RADIUS is an acronym that stands for Remote Authentication Dial In User Service. It’s a protocol standard that’s been around since 1991, hence the “Dial In” part of the name. Even though very few of us use dial in for network connections these days, RADIUS still enjoys wide use solving a particular type of problem: that of authenticating and authorizing users to login to a remote network.
What are RADIUS Use Cases?
There are three primary use cases, authenticating:
- Dial up connections
- VPN connections
- WiFi logins (via WPA2 Enterprise protocol on WiFi access points)
What are the Benefits of RADIUS Server?
Traditionally RADIUS has three functions: authentication, authorization, and accounting. RADIUS is incredibly flexible, and can perform authentication and authorization against virtually any user directory source. This flexibility, combined with a wealth of supported authentication protocols, and a variety of client integrations, has kept RADIUS in high demand for more than 20 years.
Because RADIUS is a network protocol, there are many implementations of RADIUS servers, including FreeRADIUS (a popular open source RADIUS server), Microsoft NPS, Cisco ISA, ClearBox, Elektron, and many others.
There are also a number of uses for RADIUS as described above. Another significant use case for RADIUS has been the protocol that IT organizations use to control and login to network infrastructure such as switches, routers, and VPNs. It was because of this use that it extended to backend wireless networks where it is popular today.
RADIUS is quite flexible and can be secured which is another reason it is broadly deployed. A variety of authentication methods are available, which can leverage username/password, PKI certificates, or a combination of both. Based on the results of the authentication and authorization step, RADIUS can help to deliver access to the appropriate network gear or networks themselves. When used in conjunction with 802.1x or VLANs, the control over access can be quite strong and powerful.
RADIUS can be coupled with directory services to create an additional layer of security for wireless networks. As users access a wireless network, they are challenged to provide user credentials. These are provided by a supplicant to the RADIUS server and then subsequently matched to the credentials stored in the directory. As a result, all users are forced to have unique access to the network, dramatically increasing security.
Create a RADIUS Server
This process is made considerably easier by JumpCloud Directory-as-a-Service® implementations. DaaS implementations not only are the directory service, but also host the RADIUS server as well. Thus, the only configuration that is necessary is to point the wireless access point to the RADIUS server inside of the DaaS service. An added benefit of leveraging RADIUS in conjunction with Directory-as-a-Service® is that other network infrastructure can be connected to the cloud-based RADIUS and directory service.
RADIUS is a popular network service that can be leveraged to increase security within an organization.