RADIUS Overview 531

Figure 166 Basic message interaction process of RADIUS

RADIUS Client

RADIUS Server

PSTN/

ISDN

PC

Enter username and password

Access-Request

Access-Accept

Accounting-Request £¨ start£©

Accounting-Response

The user visits the resource

Accounting-Request stop¨£ ©£

Accounting-Response

Notify the end of access

The basic operation is described as follows:

1The user enters a username and password.

2Having received the username and password, teh RADIUS client sends an authentication request packet (Access-Request) to the RADIUS server.

3The RADIUS server authenticates the user information in the user database. If the authentication succeeds, it sends the user's right information in an authentication response packet (Access-Accept) to the RADIUS client. If the authentication fails, it returns the Access-Request packet.

4According to the authentication result, the RADIUS client accepts or denies the user. If it accepts, the RADIUS client sends an accounting start request packet (Accounting-Request) to the RADIUS server. The value of Status-Type is start.

5The RADIUS server returns an accounting start response packet (Accounting-Response).

6The RADIUS client sends an accounting stop request packet (Accounting-Request) to the RADIUS server. The value of Status-Type is stop.

7The RADIUS server returns an accounting stop response packet (Accounting-Response).

Packet Structure of the RADIUS uses UDP to transmit messages. By employing a timer management RADIUS protocol mechanism, retransmission mechanism, and slave server mechanism, it can ensure

that the interactive message between the RADIUS server and client can be processed correctly. Figure 167 illustrates the contents of a RADIUS packet.

Page 535
Image 535
3Com 10014299 manual Basic message interaction process of Radius