5
•
The Length field (2 bytes long) indicates the length of the entire packet (in bytes), including the Code,
Identifier, Length, Authenticator, and Attributes fields. Bytes beyond this length are considered
padding and are ignored by the receiver. If the length of a received packet is less than this length,
the packet is dropped.
•
The Authenticator field (16 bytes long) is used to authenticate responses from the RADIUS server and
to encrypt user passwords. There are two types of authenticators: request authenticator and
response authenticator.
•
The Attributes field (variable in length) includes authentication, authorization, and accounting
information. This field can contain multiple attributes, each with the following subfields:
{
Type
—Type of the attribute.
{
Length
—Length of the attribute in bytes, including the Type, Length, and Value subfields.
{
Value
—Value of the attribute. Its format and content depend on the Type subfield.
Commonly used RADIUS attributes are defined in RFC 2865, RFC 2866, RFC 2867, and RFC
2868. For more information, see "
Commonly used standard RADIUS attributes
."
Table 2
Commonly used RADIUS attributes
No. Attribute
No.
Attribute
1 User-Name
45
Acct-Authentic
2 User-Password
46
Acct-Session-Time
3 CHAP-Password
47
Acct-Input-Packets
4 NAS-IP-Address
48
Acct-Output-Packets
5 NAS-Port
49
Acct-Terminate-Cause
6 Service-Type
50
Acct-Multi-Session-Id
7 Framed-Protocol
51
Acct-Link-Count
8 Framed-IP-Address
52
Acct-Input-Gigawords
9 Framed-IP-Netmask 53
Acct-Output-Gigawords
10 Framed-Routing
54 (unassigned)
11 Filter-ID
55 Event-Timestamp
12 Framed-MTU
56-59
(unassigned)
13 Framed-Compression 60 CHAP-Challenge
14 Login-IP-Host
61 NAS-Port-Type
15 Login-Service
62 Port-Limit
16 Login-TCP-Port
63 Login-LAT-Port
17 (unassigned)
64 Tunnel-Type
18 Reply-Message
65 Tunnel-Medium-Type
19 Callback-Number
66 Tunnel-Client-Endpoint
20 Callback-ID
67 Tunnel-Server-Endpoint
21 (unassigned)
68 Acct-Tunnel-Connection
22 Framed-Route
69 Tunnel-Password
23 Framed-IPX-Network 70 ARAP-Password