3com 3031 Instruccion De Instalación
AAA and RADIUS Overview
779
Figure 193 The basic message interaction process of RADIUS.
The basic operation procedure is described as follows:
■
The user enters the username and password.
■
Having received the username and password, RADIUS client sends the
authentication request packet (Access-Request) to RADIUS server.
authentication request packet (Access-Request) to RADIUS server.
■
RADIUS server compares the received user information against what contained
in the Users database. If the authentication succeeds, it will send the
authentication response packet (Access-Accept) containing the information of
user’s right to RADIUS client. If the authentication failed, it will return an
Access-Reject packet.
in the Users database. If the authentication succeeds, it will send the
authentication response packet (Access-Accept) containing the information of
user’s right to RADIUS client. If the authentication failed, it will return an
Access-Reject packet.
■
RADIUS client accepts or denies the user depending on the returned
authentication result. If it is allowed to accept the user, RADIUS client will send
accounting start request packet (Accounting-Request) to RADIUS server, and
the value of Status-Type is start.
authentication result. If it is allowed to accept the user, RADIUS client will send
accounting start request packet (Accounting-Request) to RADIUS server, and
the value of Status-Type is start.
■
RADIUS server returns the accounting start response packet
(Accounting-Response).
(Accounting-Response).
■
RADIUS client sends the accounting stop request packet (Accounting-Request)
to RADIUS server and the value of Status-Type is stop.
to RADIUS server and the value of Status-Type is stop.
■
RADIUS server returns the accounting stop response packet
(Accounting-Response).
(Accounting-Response).
The RADIUS packet structure
RADIUS uses UDP to transmit message. By employing timer management,
retransmission, and slave server mechanisms, it can ensure that the interactive
messages between the RADIUS server and the client can be transceived correctly.
The following figure illustrates a RADIUS packet.
retransmission, and slave server mechanisms, it can ensure that the interactive
messages between the RADIUS server and the client can be transceived correctly.
The following figure illustrates a RADIUS packet.
PSTN/
ISDN
RADIUS Server
The subscriber enters user name and password
/
Authentication Request ( Access-Request)
PC
RADIUS Client
Authentication Accept(Access-Accept)
Accounting-Request (start)
Accounting-Response
Accounting-Request (stop)
Accounting-Response
Notify of the terminated access
The subscriber accesses the resources
PSTN/
ISDN
RADIUS Server
The subscriber enters user name and password
/
Authentication Request ( Access-Request)
PC
RADIUS Client
Authentication Accept(Access-Accept)
Accounting-Request (start)
Accounting-Response
Accounting-Request (stop)
Accounting-Response
Notify of the terminated access
The subscriber accesses the resources