11
from the clients within the management range. A shared key is used to ensure secure communication
between a RADIUS client and the RADIUS server.
RADIUS authentication and authorization. RADIUS accounting is not supported.
Upon receiving a RADIUS packet, a device working as the RADIUS server checks whether the sending
client is under its management. If yes, it verifies the packet validity by using the shared key, checks
whether there is an account with the username, whether the password is correct, and whether the user
attributes meet the requirements defined on the RADIUS server (for example, whether the account has
expired). Then, the RADIUS server assigns the corresponding authority to the client if the authentication
succeeds, or denies the client if the authentication fails.
NOTE:
The UDP port number for RADIUS authentication is 1812 in the standard RADIUS protocol, but is 1645
on HP devices. Specify 1645 as the authentication port number when you use an HP device as a
RADIUS client.
Protocols and standards
The following protocols and standards are related to AAA, RADIUS, and HWTACACS:
RFC 2865,
Remote Authentication Dial In User Service (RADIUS)
RFC 2866,
RADIUS Accounting
RFC 2867,
RADIUS Accounting Modifications for Tunnel Protocol Support
RFC 2868,
RADIUS Attributes for Tunnel Protocol Support
RFC 2869,
RADIUS Extensions
RFC 1492,
An Access Control Protocol, Sometimes Called TACACS
RADIUS attributes
Commonly used standard RADIUS attributes
No. Attribute
Description
1
User-Name
Name of the user to be authenticated.
2
User-Password
User password for PAP authentication, present only in Access-Request packets
in PAP authentication mode.
3
CHAP-Password
Digest of the user password for CHAP authentication, present only in Access-
Request packets in CHAP authentication mode.
4
NAS-IP-Address
IP address for the server to identify a client. Usually, a client is identified by the
IP address of the access interface on the NAS, namely the NAS IP address.
This attribute is present in only Access-Request packets.
5
NAS-Port
Physical port of the NAS that the user accesses.
6
Service-Type
Type of service that the user has requested or type of service to be provided.
7
Framed-Protocol
Encapsulation protocol.
8
Framed-IP-Address
IP address to be configured for the user.
11
Filter-ID
Name of the filter list.