H3C S7500E Series Ethernet Switches Operation Manual

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

841

842

843

844

845

846

847

848

849

850

Operation Manual – AAA RADIUS HWTACACS

H3C S7500E Series Ethernet Switches

Chapter 1 AAA/RADIUS/HWTACACS

Configuration

1-6

Table 1-1 Main values of the Code field

Code Packet type Description

1 Access-Request

From the client to the server. A packet of this

type carries user information for the server to

authenticate the user. It must contain the

User-Name attribute and can optionally contain

the attributes of NAS-IP-Address,

User-Password, and NAS-Port.

2 Access-Accept

From the server to the client. If all the attribute

values carried in the Access-Request are

acceptable, that is, the authentication succeeds,

the server sends an Access-Accept response.

3 Access-Reject

From the server to the client. If any attribute

value carried in the Access-Request is

unacceptable, the server rejects the user and

sends an Access-Reject response.

Accounting-Requ

est

From the client to the server. A packet of this

type carries user information for the server to

start/stop accounting on the user. It contains the

Acct-Status-Type attribute, which indicates

whether the server is requested to start the

accounting or to end the accounting.

Accounting-Resp

onse

From the server to the client. The server sends

to the client a packet of this type to notify that it

has received the Accounting-Request and has

correctly recorded the accounting information.

2) The Identifier field (1-byte long) is for matching request packets and response

packets and detecting retransmitted request packets. The request and response

packets of the same type have the same identifier.

3) The Length field (2-byte long) indicates the length of the entire packet, including

the Code, Identifier, Length, Authenticator, and Attribute fields. The value of the

field is in the range 20 to 4096. Bytes beyond the length are considered the

padding and are neglected after being received. If the length of a received packet

is less than that indicated by the Length field, the packet is dropped.

4) The Authenticator field (16-byte long) is used to authenticate the reply from the

RADIUS server, and is also used in the password hiding algorithm. There are two

kinds of authenticators: Request authenticator and Response authenticator.

5) The Attribute field carries information about the configuration details of a request

or response. This field is represented in triplets of Type, Length, and Value.

z Type: One byte, in the range 1 to 255. It indicates the type of the attribute.

Commonly used attributes for RADIUS authentication and authorization are listed

Table 1-2.

z Length: One byte for indicating the length of the attribute in bytes, including the

Type, Length, and Value fields.