Radius packet format – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

3

Figure 3 Basic RADIUS message exchange process

RADIUS operates in the following manner:

1.

The host initiates a connection request that carries the user's username and password to the

RADIUS client.

2.

Having received the username and password, the RADIUS client sends an authentication request
(Access-Request) to the RADIUS server, with the user password encrypted by using the

Message-Digest 5 (MD5) algorithm and the shared key.

3.

The RADIUS server authenticates the username and password. If the authentication succeeds, the
server sends back an Access-Accept message containing the user's authorization information. If

the authentication fails, the server returns an Access-Reject message.

4.

The RADIUS client permits or denies the user according to the returned authentication result. If it
permits the user, it sends a start-accounting request (Accounting-Request) to the RADIUS server.

5.

The RADIUS server returns a start-accounting response (Accounting-Response) and starts
accounting.

6.

The user accesses the network resources.

7.

The host requests the RADIUS client to tear down the connection and the RADIUS client sends a
stop-accounting request (Accounting-Request) to the RADIUS server.

8.

The RADIUS server returns a stop-accounting response (Accounting-Response) and stops
accounting for the user.

RADIUS packet format

RADIUS uses UDP to transmit messages. It ensures smooth message exchange between the RADIUS

server and the client through a series of mechanisms, including: the timer management mechanism, the

retransmission mechanism, and the backup server mechanism.

Figure 4

shows the RADIUS packet

format.