RADIUS Protocol Explained

BCE.

RADIUS (Remote Authentication Dial-In User Service) is a client/server protocol used for providing centralized authentication, authorization, and accounting (AAA) management for users who connect and use a network service. It is widely used in enterprise wireless networks, Virtual Private Networks ( VPNs), and Network Access Servers (NAS) to authenticate and authorize users.

The correct statements about the RADIUS protocol are:

B. It is UDP based: RADIUS is a UDP-based protocol that uses port 1812 for Authentication and port 1813 for Accounting.

C. RADIUS servers use port 1645 or port 1812 for authentication: A RADIUS client sends an Access-Request message to a RADIUS server using port 1812. The server responds with an Access-Accept or Access-Reject message. Port 1645 is the legacy port used for RADIUS authentication.

D. RADIUS servers use port 1646 or port 1813 for authorization: After the authentication process, if the user is authorized to access the network resource, the RADIUS server sends an Access-Accept message to the client using port 1813. Port 1646 is the legacy port used for RADIUS accounting.

Therefore, options B, C, and D are correct.

A. It is TCP-based: This is an incorrect statement. RADIUS is a UDP-based protocol, not a TCP-based protocol.

E. The username is sent in cleartext: This is an incorrect statement. RADIUS encrypts the username and password information in the Access-Request packet using a shared secret key between the RADIUS client and server.

F. The username is encrypted: This is an incorrect statement. The username is not encrypted, but it is encrypted with the shared secret key between the RADIUS client and server.

In summary, RADIUS is a UDP-based protocol that uses port 1812 for authentication and port 1813 for accounting. It encrypts the username and password information in the Access-Request packet using a shared secret key between the RADIUS client and server.