R3721-F3210-F3171-HP High-End Firewalls Access Control Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

151

152

153

154

155

156

157

158

159

160

153

8. The RADIUS server returns a stop-accounting response (Accounting-Response) and stops

accounting for the user.

RADIUS packet format

RADIUS uses UDP to transmit messages. To ensure smooth message exchange between the RADIUS

server and the client, RADIUS uses a series of mechanisms, including the timer management mechanism,

the retransmission mechanism, and the backup server mechanism. Figure 132 sho

ws the RADIUS packet

format.

Figure 132 RADIUS packet format

Descriptions of the fields are as follows:

• The Code field (1 byte long) indicates the type of the RADIUS packet. Table 43 gi

ves the possible

values and their meanings.

Table 43 Main values of the Code field

Code Packet type Description

1 Access-Request

From the client to the server. A packet of this type carries user

information for the server to authenticate the user. It must contain

the User-Name attribute and can optionally contain the attributes

of NAS-IP-Address, User-Password, and NAS-Port.

2 Access-Accept

From the server to the client. If all the attribute values carried in

the Access-Request are acceptable, the authentication succeeds,

and the server sends an Access-Accept response.

3 Access-Reject

From the server to the client. If any attribute value carried in the

Access-Request is unacceptable, the authentication fails and the

server sends an Access-Reject response.

4 Accounting-Request

From the client to the server. A packet of this type carries user

information for the server to start or stop accounting for the user.

The Acct-Status-Type attribute in the packet indicates whether to

start or stop accounting.

5 Accounting-Response

From the server to the client. The server sends a packet of this

type to notify the client that it has received the

Accounting-Request and has successfully recorded the

accounting information.

• The Identifier field (1 byte long) is used to match request packets and response packets and to detect

duplicate request packets. Request and response packets of the same type have the same identifier.