RADIUS
Status: Scaffold — content in progress
RADIUS (Remote Authentication Dial-In User Service) is a client-server protocol for network authentication, authorization, and accounting (AAA). Used for VPN, 802.1X Wi-Fi, network device login.
Protocol
- UDP 1812 (auth), UDP 1813 (accounting)
- Shared secret between NAS (Network Access Server) and RADIUS server
- Attributes carry credential and policy data
802.1X and RADIUS
In enterprise Wi-Fi and wired NAC:
- Device connects → 802.1X supplicant sends EAP request
- Switch/AP (authenticator) forwards to RADIUS server
- RADIUS validates (against AD via LDAP/Kerberos or NPS)
- Access granted/denied
Security Considerations
- Shared secret is critical — MD5-based encryption is weak
- RADIUS over TLS (RadSec) for transit security
- NPS (Network Policy Server) on Windows → can integrate with AD groups
Cross-Links
| Topic | Link |
|---|---|
| TACACS+ | tacacs-plus |