RADIUS (Remote Access Dial-In User Service), RADIUS Protocol is a AAA (Authentication, Authorization, Accounting) protocol that is developed by IETF. RADIUS is a standard base AAA Protocol supported by all vendors. Other important AAA Protocol is TACACS+. We will discuss TACACS+ in another lesson.
Mainly, the job of RADIUS is providing Secure Network Access. Remote Access Dial-In User Service provides this, by using Password Encryption. With RADIUS, remote users are authenticated to access the network.
RADIUS is a Client/Server Protocol. RADIUS messaging is done between, Client and Server. Client sends the credentials of it to the Server, then accepts the responds of RADIUS Server. If the answer comes positively, then RADIUS Client can connect to the network.
For RADIUS communication, as a Transport Protocol, RADIUS uses UDP. UDP Ports 1812, 1645 are used for Authentication and UDP Ports 1813,1646 are used for Accounting in RADIUS.
Remote Access Dial-In User Service combined the Authentication and the Authorization. For example if an Authentication request sent, then with authentication response, Authorization response is also expected. Beside this combined structure of authentiction and authorization, RADIUS uses a saparate Accounting.
In RADIUS Protocol there is no command logging. This means that, if two administrator configure a device and enter commands, we can not know which commands are entered by which administrator by Remote Access Dial-In User Service.
There is only one privilege level used for RADIUS Protocol.