Filter
Top Products
1-3
Cisco Access Registrar 3.5 Concepts and Reference Guide
OL-2683-02
Chapter 1 Overview
RADIUS Protocol
Step 8 Cisco Access Registrar formats the response based on the Response dictionary and sends it back to the
client (NAS).
Step 9 The NAS receives the response and communicates with the user, which may include sending the user an
IP address to indicate the connection has been successfully established.
Types of RADIUS Messages
The client/server packet exchange consists primarily of the following types of RADIUS messages:
• Access-Request—sent by the client (NAS) requesting access
• Access-Reject—sent by the RADIUS server rejecting access
• Access-Accept—sent by the RADIUS server allowing access
• Access-Challenge—sent by the RADIUS server requesting more information in order to allow
access. The NAS, after communicating with the user, responds with another Access-Request.
When you use RADIUS accounting, the client and server can also exchange the following two types of
messages:
• Accounting-Request—sent by the client (NAS) requesting accounting
• Accounting-Response—sent by the RADIUS server acknowledging accounting
Packet Contents
The information in each RADIUS message is encapsulated in a UDP (User Datagram Protocol) data
packet. A packet is a block of data in a standard format for transmission. It is accompanied by other
information, such as the origin and destination of the data.
lists each message packet which contains the following five fields:
Table 1-1 RADIUS Packet Fields
Fields Description
Code Indicates what type of message it is: Access-Request,
Access-Accept, Access-Reject, Access-Challenge,
Accounting-Request, or Accounting-Response.
Identifier Contains a value that is copied into the server’s response so the
client can correctly associate its requests and the server’s responses
when multiple users are being authenticated simultaneously.
Length Provides a simple error-checking device. The server silently drops
a packet if it is shorter than the value specified in the length field,
and ignores the octets beyond the value of the length field.