3Com 10014299 Network Router User Manual


 
RADIUS Overview 531
Figure 166 Basic message interaction process of RADIUS
The basic operation is described as follows:
1 The user enters a username and password.
2 Having received the username and password, teh RADIUS client sends an
authentication request packet (Access-Request) to the RADIUS server.
3 The RADIUS server authenticates the user information in the user database. If the
authentication succeeds, it sends the user's right information in an authentication
response packet (Access-Accept) to the RADIUS client. If the authentication fails, it
returns the Access-Request packet.
4 According to the authentication result, the RADIUS client accepts or denies the
user. If it accepts, the RADIUS client sends an accounting start request packet
(Accounting-Request) to the RADIUS server. The value of Status-Type is start.
5 The RADIUS server returns an accounting start response packet
(Accounting-Response).
6 The RADIUS client sends an accounting stop request packet (Accounting-Request)
to the RADIUS server. The value of Status-Type is stop.
7 The RADIUS server returns an accounting stop response packet
(Accounting-Response).
Packet Structure of the
RADIUS protocol
RADIUS uses UDP to transmit messages. By employing a timer management
mechanism, retransmission mechanism, and slave server mechanism, it can ensure
that the interactive message between the RADIUS server and client can be
processed correctly.
Figure 167 illustrates the contents of a RADIUS packet.
PSTN/
ISDN
RADIUS Server
Enter username and password
Access-Request
PC
RADIUS Client
Access-Accept
Accounting-Request
£¨
start
£©
Accounting-Response
Accounting-Request
£¨
stop
£©
Accounting-Response
Notify the end of access
The user visits the resource
PSTN/
ISDN
RADIUS Server
Enter username and password
Access-Request
PC
RADIUS Client
Access-Accept
Accounting-Request
£¨
start
£©
Accounting-Response
Accounting-Request
£¨
stop
£©
Accounting-Response
Notify the end of access
The user visits the resource