RADIUS is a protocol that enables a single server to become responsible for all remote access authentication, authorization, and auditing (or accounting) services.

RADIUS functions as a client/server system.

The remote user dials in or connects to, the remote access server, which acts as a RADIUS client, or network access server (NAS), and connects to a RADIUS server.

The RADIUS server performs authentication, authorization, and auditing (or accounting) functions and returns the information to the RADIUS client (which is remote access server running RADIUS client software); the connection is either established or rejected based on the information received.

  • RFC 2865 and RFC 2866 for RADIUS accounting
  • Very flexible and open ended.
  • Handles passwords, logins, etc. – lots of extensions
  • Uses UDP at the Transport Layer

RADIUS Protocol Stack diagram

RADIUS devices on different networks can communicate about authority for users to proceed. Sharing users details with foreign network is bad news – so avoid it.