beautypg.com

Iii. radius message format – H3C Technologies H3C S3100 Series Switches User Manual

Page 303

background image

Operation Manual – AAA – RADIUS – HWTACACS

H3C S3100-52P Ethernet Switch

Chapter 1 AAA & RADIUS & HWTACACS

Configuration

1-4

RADIUS

Server

(1) The user inputs the user name and password

(2)

Access -Request

PC

RADIUS

Client

(3) Access -Accept

(4) Accounting -Request (start)

(5) Accounting -Response

(7) Accounting - Request (

(8) Accounting -Response

(9) Inform the user the access is ended

stop)

(6) The user starts to access the resources

RADIUS

server

(1) The user inputs the user name and password

(2)

Access -Request

PC

RADIUS

client

(3) Access -Accept

(4) Accounting -Request (start)

(5) Accounting -Response

(7) Accounting - Request (

(8) Accounting -Response

(9) Inform the user the access is ended

stop)

(6) The user starts to access the resources

RADIUS

Server

(1) The user inputs the user name and password

(2)

Access -Request

PC

RADIUS

Client

(3) Access -Accept

(4) Accounting -Request (start)

(5) Accounting -Response

(7) Accounting - Request (

(8) Accounting -Response

(9) Inform the user the access is ended

stop)

(6) The user starts to access the resources

RADIUS

server

(1) The user inputs the user name and password

(2)

Access - Request

PC

RADIUS

client

(3) Access - Accept

(4) Accounting - Request (start)

(5) Accounting - Response

(7) Accounting - Request (

(8) Accounting - Response

(9) Inform the user the access is ended

stop)

(6) The user starts to access the resources

RADIUS

Server

(1) The user inputs the user name and password

(2)

Access -Request

PC

RADIUS

Client

(3) Access -Accept

(4) Accounting -Request (start)

(5) Accounting -Response

(7) Accounting - Request (

(8) Accounting -Response

(9) Inform the user the access is ended

stop)

(6) The user starts to access the resources

RADIUS

server

(1) The user inputs the user name and password

(2)

Access -Request

PC

RADIUS

client

(3) Access -Accept

(4) Accounting -Request (start)

(5) Accounting -Response

(7) Accounting - Request (

(8) Accounting -Response

(9) Inform the user the access is ended

stop)

(6) The user starts to access the resources

RADIUS

Server

(1) The user inputs the user name and password

(2)

Access -Request

PC

RADIUS

Client

(3) Access -Accept

(4) Accounting -Request (start)

(5) Accounting -Response

(7) Accounting - Request (

(8) Accounting -Response

(9) Inform the user the access is ended

stop)

(6) The user starts to access the resources

RADIUS

server

(1) The user inputs the user name and password

(2)

Access - Request

PC

RADIUS

client

(3) Access - Accept

(4) Accounting - Request (start)

(5) Accounting - Response

(7) Accounting - Request (

(8) Accounting - Response

(9) Inform the user the access is ended

stop)

(6) The user starts to access the resources

Figure 1-2

Basic message exchange procedure of RADIUS

The basic message exchange procedure of RADIUS is as follows:
1) The user enters the user name and password.
2) The RADIUS client receives the user name and password, and then sends an

authentication request (Access-Request) to the RADIUS server.

3) The RADIUS server compares the received user information with that in the Users

database to authenticate the user. If the authentication succeeds, the RADIUS
server sends back to the RADIUS client an authentication response
(Access-Accept), which contains the user’s access right information. If the
authentication fails, the server returns an Access-Reject response.

4) The RADIUS client accepts or denies the user depending on the received

authentication result. If it accepts the user, the RADIUS client sends a
start-accounting request (Accounting-Request, with the Status-Type attribute
value = start) to the RADIUS server.

5) The RADIUS server returns a start-accounting response (Accounting-Response).
6) The user starts to access network resources.
7) The RADIUS client sends a stop-accounting request (Accounting-Request, with

the Status-Type attribute value = stop) to the RADIUS server.

8) The RADIUS server returns a stop-accounting response (Accounting-Response).
9) The access to network resources is ended.

III. RADIUS message format

RADIUS messages are transported over UDP, which does not guarantee reliable
delivery of messages between RADIUS server and client. As a remedy, RADIUS
adopts the following mechanisms: timer management, retransmission, and backup
server. Figure 1-3 depicts the format of RADIUS messages.

See also other documents in the category H3C Technologies Routers: