Code

 

 

Message type

 

Message description

 

 

 

 

 

Direction: server->client.

3

 

Access-Reject

 

The server transmits this message to the client if any attribute

 

 

value carried in the Access-Request message is unacceptable

 

 

 

 

 

 

 

 

 

 

(that is, the user fails the authentication).

 

 

 

 

 

 

 

 

 

 

 

Direction: client->server.

 

 

 

 

 

The client transmits this message to the server to request the

 

 

 

Accounting-Requ

 

server to start or end the accounting (whether to start or to end the

4

 

 

 

accounting is determined by the Acct-Status-Type attribute in the

 

 

est

 

 

 

 

 

message).

 

 

 

 

 

 

 

 

 

 

This message carries almost the same attributes as those carried

 

 

 

 

 

in the Access-Request message.

 

 

 

 

 

 

 

 

 

 

 

Direction: server->client.

5

 

 

Accounting-Resp

 

The server transmits this message to the client to notify the client

 

 

onse

 

that it has received the Accounting-Request message and has

 

 

 

 

 

 

 

 

 

correctly recorded the accounting information.

 

 

 

 

 

 

2)The Identifier field (one byte) is used to match requests and responses. It changes whenever the content of the Attributes field changes, and whenever a valid response has been received for a previous request, but remains unchanged for message retransmission.

3)The Length field (two bytes) specifies the total length of the message (including the Code, Identifier, Length, Authenticator and Attributes fields). The bytes beyond the length are regarded as padding and are ignored upon reception. If a received message is shorter than what the Length field indicates, it is discarded.

4)The Authenticator field (16 bytes) is used to authenticate the response from the RADIUS server; and is used in the password hiding algorithm. There are two kinds of authenticators: Request Authenticator and Response Authenticator.

5)The Attributes field contains specific authentication/authorization/accounting information to provide the configuration details of a request or response message. This field contains a list of field triplet

(Type, Length and Value):

zThe Type field (one byte) specifies the type of an attribute. Its value ranges from 1 to 255. Table 1-2 lists the attributes that are commonly used in RADIUS authentication/authorization.

zThe Length field (one byte) specifies the total length of the attribute in bytes (including the Type, Length and Value fields).

zThe Value field (up to 253 bytes) contains the information of the attribute. Its format is determined by the Type and Length fields.

Table 1-2RADIUS attributes

Type field value

Attribute type

 

Type field value

Attribute type

1

User-Name

 

23

Framed-IPX-Network

 

 

 

 

 

2

User-Password

 

24

State

 

 

 

 

 

3

CHAP-Password

 

25

Class

 

 

 

 

 

4

NAS-IP-Address

 

26

Vendor-Specific

 

 

 

 

 

5

NAS-Port

 

27

Session-Timeout

 

 

 

 

 

6

Service-Type

 

28

Idle-Timeout

 

 

 

 

 

7

Framed-Protocol

 

29

Termination-Action

 

 

 

 

 

 

 

1-5

 

Page 255
Image 255
3Com WX3000 operation manual Type field value Attribute type