RADIUS
What is RADIUS?
RADIUSA widely deployed AAA protocol used by network devices to authenticate, authorize, and account for user or device access.
RADIUS (Remote Authentication Dial-In User Service), defined in RFCs 2865 and 2866, lets network access servers — Wi-Fi controllers, switches, VPN gateways — delegate authentication and authorization to a central server. The client sends UDP requests carrying credentials (often inside EAP messages for 802.1X), and the server returns Access-Accept or Access-Reject decisions along with attributes such as VLAN, ACL, or session timeout. Accounting messages then log session start, stop, and usage. RADIUS uses a shared secret and per-packet authenticator; modern deployments add RADIUS over TLS (RadSec) or DTLS to protect attributes from on-path attackers. It underpins enterprise NAC, eduroam, and most carrier authentication.
● Examples
- 01
A wireless controller forwards an 802.1X authentication to a RADIUS server, which returns the VLAN and access list.
- 02
A VPN gateway uses RADIUS accounting to record session duration and bytes transferred per user.
● Frequently asked questions
What is RADIUS?
A widely deployed AAA protocol used by network devices to authenticate, authorize, and account for user or device access. It belongs to the Network Security category of cybersecurity.
What does RADIUS mean?
A widely deployed AAA protocol used by network devices to authenticate, authorize, and account for user or device access.
How do you defend against RADIUS?
Defences for RADIUS typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for RADIUS?
Common alternative names include: Remote Authentication Dial-In User Service.