You are configuring a RADIUS server and the security team asks you for details about this protocol.
Which three statements about the RADIUS protocol are true? (Choose three.)
Click on the arrows to vote for the correct answerA. B. C. D. E. F.
RADIUS (Remote Authentication Dial-In User Service) is a client/server protocol used for providing centralized authentication, authorization, and accounting (AAA) management for users who connect and use a network service. It is widely used in enterprise wireless networks, Virtual Private Networks ( VPNs), and Network Access Servers (NAS) to authenticate and authorize users.
The correct statements about the RADIUS protocol are:
B. It is UDP based: RADIUS is a UDP-based protocol that uses port 1812 for Authentication and port 1813 for Accounting.
C. RADIUS servers use port 1645 or port 1812 for authentication: A RADIUS client sends an Access-Request message to a RADIUS server using port 1812. The server responds with an Access-Accept or Access-Reject message. Port 1645 is the legacy port used for RADIUS authentication.
D. RADIUS servers use port 1646 or port 1813 for authorization: After the authentication process, if the user is authorized to access the network resource, the RADIUS server sends an Access-Accept message to the client using port 1813. Port 1646 is the legacy port used for RADIUS accounting.
Therefore, options B, C, and D are correct.
A. It is TCP-based: This is an incorrect statement. RADIUS is a UDP-based protocol, not a TCP-based protocol.
E. The username is sent in cleartext: This is an incorrect statement. RADIUS encrypts the username and password information in the Access-Request packet using a shared secret key between the RADIUS client and server.
F. The username is encrypted: This is an incorrect statement. The username is not encrypted, but it is encrypted with the shared secret key between the RADIUS client and server.
In summary, RADIUS is a UDP-based protocol that uses port 1812 for authentication and port 1813 for accounting. It encrypts the username and password information in the Access-Request packet using a shared secret key between the RADIUS client and server.