RADIUS

RADIUS is an authentication and authorization protocol that centrally validates credentials for network access — VPN connections, Wi-Fi authentication, switch port access via 802.1X. It's the backend that decides who gets in.

When a device tries to connect to a network via 802.1X, or a user authenticates to a VPN or Wi-Fi, something has to validate their credentials and authorize access. RADIUS is that something.

The protocol operates on a client-server model: network devices (switches, VPN gateways, Wi-Fi controllers) act as RADIUS clients, forwarding authentication requests to a central RADIUS server. The server validates credentials against a user directory (Active Directory, LDAP, JumpCloud), then returns an Accept or Reject. For 802.1X, it can also return VLAN assignment, bandwidth policy, and other attributes.

RADIUS supports several authentication methods, ranging from certificate-based (the strongest) to username-and-password inside an encrypted tunnel (the most common). Avoid any plaintext method.

RADIUS also logs connection events — who connected, when, from where, and for how long — which is valuable for security auditing and incident response.

In small to mid-market environments, RADIUS is often provided by your directory service: JumpCloud has a built-in RADIUS server, Microsoft NPS (Network Policy Server) provides RADIUS for Active Directory environments. Dedicated RADIUS appliances are also available for larger or more complex deployments.