RADIUS standards compliance: from RFC to WiFi Alliance

Standards compliance is an important part of any RADIUS system

We believe that standards compliance is critical for customer satisfaction and vendor interoperability. Systems that follow standards have known, documented behaviour, so there are few surprises.

Our products follow all relevant RADIUS RFC and other standards. At the same time, we recognise that standards are not always adequate to meet customer needs and that vendors do not always follow the standards. We have extended FreeRADIUS past the existing RADIUS protocol RFC requirements so that it meets or exceeds real-world customer requirements.

Many customers use FreeRADIUS as the “glue” to work around incompatibilities in vendor equipment or in other new and innovative ways.

InkBridge Networks contributes heavily to the standards processes of multiple groups, most notably the Internet Engineering Task Force (IETF).

We have learned from our vast FreeRADIUS experience and we use that knowledge to drive new standards, which have subsequently been implemented by other RADIUS vendors.

FreeRADIUS compliance with IETF RADIUS RFCs

RFC 2865 - Remote Authentication Dial In User Service (RADIUS)
RFC 2866 - RADIUS Accounting
RFC 2867 - RADIUS Accounting Modifications for Tunnel Protocol Support
RFC 2868 - RADIUS Attributes for Tunnel Protocol Support
RFC 2869 - RADIUS Extensions
RFC 3162 - RADIUS and IPv6
RFC 3576 - Dynamic Authorization Extensions to Remote Authentication Dial In User Service (RADIUS)
RFC 3580 - IEEE 802.1X Remote Authentication Dial In User Service (RADIUS) Usage Guidelines
RFC 4072 - Diameter Extensible Authentication Protocol (EAP) Application
RFC 4372 - Chargeable User Identity
RFC 4603 - Additional Values for the NAS-Port-Type Attribute
RFC 4675 - RADIUS Attributes for Virtual LAN and Priority Support
RFC 4679 - DSL Forum Vendor-Specific RADIUS Attributes
RFC 4818 - RADIUS Delegated-IPv6-Prefix Attribute
RFC 4849 - RADIUS Filter Rule Attribute
RFC 5090 - RADIUS Extension for Digest Authentication
RFC 5176 - Dynamic Authorization Extensions to Remote Authentication Dial In User Service (RADIUS)
RFC 5447 - Diameter Mobile IPv6: Support for Network Access Server to Diameter Server Interaction
RFC 5580 - Carrying Location Objects in RADIUS and Diameter
RFC 5607 - Remote Authentication Dial-In User Service (RADIUS) Authorization for Network Access Server (NAS) Management
RFC 5904 - RADIUS Attributes for IEEE 802.16 Privacy Key Management Version 1 (PKMv1) Protocol Support
RFC 6519 - RADIUS Extensions for Dual-Stack Lite
RFC 6572 - RADIUS Support for Proxy Mobile IPv6
RFC 6677 - Channel-Binding Support for Extensible Authentication Protocol (EAP) Methods
RFC 6911 - RADIUS Attributes for IPv6 Access Networks
RFC 6929 - Remote Authentication Dial-In User Service (RADIUS) Protocol Extensions (co-authored by InkBridge Networks)
RFC 6930 - RADIUS Attribute for IPv6 Rapid Deployment on IPv4 Infrastructures (6rd)
RFC 7055 - A GSS-API Mechanism for the Extensible Authentication Protocol
RFC 7155 - Diameter Network Access Server Application
RFC 7268 - RADIUS Attributes for IEEE 802 Networks
RFC 7499 - Support of Fragmentation of RADIUS Packets (co-authored by InkBridge Networks)
RFC 7930 - Larger Packets for RADIUS over TCP
RFC 8045 - RADIUS Extensions for IP Port Configuration and Reporting
RFC 8559 - Dynamic Authorization Proxying in the Remote Authentication Dial-In User Service (RADIUS) Protocol (co-authored by InkBridge Networks)
RFC 9445 - RADIUS Extensions for DHCP-Configured Services (co-authored by InkBridge Networks)

FreeRADIUS compliance with other standards

Widely used internet drafts: draft-kamath-pppext-eap-mschapv2-00.txt, draft-sterman-aaa-sip-00.txt

Wimax standards: NWG 1.3

WiFi standards: WiFi Alliance Hotspot 2.0 (Release 2)

Alan DeKok, as CEO of InkBridge Networks and founder and leader of the FreeRADIUS project, has authored or co-authored multiple RADIUS RFCs, as indicated.

FreeRADIUS is the most standards-compliant RADIUS server in existence. In addition, many new standards have been defined by us and have been implemented first in FreeRADIUS. InkBridge Networks (and FreeRADIUS) are the leaders in RADIUS products.

Need more help?

InkBridge Networks has been at the forefront of network security for over two decades, tackling complex challenges across various protocols and infrastructures. Our team of seasoned experts has encountered and solved nearly every conceivable network security issue. If you're looking for insights from the architects behind some of the internet's most foundational authentication systems, you can request a quote for network security solutions here.

Introducing RADIUS 1.1

RADIUS has a problem. The name of the problem is MD5. The MD5 hash algorithm was defined in 1991, and was used in RADIUS in 1993. However, MD5 is no longer secure. It is a bit of a miracle that RADIUS is still safe to use, even though it is using 30 year-old cryptographic primitives!

Configuring EAP for FreeRADIUS

Once FreeRADIUS has been configured to use PAP, it is straightforward to configure the server to use EAP for authentication. This article will walk through all the necessary steps.

in Blog

# Network Security Protocols

We won’t fill your inbox with self-serving marketing fluff.

Our newsletter serves up best practices, how-to guides, and answers to common questions we encounter in the networking community.