3Com Switch 8800 Advanced Software V5 Configuration Guide
882 CHAPTER 70: AAA, RADIUS AND HWTACACS CONFIGURATION
Basic message exchange process of RADIUS
In most cases, the user authentication process of a RADIUS server involves a device
that can provide the proxy function, such as the NAS. Information exchanged
between the RADIUS client and the RADIUS server is authenticated through a
shared key for security. The RADIUS protocol combines the authentication and
authorization processes by sending authorization information in the
authentication response message. See
Figure 257.
Figure 257 Basic message exchange process of RADIUS
The following is how RADIUS operates:
1 The user enters the username and password.
2 Having received the username and password, the RADIUS client sends an
authentication request (Access-Request) to the RADIUS server.
3 The RADIUS server compares the received user information with that in the Users
database. If the authentication succeeds, it sends back an Access-Accept message
containing the information of user’s right. If the authentication fails, it returns an
Access-Reject message.
4 The RADIUS client accepts or denies the user according to the returned
authentication result. If it accepts the user, it sends an accounting start request
(Accounting-Request) to the RADIUS server, with the value of Status-Type being
"start".
5 The RADIUS server returns a start-accounting response (Accounting-Response).
6 The subscriber accesses the network resources.
7 The RADIUS client sends a stop-accounting request (Accounting-Request) to the
RADIUS server, with the value of Status-Type being "stop".
8 The RADIUS server returns a stop-accounting response (Accounting-Response).
RADIUS Client RADIUS Serve
r
Username and password
3) Access -Accept
2) Access-Request
4) Accounting-Request (start)
5) Accounting-Response
6) The subscriber access the resources
7) Accounting-Request (stop)
8) Accounting-Response
9) Notification of access termination
Host