Remote Authentication Dial-In User Service (RADIUS) Protocol
What is RADIUS?
How does RADIUS work?
The user or machine sends a request to a Network Access Server (NAS) to gain access to a network resource. This request includes access credentials (such as a username and password) which are passed to the NAS device via the link-layer protocol. The request may contain other information about the user, such as network address, phone number, or physical attachment to the NAS.
The RADIUS server checks that the information is correct using an authentication protocol (ex: PAP, CHAP, EAP). The RADIUS server returns with one of three responses: Access Reject, Access Challenge, or Access Accept. Each of these responses can be passed to the user in a return webpage.
Once the user is authenticated, the RADIUS server will check that the user is authorized for the specific network service.