RADIUS
Embed This Widget
Add the script tag and a data attribute to embed this widget.
Embed via iframe for maximum compatibility.
<iframe src="https://ipfyi.com/iframe/glossary/radius/" width="420" height="400" frameborder="0" style="border:0;border-radius:10px;max-width:100%" loading="lazy"></iframe>Paste this URL in WordPress, Medium, or any oEmbed-compatible platform.
https://ipfyi.com/glossary/radius/Add a dynamic SVG badge to your README or docs.
[](https://ipfyi.com/glossary/radius/)Use the native HTML custom element.
Định nghĩa
Remote Authentication Dial-In User Service. Giao thức mạng cung cấp xác thực, ủy quyền và kế toán (AAA) tập trung cho người dùng kết nối vào mạng. Thường được sử dụng cho xác thực Wi-Fi, VPN và ISP.
AAA: Authentication, Authorization, Accounting
RADIUS (Remote Authentication Dial-In User Service) is a networking protocol that provides centralized Authentication (who are you?), Authorization (what are you allowed to do?), and Accounting (what did you do?) for network access. Originally designed for dial-up modem banks in RFC 2865, it now authenticates Wi-Fi users (WPA2-Enterprise), VPNVirtual Private Network. A technology that creates an encrypted tunnel between a device and a remote server, protecting data in transit and masking the user's real IP address. Used for privacy, security, and accessing restricted networks. connections, and wired 802.1X port access across billions of devices.
How RADIUS Works
A Network Access Server (NAS) — a VPN concentrator, a Wi-Fi controller, a switch — forwards credentials from a connecting client to a RADIUS server via UDPUser Datagram Protocol. A connectionless transport protocol that sends datagrams without establishing a connection or guaranteeing delivery. Faster than TCP, it is preferred for real-time applications like DNS queries, VoIP, gaming, and streaming. (ports 1812/1813). The RADIUS server validates credentials against a backend directory (LDAPLightweight Directory Access Protocol. A protocol for accessing and maintaining distributed directory information services (such as Active Directory) over TCP/IP. Used for centralized authentication and user directory lookups., Active Directory, a local database) and returns an Access-Accept, Access-Reject, or Access-Challenge. Access-Accept packets carry authorization attributes: VLAN assignment, session timeout, IP address pool, allowed services.
Security Considerations
RADIUS has well-known weaknesses. The shared secret between NAS and RADIUS server is used to obfuscate (not encrypt) passwords using MD5 — trivially crackable. RADIUS over TLS (RadSec, RFC 6614) replaces UDP with TCP over SSL/TLSSecure Sockets Layer / Transport Layer Security. Cryptographic protocols that provide encrypted, authenticated communication over a network. SSL is deprecated; modern implementations use TLS 1.2 or TLS 1.3., providing proper encryption and mutual certificate authentication. EAP (Extensible Authentication Protocol) carried inside RADIUS enables stronger methods: EAP-TLS (mutual certificates), EAP-TTLS, PEAP. IKEv2Internet Key Exchange version 2. A VPN protocol used with IPSec that excels at quickly re-establishing connections after network changes (MOBIKE), making it ideal for mobile devices switching between Wi-Fi and cellular./IPsec VPNs commonly use EAP-RADIUS to leverage enterprise directory credentials without distributing shared secrets. IP Blacklist Check can verify that RADIUS server IPs are not listed on abuse databases.