Plus (TACACS+). While both RADIUS and TACACS+ provide similar functionality, there are notable differences:

Organizations may choose between RADIUS and TACACS+ based on their specific requirements, network setup, and device compatibility.

In conclusion, RADIUS plays a crucial role in implementing a robust and efficient AAA framework, simplifying network administration while ensuring security and compliance.