Remote Authentication Dial In User Service (RADIUS) is the most commonly used protocol for implementing authentication, authorization, and accounting (AAA) on remote dial-up users. RADIUS is operating over UDP, and its authentication and accounting port numbers are 1812 and 1813, respectively. RADIUS clients communicate with the RADIUS server to implement AAA functions for various users.
RADIUS transmits packets over UDP connections. A shared key, which is not transmitted over a network, is used for authentication between clients and the RADIUS server. In addition, passwords transmitted between clients and the RADIUS server are encrypted using the shared key to prevent user passwords from being intercepted on an insecure network.
There are few attacks on RADIUS.
Configure a shared key by running the radius-server { shared-key key-string | shared-key-cipher key-string-cipher } [ { authentication | accounting } { ipv4-address [ vpn-instance instance-name ] | ipv6-address } [ source {ip-address source-ip-address | interface-type interface-num } ] ] port-number [ weight weight ] command.
The key in ciphertext mode is recommended.