3Com Switch 4200G Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

181

182

183

184

185

186

187

188

189

190

170 CHAPTER 23: AAA&RADIUS CONFIGURATION

3 The RADIUS server compares the received user information with that in the Users

database to authenticate the user. If the authentication succeeds, it sends back an

authentication response (Access-Accept), which contains the information of user’s

rights, to the RADIUS client. If the authentication fails, it returns an Access-Reject

response.

4 The RADIUS client accepts or denies the user depending on the received

authentication result. If it accepts the user, the RADIUS client sends a start-accounting

request (Accounting-Request, with the Status-Type filed set to “start”) to the RADIUS

server.

5 The RADIUS server returns a start-accounting response (Accounting-Response).

6 The use starts to access the resources.

7 The RADIUS client sends a stop-accounting request (Accounting-Request, with the

Status-Type field set to “stop”) to the RADIUS server.

8 The RADIUS server returns a stop-accounting response (Accounting-Response).

9 The resource access of the user is ended.

RADIUS packet structure

RADIUS uses UDP to transmit messages. It ensures the correct message exchange

between RADIUS server and client through the following mechanisms: timer

management, retransmission, and backup server. Figure 56 depicts the structure of

the RADIUS packets.

Figure 56 RADIUS packet structure

1 The Code field decides the type of the RADIUS packet, as shown in Table 132.

Code

Identifier Length

Authenticator

Attribute

Table 132 Description on major values of the Code field

Code Packet type Packet description

1 Access-Request Direction: client->server.

The client transmits this packet to the server to determine if the

user can access the network.

This packet carries user information. It must contain the

User-Name attribute and may contain the following attributes:

NAS-IP-Address, User-Password and NAS-Port.

2 Access-Accept Direction: server->client.

The server transmits this packet to the client if all the attribute

values carried in the Access-Request packet are acceptable (that

is, the user passes the authentication).

3 Access-Reject Direction: server->client.

The server transmits this packet to the client if any attribute value

carried in the Access-Request packet is unacceptable (that is, the

user fails the authentication).