H3C Technologies H3C S5120 Series Switches User Manual

Page 411

Advertising
background image

1-5

Code

Packet type

Description

2 Access-Accept

From the server to the client. If all the attribute
values carried in the Access-Request are
acceptable, that is, the authentication succeeds,
the server sends an Access-Accept response.

3 Access-Reject

From the server to the client. If any attribute value
carried in the Access-Request is unacceptable, the
server rejects the user and sends an
Access-Reject response.

4 Accounting-Request

From the client to the server. A packet of this type
carries user information for the server to start/stop
accounting for the user. It contains the
Acct-Status-Type attribute, which indicates
whether the server is requested to start the
accounting or to end the accounting.

5 Accounting-Response

From the server to the client. The server sends to
the client a packet of this type to notify that it has
received the Accounting-Request and has
correctly started recording the accounting
information.

2) The Identifier field (1-byte long) is for matching request packets and response packets and

detecting retransmitted request packets. The request and response packets of the same type have

the same identifier.

3) The Length field (2-byte long) indicates the length of the entire packet, including the Code,

Identifier, Length, Authenticator, and Attribute fields. The value of the field is in the range 20 to

4096. Bytes beyond the length are considered the padding and are neglected upon reception. If the

length of a received packet is less than that indicated by the Length field, the packet is dropped.

4) The Authenticator field (16-byte long) is used to authenticate replies from the RADIUS server, and

is also used in the password hiding algorithm. There are two kinds of authenticators: request

authenticator and response authenticator.

5) The Attribute field, with a variable length, carries the specific authentication, authorization, and

accounting information for defining configuration details of the request or response. This field is

represented in triplets of Type, Length, and Value.

z

Type: One byte, in the range 1 to 255. It indicates the type of the attribute. Commonly used

attributes for RADIUS authentication, authorization and accounting are listed in

Table 1-2

.

z

Length: One byte for indicating the length of the attribute in bytes, including the Type, Length, and

Value fields.

z

Value: Value of the attribute, up to 253 bytes. Its format and content depend on the Type and

Length fields.

Table 1-2 RADIUS attributes

No.

Attribute

No.

Attribute

1 User-Name

45 Acct-Authentic

2 User-Password

46 Acct-Session-Time

3 CHAP-Password

47 Acct-Input-Packets

4 NAS-IP-Address

48 Acct-Output-Packets

5 NAS-Port

49 Acct-Terminate-Cause

Advertising
Popular Brands
Popular manuals