The RADIUS protocol is widely deployed client-server model protocol that enables centralized Authentication, Accounting, and Authorization (AAA) over networks.
Transport Layer Security (TLS) is cryptographic protocol to provide communication security between client and server applications that communicate with each other over the network.
The goals of TLS, in order of priority, are as follows:
Cryptographic security: TLS should be used to establish a secure connection between two parties.
Interoperability: Independent programmers should be able to develop applications using TLS that can successfully exchange cryptographic parameters without knowledge of another application's code.
Extensibility: TLS seeks to provide a framework into which new public key and bulk encryption methods can be incorporated as necessary. This framework also accomplishes two sub-goals: preventing the need to create a new protocol (and risking the introduction of possible new weaknesses) and avoiding the need to implement an entire new security library.
Relative efficiency: Cryptographic operations tend to be highly CPU intensive, particularly public key operations. For this reason, TLS has incorporated an optional session caching scheme to reduce the number of connections that need to be established from scratch. Additionally, care has been taken to reduce network activity.
By default, RADIUS over TCP uses port 2083.
| Command | Function |
|---|---|
| radius-server host | Configures a RADIUS server to connect for external server authentication. The radsec option specifies that RADIUS over TLS is to be used. |
| aaa authentication login | Configures the Authentication, Accounting, and Authorization (AAA) log in sequence. The radius option specifies that RADIUS over TLS is to be used. |
| cipherset radius | Displays the confirmation of Radius cipher list configured successfully message and displays the cipher list. |
| show cipherset | Displays the configured radius cipher list. |