cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
698
Views
0
Helpful
4
Replies

Help on Unberstandin 802.1x UDP

srikanth ath
Level 4
Level 4

Hi

Need your help on radius server (802.1x).

Is Radius  an reliable authentication server in a large or small network ?

If Yes how it is as it uses an UDP Protocol.

Thanks in advance for your Valuable comments on this.

Regards,

srikanth

2 Accepted Solutions

Accepted Solutions

Mohamed Sobair
Level 7
Level 7

srikanth,

A radius Server would be an efficient Autheticated Security Mechanism in a medium - to - Large Network Environment. In a Small Network where you have few number of network devices, a Local authentication can be configured. However, In a medium to Large Network , this becomes in efficient. The AAA is also used for Accounting, so if you need to have proper log overview of what changes has been done and when, it would be a problem to manage in such Networks.

For the Second question, the UDP is just to provide a transport protocol between the Network element and the radius server for its communication. keep in mind that all of the messages exchanged between the Radius Server and other Network element is Encrypted.

Regards,

Mohamed

View solution in original post

Peter Paluch
Cisco Employee
Cisco Employee

Hello Srikanth,

In addition to other friends' answers here, please allow me to post a few comments, too.

RADIUS is indeed a reliable AAA solution for a network of any size. The RADIUS protocol is lightweight and robust to handle thousands of requests, and RADIUS is the only widely used protocol to provide AAA services by ISPs worldwide.

The fact it uses UDP is not that relevant. RADIUS simply resends a message after a timeout should it not be properly received by the other party. After all, TCP internally uses the same timeout mechanism (coupled with sequencing of course). The fact that UDP was chosen as the transport protocol was mainly motivated by an attempt to minimize the amount of state information that would otherwise be necessary on a RADIUS server with thousands of authentification sessions running over TCP.

The real life experiences with RADIUS (which is itself well over 10 years old) simply prove that this design can be relied upon.

As Mohamed noted, though, the maintenance of a RADIUS server can be intricate, as it requires a good knowledge about the protocol itself. It is therefore good to think if deploying the RADIUS server for a small network is going to give you back an adequate added value.

Best regards,

Peter

View solution in original post

4 Replies 4

srikanth ath
Level 4
Level 4

Hi experts

can you please answer me on the above query.

What do you want to know about radius?

You want to use it for port-based authentication?

RADIUS is used for relatively medium-large networks. It is utilizing UDP ports 1812 (authentication/authorization) and 1813 (accounting). those are the new ports specified by the standards. The old ports are also still be used. The old ports are 1645 and 1646 (for authe/autho and accounting respectively).

I think this document should answer most of your concerns: http://tiny.cc/e44ekw. if not however, feel free to ask.

HTH

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"

Mohamed Sobair
Level 7
Level 7

srikanth,

A radius Server would be an efficient Autheticated Security Mechanism in a medium - to - Large Network Environment. In a Small Network where you have few number of network devices, a Local authentication can be configured. However, In a medium to Large Network , this becomes in efficient. The AAA is also used for Accounting, so if you need to have proper log overview of what changes has been done and when, it would be a problem to manage in such Networks.

For the Second question, the UDP is just to provide a transport protocol between the Network element and the radius server for its communication. keep in mind that all of the messages exchanged between the Radius Server and other Network element is Encrypted.

Regards,

Mohamed

Peter Paluch
Cisco Employee
Cisco Employee

Hello Srikanth,

In addition to other friends' answers here, please allow me to post a few comments, too.

RADIUS is indeed a reliable AAA solution for a network of any size. The RADIUS protocol is lightweight and robust to handle thousands of requests, and RADIUS is the only widely used protocol to provide AAA services by ISPs worldwide.

The fact it uses UDP is not that relevant. RADIUS simply resends a message after a timeout should it not be properly received by the other party. After all, TCP internally uses the same timeout mechanism (coupled with sequencing of course). The fact that UDP was chosen as the transport protocol was mainly motivated by an attempt to minimize the amount of state information that would otherwise be necessary on a RADIUS server with thousands of authentification sessions running over TCP.

The real life experiences with RADIUS (which is itself well over 10 years old) simply prove that this design can be relied upon.

As Mohamed noted, though, the maintenance of a RADIUS server can be intricate, as it requires a good knowledge about the protocol itself. It is therefore good to think if deploying the RADIUS server for a small network is going to give you back an adequate added value.

Best regards,

Peter