What is RADIUS Authentication and How Does It Work?
Home
Back to overview

RADIUS Authentication

RADIUS (Remote Authentication Dial-In User Service) is a network protocol that handles the centralized authentication, authorization, and logging of users and devices when accessing network services. Originally developed for dial-up connections over telephone lines, RADIUS today is one of the most widely used foundations for access control in Wi-Fi infrastructures, VPN connections, and wired enterprise networks, and frequently forms the technical backbone for concepts such as Network Access Control.

The technical core of RADIUS is the AAA principle — Authentication, Authorization, and Accounting. When a device or user establishes a connection to a network, the network access point forwards the request to a central RADIUS server, which checks whether the submitted credentials or certificates are valid, determines what access rights the user is entitled to, and logs the process for later evaluation. Network access is only granted once the check has been successfully completed.

In practice, RADIUS is primarily used in environments where many devices and users access a network centrally. School authorities operating multiple school sites with a shared Wi-Fi network use RADIUS to ensure that only known and authorized devices can connect, while guest access is automatically routed to a separate segment isolated from the school network.

The key advantage of RADIUS lies in the central control of network access through a single instance. Changes to access rights take effect immediately across all connected network services, without each access point having to be adjusted individually — for example, when a device or user leaves the organization.

A reliable RADIUS infrastructure requires that the devices connecting to the network are known, managed, and configured in compliance with policies. Both can be meaningfully combined within a privacy-compliant operating model.