RADIUS Overview 531
Figure 166 Basic message interaction process of RADIUS
The basic operation is described as follows:
1The user enters a username and password.
2Having received the username and password, teh RADIUS client sends an
authentication request packet (Access-Request) to the RADIUS server.
3The RADIUS server authenticates the user information in the user database. If the
authentication succeeds, it sends the user's right information in an authentication
response packet (Access-Accept) to the RADIUS client. If the authentication fails, it
returns the Access-Request packet.
4According to the authentication result, the RADIUS client accepts or denies the
user. If it accepts, the RADIUS client sends an accounting start request packet
(Accounting-Request) to the RADIUS server. The value of Status-Type is start.
5The RADIUS server returns an accounting start response packet
(Accounting-Response).
6The RADIUS client sends an accounting stop request packet (Accounting-Request)
to the RADIUS server. The value of Status-Type is stop.
7The RADIUS server returns an accounting stop response packet
(Accounting-Response).
Packet Structure of the
RADIUS protocol RADIUS uses UDP to transmit messages. By employing a timer management
mechanism, retransmission mechanism, and slave server mechanism, it can ensure
that the interactive message between the RADIUS server and client can be
processed correctly. Figure 167 illustrates the contents of a RADIUS packet.
PSTN/
ISDN
RADIUS Server
Enter username and password Access-Request
PC
RADIUS Client
Access-Accept
Accounting-Request £¨ start£©
Accounting-Response
Accounting-Request £¨
stop £©
Accounting-Response
Notify the end of access
The user visits the resource
PSTN/
ISDN
RADIUS Server
Enter username and password Access-Request
PC
RADIUS Client
Access-Accept
Accounting-Request £¨ start£©
Accounting-Response
Accounting-Request £¨
stop £©
Accounting-Response
Notify the end of access
The user visits the resource