beautypg.com

Radius message format – H3C Technologies H3C S3600 Series Switches User Manual

Page 511

background image

1-4

RADIUS client an authentication response (Access-Accept), which contains the user’s

authorization information. If the authentication fails, the server returns an Access-Reject response.

5) The RADIUS client accepts or denies the user depending on the received authentication result. If it

accepts the user, the RADIUS client sends a start-accounting request (Accounting-Request, with

the Status-Type attribute value = start) to the RADIUS server.

6) The RADIUS server returns a start-accounting response (Accounting-Response).

7) The user starts to access network resources.

8) The RADIUS client sends a stop-accounting request (Accounting-Request, with the Status-Type

attribute value = stop) to the RADIUS server.

9) The RADIUS server returns a stop-accounting response (Accounting-Response).

10) The access to network resources is ended.

RADIUS message format

RADIUS messages are transported over UDP, which does not guarantee reliable delivery of messages

between RADIUS server and client. As a remedy, RADIUS adopts the following mechanisms: timer

management, retransmission, and backup server.

Figure 1-3

depicts the format of RADIUS messages.

Figure 1-3 RADIUS message format

1) The Code field (one byte) decides the type of RADIUS message, as shown in

Table 1-1

.

Table 1-1 Description on the major values of the Code field

Code

Message type

Message description

1 Access-Request

Direction: client->server.

The client transmits this message to the server to determine if the
user can access the network.

This message carries user information. It must contain the
User-Name attribute and may contain the following attributes:
NAS-IP-Address, User-Password and NAS-Port.

2 Access-Accept

Direction: server->client.

The server transmits this message to the client if all the attribute
values carried in the Access-Request message are acceptable
(that is, the user passes the authentication).

3 Access-Reject

Direction: server->client.

The server transmits this message to the client if any attribute
value carried in the Access-Request message is unacceptable
(that is, the user fails the authentication).

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: