Port 1645 was never officially assigned. And yet for years, it was one of the most critical ports on enterprise networks—the original home of RADIUS authentication before the protocol got kicked out to its proper address.
What RADIUS Does
RADIUS (Remote Authentication Dial-In User Service) is the protocol that answers the question: "Should this person be allowed in?" When you connect to corporate WiFi, log into a VPN, or authenticate through a network access point, there's usually a RADIUS server somewhere checking your credentials.1
It's centralized authentication. Instead of every switch, router, and access point maintaining its own user database, they all ask the RADIUS server: "Is this username and password valid?" The RADIUS server checks and responds: yes or no, allow or deny.
The Port Conflict
The early RADIUS implementations used UDP port 1645 for authentication requests and port 1646 for accounting (tracking what users did after logging in).2 This became the de facto standard. Cisco used it. Juniper used it. It was baked into network equipment across the Internet.
There was one problem: port 1645 was already registered to a service called "datametrics." Port 1646 belonged to "sa-msg-port."3
RADIUS had moved into someone else's house. And it stayed there long enough that eviction became complicated.
The Move to Port 1812
When RADIUS was formally standardized in RFC 2865 (published June 2000), IANA officially assigned it new ports: 1812 for authentication, 1813 for accounting.4
The spec was clear: these are the real ports. Use these.
But millions of devices were already configured for 1645 and 1646. Cisco routers, Juniper switches, Windows servers, Linux systems—entire enterprise networks built on the old ports. You can't just change a number and expect the Internet to update overnight.
Why Port 1645 Still Exists
Here's the genuinely strange part: port 1645 never went away.
Modern RADIUS servers listen on both sets of ports by default. Microsoft's Network Policy Server (NPS) listens on 1812, 1813, 1645, and 1646 simultaneously for backward compatibility.5 The RADIUS Authentication Manager does the same thing.6
This is infrastructure inertia. The protocol moved, but the old address still works because too many things would break if it didn't. Port 1645 is a ghost—officially gone, practically immortal.
Security Considerations
If you're running a modern network, you should use ports 1812 and 1813. They're the official assignments. They're what new implementations expect.
But if you're troubleshooting RADIUS authentication and connections aren't working, check both port sets. Some older equipment refuses to speak on anything except 1645. Some new equipment refuses to speak on anything except 1812. And some networks have a mix of both, which is why servers listen on all four ports.
If all your RADIUS clients support the official ports, you can (and should) block legacy ports 1645 and 1646 at the firewall.7 One less ghost haunting your network.
The Lesson
Port 1645 is what happens when a temporary solution becomes permanent. RADIUS needed ports, grabbed the first available ones, and by the time the conflict was discovered, it was too late to cleanly move everyone.
So now we have two sets of ports for the same protocol. The official ones (1812/1813) and the legacy ones (1645/1646). And both will probably exist as long as RADIUS does, because infrastructure doesn't forget.
The authentication request you sent to your corporate WiFi this morning might have traveled through port 1812. Or it might have traveled through port 1645—a port that was never officially RADIUS's to begin with.
And it worked either way.
How to Check What's Using This Port
On Linux or macOS:
On Windows (PowerShell):
If you see a RADIUS server (like FreeRADIUS, NPS, or a Cisco/Juniper authentication service), that's expected legacy behavior. If you see something else, investigate.
Related Ports
- Port 1646 — Legacy RADIUS accounting (partner to 1645)
- Port 1812 — Official RADIUS authentication (where 1645 should have gone)
- Port 1813 — Official RADIUS accounting
- Port 3799 — RADIUS Dynamic Authorization (for changing access policies in real-time)
Frequently Asked Questions About Port 1645
Была ли эта страница полезной?