RADIUS Server Explained | AAA Protocol
RADIUS stands for Remote Authentication Dial-In User Service. It helps an organization to centralize authentication for remote connections. It enables remote access servers (NAS) to communicate with a central server. It provides Authentication, Authorization, and Accounting (AAA) services for multiple access servers. Radius used port number 1812.
Basically, RADIUS works based on a client-server model that runs in the application layer and used TCP or UDP protocol for sending requests. Here, requests are of two types: Access-Request and Accounting-Request. The first one manages authentication and authorization, while later, one takes care of accounting.
How RADIUS Works
Here we will see how RADIUS works in a practical scenario. For understanding, you need to understand some terms:
User: It denotes the end-user who seeks authentication from RADIUS.
NAS: It stands for Network Access Server. The user first interacts with NAS for authentication and authorization.
RADIUS: This server validates the user against stored authentication data.
Now, we see the steps in little detail:
Step 1: User initiates PPP authentication to the NAS (RADIUS client). PPP stands for Point-to-Point Protocol (PPP) and it is a data link layer (layer 2) communications protocol used to establish a direct connection between two nodes.
Step 2: NAS asked for credentials (e.g. username and password) for initial authentication.
Step 3: User provides credentials to NAS.
Step 4: NAS sends the username and encrypted password to the RADIUS server.
Step 5: RADIUS server responds with Accept, Reject, or Challenge based on input provided by NAS.
Step 6: The NAS acts accordingly and allows/rejects authentication based on the correctness of credentials.
Applications of RADIUS server
- Many Internet Service Providers (ISP) use RADIUS for the authentication of internal users.
- Big organizations have more than one Network Access Server (NAS) to manage employees. Those organizations use the RADIUS server to verify authentication, and authorization and to track the accounting of users.
Subscribe us to receive more such articles updates in your email.
If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!
Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.