Operation Manual – AAA-RADIUS-HWTACACS
H3C S3610&S5510 Series Ethernet Switches
Chapter 1 AAA/RADIUS/HWTACACS
Configuration
1-5
2) Having received the username and password, the RADIUS client sends an
authentication request (Access-Request) to the RADIUS server.
3)
The RADIUS server compares the received user information with that in the Users
database. If the authentication succeeds, it sends back an Access-Accept
message containing the information of user’s right. If the authentication fails, it
returns an Access-Reject message.
4) The RADIUS client accepts or denies the user according to the returned
authentication result. If it accepts the user, it sends an accounting start request
(Accounting-Request) to the RADIUS server, with the value of Status-Type being
“start”.
5)
The RADIUS server returns a start-accounting response (Accounting-Response).
6)
The subscriber accesses the network resources.
7)
The RADIUS client sends a stop-accounting request (Accounting-Request) to the
RADIUS server, with the value of Status-Type being “stop”.
8)
The RADIUS server returns a stop-accounting response (Accounting-Response).
9)
The subscriber stops network resource accessing.
III. RADIUS packet structure
RADIUS uses UDP to transmit messages. It ensures the smooth message exchange
between the RADIUS server and the client through a series of mechanisms, including
the timer management mechanism, retransmission mechanism, and slave server
mechanism.
Figure 1-3
shows the RADIUS packet structure.
Figure 1-3
RADIUS packet structure
Descriptions of fields are as follows:
1)
The Code field (1-byte long) is for indicating the type of the RADIUS packet.
Table
1-1
gives the possible values and their meanings.