Remote Authentication Dial In User Service (RADIUS)
RFC 2138
Document Type RFC - Proposed Standard (April 1997; No errata)
Obsoleted by RFC 2865
Obsoletes RFC 2058
Authors Allan Rubens  , Carl Rigney  , Steve Willens  , William Simpson 
Last updated 2013-03-02
Stream IETF
Formats plain text html pdf htmlized bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 2138 (Proposed Standard)
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)
Email authors Email WG IPR References Referenced by Nits 
Network Working Group                                          C. Rigney
Request for Comments: 2138                                    Livingston
Obsoletes: 2058                                                A. Rubens
Category: Standards Track                                          Merit
                                                              W. Simpson
                                                              Daydreamer
                                                              S. Willens
                                                              Livingston
                                                              April 1997

          Remote Authentication Dial In User Service (RADIUS)

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Abstract

   This document describes a protocol for carrying authentication,
   authorization, and configuration information between a Network Access
   Server which desires to authenticate its links and a shared
   Authentication Server.

Implementation Note

   This memo documents the RADIUS protocol.  There has been some
   confusion in the assignment of port numbers for this protocol.  The
   early deployment of RADIUS was done using the erroneously chosen port
   number 1645, which conflicts with the "datametrics" service.  The
   officially assigned port number for RADIUS is 1812.

Table of Contents

   1.     Introduction ..........................................    3
      1.1       Specification of Requirements ...................    4
      1.2       Terminology .....................................    5
   2.     Operation .............................................    5
      2.1       Challenge/Response ..............................    7
      2.2       Interoperation with PAP and CHAP ................    7
      2.3       Why UDP? ........................................    8
   3.     Packet Format .........................................   10
   4.     Packet Types ..........................................   13
      4.1       Access-Request ..................................   13

Rigney, et. al.             Standards Track                     [Page 1]
RFC 2138                         RADIUS                       April 1997

      4.2       Access-Accept ...................................   14
      4.3       Access-Reject ...................................   15
      4.4       Access-Challenge ................................   17
   5.     Attributes ............................................   18
      5.1       User-Name .......................................   21
      5.2       User-Password ...................................   22
      5.3       CHAP-Password ...................................   23
      5.4       NAS-IP-Address ..................................   24
      5.5       NAS-Port ........................................   25
      5.6       Service-Type ....................................   26
      5.7       Framed-Protocol .................................   28
      5.8       Framed-IP-Address ...............................   29
      5.9       Framed-IP-Netmask ...............................   29
      5.10      Framed-Routing ..................................   30
      5.11      Filter-Id .......................................   31
      5.12      Framed-MTU ......................................   32
      5.13      Framed-Compression ..............................   33
      5.14      Login-IP-Host ...................................   33
      5.15      Login-Service ...................................   34
      5.16      Login-TCP-Port ..................................   35
      5.17      (unassigned) ....................................   36
      5.18      Reply-Message ...................................   36
      5.19      Callback-Number .................................   37
      5.20      Callback-Id .....................................   38
      5.21      (unassigned) ....................................   38
      5.22      Framed-Route ....................................   39
      5.23      Framed-IPX-Network ..............................   40
      5.24      State ...........................................   40
      5.25      Class ...........................................   41
      5.26      Vendor-Specific .................................   42
      5.27      Session-Timeout .................................   44
      5.28      Idle-Timeout ....................................   44
      5.29      Termination-Action ..............................   45
      5.30      Called-Station-Id ...............................   46
      5.31      Calling-Station-Id ..............................   47
Show full document text
RFC Editor IASA & IETF LLC IETF Trust IRTF IETF IESG IAB IANA Privacy Statement IETF Tools