1-4
4) The RADIUS client accepts or denies the user depending on the received authentication result. If it
accepts the user, the RADIUS client sends a start-accounting request (Accounting-Request, with
the Status-Type attribute value = start) to the RADIUS server.
5) The RADIUS server returns a start-accounting response (Accounting-Response).
6) The user starts to access network resources.
7) The RADIUS client sends a stop-accounting request (Accounting-Request, with the Status-Type
attribute value = stop) to the RADIUS server.
8) The RADIUS server returns a stop-accounting response (Accounting-Response).
9) The access to network resources is ended.
RADIUS message format
RADIUS messages are transported over UDP, which does not guarantee reliable delivery of messages
between RADIUS server and client. As a remedy, RADIUS adopts the following mechanisms: timer
management, retransmission, and backup server.
Figure 1-3
depicts the format of RADIUS messages.
Figure 1-3
RADIUS message format
1) The Code field (one byte) decides the type of RADIUS message, as shown in
Table 1-1
.
Table 1-1
Description on the major values of the Code field
Code
Message type
Message description
1 Access-Request
Direction: client->server.
The client transmits this message to the server to
determine if the user can access the network.
This message carries user information. It must contain
the User-Name attribute and may contain the following
attributes: NAS-IP-Address, User-Password and
NAS-Port.
2 Access-Accept
Direction: server->client.
The server transmits this message to the client if all the
attribute values carried in the Access-Request
message are acceptable (that is, the user passes the
authentication).
3 Access-Reject
Direction: server->client.
The server transmits this message to the client if any
attribute value carried in the Access-Request message
is unacceptable (that is, the user fails the
authentication).