3com 5500-ei pwr Instruccion De Instalación
1-4
4) The RADIUS client accepts or denies the user depending on the received authentication result. If it
accepts the user, the RADIUS client sends a start-accounting request (Accounting-Request, with
the Status-Type attribute value = start) to the RADIUS server.
5) The RADIUS server returns a start-accounting response (Accounting-Response).
6) The user starts to access network resources.
7) The RADIUS client sends a stop-accounting request (Accounting-Request, with the Status-Type
attribute value = stop) to the RADIUS server.
8) The RADIUS server returns a stop-accounting response (Accounting-Response).
9) The access to network resources is ended.
RADIUS message format
RADIUS messages are transported over UDP, which does not guarantee reliable delivery of messages
between RADIUS server and client. As a remedy, RADIUS adopts the following mechanisms: timer
management, retransmission, and backup server.
depicts the format of RADIUS messages.
Figure 1-3 RADIUS message format
1) The Code field (one byte) decides the type of RADIUS message, as shown in
Table 1-1 Description on the major values of the Code field
Code
Message type
Message description
1 Access-Request
Direction: client->server.
The client transmits this message to the server to
determine if the user can access the network.
determine if the user can access the network.
This message carries user information. It must contain
the User-Name attribute and may contain the following
attributes: NAS-IP-Address, User-Password and
NAS-Port.
the User-Name attribute and may contain the following
attributes: NAS-IP-Address, User-Password and
NAS-Port.
2 Access-Accept
Direction: server->client.
The server transmits this message to the client if all the
attribute values carried in the Access-Request
message are acceptable (that is, the user passes the
authentication).
attribute values carried in the Access-Request
message are acceptable (that is, the user passes the
authentication).
3 Access-Reject
Direction: server->client.
The server transmits this message to the client if any
attribute value carried in the Access-Request message
is unacceptable (that is, the user fails the
authentication).
attribute value carried in the Access-Request message
is unacceptable (that is, the user fails the
authentication).