User authentication methods, Basic radius packet exchange process – H3C Technologies H3C S6300 Series Switches User Manual
Page 18
3
User authentication methods
The RADIUS server supports multiple user authentication methods, such as PAP, CHAP, and EAP.
Basic RADIUS packet exchange process
illustrates the interactions between a user host, the RADIUS client, and the RADIUS server.
Figure 3 Basic RADIUS packet exchange process
RADIUS uses the following workflow:
1.
The host sends a connection request that includes the user's username and password to the
RADIUS client.
2.
The RADIUS client sends an authentication request (Access-Request) to the RADIUS server. The
request includes the user's password, which has been processed by the MD5 algorithm and
shared key.
3.
The RADIUS server authenticates the username and password. If the authentication succeeds, the
server sends back an Access-Accept packet that contains the user's authorization information. If
the authentication fails, the server returns an Access-Reject packet.
4.
The RADIUS client permits or denies the user according to the authentication result. If the result
permits the user, the RADIUS client sends a start-accounting request (Accounting-Request) packet to
the RADIUS server.
5.
The RADIUS server returns an acknowledgement (Accounting-Response) packet and starts
accounting.
6.
The user accesses the network resources.
7.
The host requests the RADIUS client to tear down the connection.
8.
The RADIUS client sends a stop-accounting request (Accounting-Request) packet to the RADIUS
server.