H3C Technologies H3C SecPath F1000-E User Manual

Page 163

153

•

The Identifier field (1 byte long) is used to match request packets and response packets and to detect

duplicate request packets. Request and response packets of the same type have the same identifier.

•

The Length field (2 bytes long) indicates the length of the entire packet, including the Code,
Identifier, Length, Authenticator, and Attribute fields. Bytes beyond this length are considered

padding and are ignored at the receiver. If the length of a received packet is less than this length,

the packet is dropped. The value of this field is in the range of 20 to 4096.

•

The Authenticator field (16 bytes long) is used to authenticate replies from the RADIUS server and to
encrypt user passwords. There are two types of authenticators: request authenticator and response

authenticator.

•

The Attributes field, variable in length, carries the specific authentication, authorization, and
accounting information that defines the configuration details of the request or response. This field

may contain multiple attributes, each with three sub-fields:

{

Type—(1 byte long) Type of the attribute. It is in the range of 1 to 255. See

Table 44

for

commonly used attributes for RADIUS authentication, authorization and accounting.

{

Length—(1 byte long) Length of the attribute in bytes, including the Type, Length, and Value
fields.

{

Value—(Up to 253 bytes) Value of the attribute. Its format and content depend on the Type and
Length fields.

Table 44 Commonly used RADIUS attributes

No. Attribute

No.

Attribute

1 User-Name

45 Acct-Authentic

2 User-Password

46 Acct-Session-Time

3 CHAP-Password

47 Acct-Input-Packets

4 NAS-IP-Address

48 Acct-Output-Packets

5 NAS-Port

49 Acct-Terminate-Cause

6 Service-Type

50 Acct-Multi-Session-Id

7 Framed-Protocol

51 Acct-Link-Count

8 Framed-IP-Address

52 Acct-Input-Gigawords

9 Framed-IP-Netmask

53 Acct-Output-Gigawords

10 Framed-Routing

54 (unassigned)

11 Filter-ID

55 Event-Timestamp

12 Framed-MTU

56-59

(unassigned)

13 Framed-Compression

60 CHAP-Challenge

14 Login-IP-Host

61 NAS-Port-Type

15 Login-Service

62 Port-Limit

16 Login-TCP-Port

63 Login-LAT-Port

17 (unassigned)

64 Tunnel-Type

18 Reply-Message

65 Tunnel-Medium-Type

19 Callback-Number

66 Tunnel-Client-Endpoint

20 Callback-ID

67 Tunnel-Server-Endpoint

This manual is related to the following products:

H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS