Introduction to RADIUS- Remote Authentication Dial-In User Service

Today I am going to talk about the major component of the network which provide you the authentication services whenever called from the user. 

The major component is called as RADIUS. This major component hosted on the server which is capable of giving the right reports of the users authentication. Let's talk about the RADIUS server or so called Remote Authentication Dial-In User Service

What is RADIUS- Remote Authentication Dial-In User Service?
RADIUS( Remote Authentication Dial-In User Service) is a server systems with which we can secures our networks against unauthorized access. So RADIUS clients run on supported routers and switches. Clients send authentication requests to a central RADIUS server, which contains all user authentication and network service access information. 

If i talk about RADIUS in other simpler words you can say that the system is a network protocol  by which we are defining rules and conventions for communication between network devices - for remote user authentication and accounting. 

What is the main purpose of RADIUS servers ?
Well the major purpose of the RADIUS server in the network is described as below.
  • Authenticates users or devices before allowing them access to a network 
  • Authorizes those users or devices for specific network services 
  • Accounts for and tracks the usage of those services 
What is architecture and main advantages of RADIUS server in the network ?
The RADIUS client-server architecture provides an open and scalable solution that is broadly supported by a large vendor base. It can be readily modified to meet a variety of situations. Customers can modify RADIUS-based authentication servers to work with a large number of security systems on the market. RADIUS servers work with any communications device that supports the RADIUS client protocol. 

In addition, the flexibility of the RADIUS authentication mechanisms allows an organization to maintain any investment they may have made in an existing security technology: customers can modify the RADIUS server to run with any type of security technology. The flexible authentication mechanisms inherent in the RADIUS server facilitate its integration with existing and legacy systems when required. 

Fig 1.1- Radius Server Authentication process in Network

Another advantage of the RADIUS architecture is that any component of a security system that supports the RADIUS protocols can derive authentication and authorization from the central RADIUS server. Alternatively, the central server can integrate with a separate authentication mechanism. 

The utility of the RADIUS protocol extends beyond those systems that utilize network access devices and terminal servers for network access. RADIUS has been widely accepted by Internet Service Providers (ISPs) to provide Virtual Private Network (VPN) services. In this context, RADIUS technology allows an organization to use ISP infrastructure for communications securely. 

Basic configuration of RADIUS server

The IP uses in the below sample example is just for the information or for the demo purposes and has no relevance with any of the enterprise or live networks.

Identifying the RADIUS Server Host 

NB(config)# radius-server host auth-port 1612 key rad1 
NB(config)# radius-server host acct-port 1618 key rad2 
NB(config)# radius-server host host1 

Using Two Different RADIUS Group Servers 

NB(config)# radius-server host auth-port 1000 acct-port 1001 
NB(config)# radius-server host auth-port 1645 acct-port 1646 
NB(config)# aaa new-model
NB(config)# aaa group server radius group1 
NB(config-sg-radius)# server auth-port 1000 acct-port 1001 
NB(config-sg-radius)# exit
NB(config)# aaa group server radius group2
NB(config-sg-radius)# server auth-port 2000 acct-port 2001 
NB(config-sg-radius)# exit