R3204P16-HP Load Balancing Module Security Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

131

132

133

134

135

136

137

138

139

140

129

RADIUS packet format

RADIUS uses UDP to transmit messages. To ensure smooth message exchange between the RADIUS

server and the client, RADIUS uses a series of mechanisms, including the timer management mechanism,

the retransmission mechanism, and the backup server mechanism. Figure 111 sh

ows the RADIUS packet

format.

Figure 111 RADIUS packet format

Descriptions of the fields are as follows:

1. The Code field (1-byte long) indicates the type of the RADIUS packet. Table 35 gives the possible

values and their meanings.

Table 35 Main values of the Code field

Code Packet t

e Descri

tion

1 Access-Request

From the client to the server. A packet of this type carries user

information for the server to authenticate the user. It must contain the

User-Name attribute and can optionally contain the attributes of

NAS-IP-Address, User-Password, and NAS-Port.

2 Access-Accept

From the server to the client. If all the attribute values carried in the

Access-Request are acceptable, the authentication succeeds, and the

server sends an Access-Accept response.

3 Access-Reject

From the server to the client. If any attribute value carried in the

Access-Request is unacceptable, the authentication fails and the server

sends an Access-Reject response.

4 Accounting-Request

From the client to the server. A packet of this type carries user

information for the server to start or stop accounting for the user. The

Acct-Status-Type attribute in the packet indicates whether to start or stop

accounting.

5 Accounting-Response

From the server to the client. The server sends a packet of this type to

notify the client that it has received the Accounting-Request and has

successfully recorded the accounting information.

2. The Identifier field (1 byte long) is used to match request packets and response packets and to

detect duplicate request packets. Request and response packets of the same type have the same

identifier.

3. The Length field (2 byte long) indicates the length of the entire packet, including the Code,

Identifier, Length, Authenticator, and Attribute fields. Bytes beyond this length are considered

Code

Attribute

Identifier

Length

Authenticator (16bytes)

715 31