RADIUS (Remote Authentication Dial-In User Service) is a network protocol used for centralized Authentication, Authorization, and Accounting (AAA) when users connect to networks. It was developed in the early 1990s by Livingston Enterprises and later standardized by the IETF. The main purpose of RADIUS is to verify user identities, define their access level, and record their activity.
Core Functions
RADIUS implements three key functions, known as the AAA model:
- Authentication – verifying a username, password, or other credentials to confirm identity.
- Authorization – determining which resources and services are available to a user after successful authentication.
- Accounting – collecting information about session duration, data usage, and other parameters for monitoring and billing.
How It Works
The RADIUS architecture is based on the client–server model:
- RADIUS client – typically a network device (router, switch, Wi-Fi access point, or VPN gateway) that sends requests to the server.
- RADIUS server – validates user credentials and returns a response (grant or deny access).
- Database – often integrated with Active Directory, LDAP, or internal systems where user data is stored.
When a user attempts to connect to a network, the client device sends their credentials (e.g., login and password) to the RADIUS server. The server checks the database and responds with access approval or denial, along with connection parameters.
Applications
RADIUS is widely used in enterprise and service provider networks:
- to manage access to corporate Wi-Fi;
- for VPN authentication;
- by ISPs to control customer accounts;
- in data centers and cloud services for centralized access management.
Using the RADIUS protocol enhances security and provides detailed connection accounting.