13.2. IETF Standards

Key standards drive NAC implementation. This section takes an in-depth look.

13.2.1. RADIUS: Completing the circle

RADIUS is the acronym for Remote Authentication Dial-In User Service, an IETF standard originally designed for use in dial-up networks. One of the main purposes for the RADIUS standard is to provide authentication.

RADIUS is a client/server security protocol that has been (and, in some cases, continues to be) used to authenticate, authorize, and account for dialup users. But NAC vendors extended RADIUS for use in today's enterprise switching infrastructures.

Wireless networks also use RADIUS heavily, and although it wasn't initially intended to be a wireless security authentication method, it improves and strengthens the weak Wired Equivalent Privacy (WEP) encryption key standard. However, the real mettle of RADIUS is in its robust user authentication capabilities.


In RADIUS, user authentication is based on network credentials, not device information or other data. RADIUS centralizes the management of network credentials and authentication data. Already a widely deployed standard, RADIUS servers can either store network credentials, and authentication data or attributes; or they can access external credential data stores and databases, such as those based on Lightweight Directory Access Protocol (LDAP) or Structured Query Language (SQL), as well as Microsoft Active Directory, to name just a few examples. RADIUS can use and access many other ...

Get Network Access Control For Dummies® now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.