Remote Authentication Dial In User Service (RADIUS) Authentication

Remote Authentication Dial In User Service (RADIUS) is another popular authentication mechanism used in network environments, and is standardized in RFC 2138. RADIUS does not explicitly follow the AAA model – instead, it combines both authentication and authorization functions. However, a RADIUS implementation is also made up of clients and servers. When a RADIUS client (such as a switch, router, or VPN server) receives an authentication request, it passes that request to its configured RADIUS server for validation. While similar in function to TACACS+, the two authentication mechanisms are completely separate and are not compatible. One major difference between the two is that TACACS+ use TCP as its transport, while RADIUS uses UDP.

The Cisco Secure ACS product can also function as a RADIUS server. A variety of third-party RADIUS server solutions also exist. It has become increasingly common for vendors to build RADIUS client functionaility into their network equipment, making it a great choice for authentication, authorization, and accounting functions in heterogeneous network environments.

Author: Dan DiNicolo

Dan DiNicolo is a freelance author, consultant, trainer, and the managing editor of He is the author of the CCNA Study Guide found on this site, as well as many books including the PC Magazine titles Windows XP Security Solutions and Windows Vista Security Solutions. Click here to contact Dan.