H3C Technologies H3C WX6000 Series Access Controllers User Manual

38-4

Figure 38-3 RADIUS packet format

Descriptions of the fields are as follows:

1) The Code field (1-byte long) is for indicating the type of the RADIUS packet.

Table 38-1

gives the

possible values and their meanings.

Table 38-1 Main values of the Code field

Code

Packet type

Description

1 Access-Request

From the client to the server. A packet of this type carries user
information for the server to authenticate the user. It must contain the
User-Name attribute and can optionally contain the attributes of
NAS-IP-Address, User-Password, and NAS-Port.

2 Access-Accept

From the server to the client. If all the attribute values carried in the
Access-Request are acceptable, that is, the authentication succeeds,
the server sends an Access-Accept response.

3 Access-Reject

From the server to the client. If any attribute value carried in the
Access-Request is unacceptable, the server rejects the user and sends
an Access-Reject response.

4 Accounting-Request

From the client to the server. A packet of this type carries user
information for the server to start/stop accounting for the user. It contains
the Acct-Status-Type attribute, which indicates whether the server is
requested to start the accounting or to end the accounting.

5 Accounting-Response

From the server to the client. The server sends to the client a packet of
this type to notify that it has received the Accounting-Request and has
correctly started recording the accounting information.

2) The Identifier field (1-byte long) is for matching request packets and response packets and

detecting retransmitted request packets. The request and response packets of the same type have

the same identifier.

3) The Length field (2-byte long) indicates the length of the entire packet, including the Code,

Identifier, Length, Authenticator, and Attribute fields. The value of the field is in the range 20 to

4096. Bytes beyond the length are considered the padding and are neglected upon reception. If the

length of a received packet is less than that indicated by the Length field, the packet is dropped.

4) The Authenticator field (16-byte long) is used to authenticate replies from the RADIUS server, and

is also used in the password hiding algorithm. There are two kinds of authenticators: request

authenticator and response authenticator.

5) The Attribute field, with a variable length, carries the specific authentication, authorization, and

accounting information for defining configuration details of the request or response. This field is

represented in triplets of Type, Length, and Value.