RADIUS is the core of our business at InkBridge Networks. We have world-leading experience with the protocol. We can help you with all aspects of Authentication, Authorization, and Accounting.
That isn’t all. Our expertise is with RADIUS systems, not just the basic RADIUS server. This means that we have an extensive background in SQL, LDAP, Active Directory, 802.1X, and any related technology, protocol, or server implementation.
When we design a RADIUS system, we design the entire ecosystem surrounding the RADIUS server. Any and all interactions with NASes, home servers, databases, scripts, etc., are all up for review and discussion.
With over a million (1,000,000) deployments of our product, we can confidently state that we produce the market-leading RADIUS server. No other vendor – Microsoft, Cisco, or Juniper – can make that same claim.
What RADIUS AAA means in practice
RADIUS AAA isn't a single switch you turn on. It's the combination of three distinct functions running through every authentication event on your network.
For an ISP, those three functions look like this:
- Authentication means verifying a subscriber's credentials when they connect.
- Authorisation means assigning the right bandwidth tier, IP address range, and service policies for that subscriber's account.
- Accounting means capturing session start and stop records for billing, compliance, and capacity planning.
For an enterprise, the same three functions apply, but the stakes are different.
- Authentication still verifies identity, but now you're confirming that a user's device and credentials are valid before granting access to corporate resources.
- Authorisation typically means assigning the user to the appropriate network segment or VLAN based on their role.
- Accounting creates the audit trail that your compliance team needs and that your security team uses when something goes wrong.
In both cases, RADIUS sits at the centre, handling all three functions through a single, centralised server. It validates credentials against your identity store (whether that's Active Directory, LDAP, or a SQL database), applies your access policies, and logs every session. One protocol, three functions, one place to manage them.
Why RADIUS is the standard for AAA
"I've been hearing that RADIUS will be replaced for 25 years," says Alan DeKok, CEO of InkBridge Networks and co-founder of the FreeRADIUS project. "First it was Diameter. Then it was other protocols. It hasn't happened."
The answer is straightforward: go to any electronics store and look at the Wi-Fi equipment. It supports RADIUS. Enterprise switches, VPN concentrators, wireless access points - all of them implement RADIUS because that's what the market standardised on. No competing protocol comes close to that installed base.
RADIUS also won because it was simple - simple enough that every NAS vendor could implement it, and simple enough that administrators could configure it without specialist training. That simplicity turned out to be a feature, not a limitation. Over a million deployments of FreeRADIUS alone, across ISPs, enterprises, and universities handling over 100 million authentications daily, validate that design choice.
What has changed is that the protocol itself has been modernised. RADIUS 1.1 removes the MD5 cryptographic dependency that concerned security teams for years. RadSec (RADIUS over TLS) encrypts all traffic in transit. These are standards-level improvements, developed through the IETF, that benefit every compliant RADIUS implementation.
Need more help?
InkBridge Networks has been at the forefront of network security for over two decades, tackling complex challenges across various protocols and infrastructures. Our team of seasoned experts has encountered and solved nearly every conceivable network security issue. If you're looking for insights from the architects behind some of the internet's most foundational authentication systems, you can request a quote for network security solutions here.
Related Articles
Client Case Study: RADIUS AAA Policies
One of our clients with a support contract had performance issues. We tracked this down to inefficient usage of AAA policies. Having tuned the policies the load on our client’s database dropped by a factor of 400 which saved them from an expensive hardware upgrade.
What is AAA in networking?
The acronym AAA stands for “Authentication, Authorization, and Accounting”. It defines an architecture which authenticates and grants authorization to users and, and afterwards accounts for their activity. When AAA is not used, the architecture is described as “open”, where anyone can gain access and do anything, without any tracking.