Test RADIUS server online

Test authentication to any public online RADIUS server via radtest or eapol_test tools.

RADIUS server authentication params

Please enter RADIUS server IP address
Please enter authentication port (e.g. 1812)
Please enter shared secrtet
Please select authentication method
Please enter user name
Please enter password

Helper and explanations


What is RADIUS

RADIUS - Remote Authentication Dial-In User Service is a networking protocol, that provides centralized Authentication, Authorization, and Accounting (AAA) management for users who connect and use a network service.

Protocol was developed in 1991 and to this day just about everyone uses it, since RADIUS is the underlying authentication and access protocol used by the majority of network and computing systems.


How Does RADIUS Work?

User device sends a request to gain access to a network. This request includes access credentials.

The RADIUS server checks that the information is correct using an authentication protocol (ex: PAP, CHAP, EAP). The RADIUS server returns with one of three responses: Access Reject, Access Challenge, or Access Accept.

Once the user is authenticated, the RADIUS server will check that the user is authorized for the specific network access and enable connection.

Communication between a network access server (NAS) and a RADIUS server is based on the User Datagram Protocol (UDP). Issues related to server availability, retransmission, and timeouts are handled by the RADIUS-enabled devices rather than the transmission protocol. RADIUS servers receive user connection requests, authenticate the user, and then return the configuration information necessary for the client to deliver service to the user.


Password and Challenge-Handshake authentication

Password Authentication Protocol (PAP) is a password-based authentication protocol used by Point to Point Protocol (PPP) to validate users.

Challenge-Handshake Authentication Protocol (CHAP) authenticates a user or network host to an authenticating entity.

MS-CHAP is the Microsoft version of the Challenge-Handshake Authentication Protocol, CHAP. The protocol exists in two versions, MS-CHAPv1 and MS-CHAPv2.


EAP - Extensible Authentication Protocol

EAP is an authentication framework, not a specific authentication mechanism. It provides some common functions and negotiation of authentication methods called EAP methods.

EAP-MD5 was the only IETF Standards Track based EAP method when it was first defined. It offers minimal security; the MD5 hash function is vulnerable to dictionary attacks, and does not support key generation, which makes it unsuitable for use with dynamic WEP, or WPA/WPA2 enterprise.

EAP Tunneled Transport Layer Security is an EAP protocol that extends TLS. The client can, but does not have to be authenticated via a CA-signed PKI certificate to the server. This greatly simplifies the setup procedure since a certificate is not needed on every client.

Protected EAP (PEAP) adds a TLS layer on top of EAP in the same way as EAP-TLS, but it then uses the resulting TLS session as a carrier to protect other, legacy EAP methods.

Lightweight Extensible Authentication Protocol (LEAP) is a proprietary wireless LAN authentication method developed by Cisco Systems. Important features of LEAP are dynamic WEP keys and mutual authentication (between a wireless client and a RADIUS server). LEAP allows for clients to re-authenticate frequently; upon each successful authentication, the clients acquire a new WEP key. LEAP may be configured to use TKIP instead of dynamic WEP.