Protocol network icon

Remote Authentication Dial-In User Service (RADIUS) Protocol

What is RADIUS?

The Remote Authentication Dial-In User Service (RADIUS) was developed in 1991 as an access server authentication and accounting protocol. It was later brought into the Internet Engineering Task Force (IETF) standards. Just about everyone uses RADIUS, since RADIUS is the underlying authentication and access protocol used by the majority of network and computing systems. RADIUS is commonly used to facilitate roaming between ISPs.

How does RADIUS work?

The user or machine sends a request to a Network Access Server (NAS) to gain access to a network resource. This request includes access credentials (such as a username and password) which are passed to the NAS device via the link-layer protocol. The request may contain other information about the user, such as network address, phone number, or physical attachment to the NAS.

The RADIUS server checks that the information is correct using an authentication protocol (ex: PAP, CHAP, EAP). The RADIUS server returns with one of three responses: Access Reject, Access Challenge, or Access Accept. Each of these responses can be passed to the user in a return webpage.

Once the user is authenticated, the RADIUS server will check that the user is authorized for the specific network service.