H3C Technologies H3C S12500-X Series Switches User Manual
Page 15
3
339B
Basic RADIUS packet exchange process
676H
Figure 3
illustrates the interactions between a user host, the RADIUS client, and the RADIUS server.
Figure 3 Basic RADIUS packet exchange process
RADIUS uses in the following workflow:
1.
The host sends a connection request that includes the user's username and password to the
RADIUS client.
2.
The RADIUS client sends an authentication request (Access-Request) to the RADIUS server. The
request includes the user's password, which has been processed by the MD5 algorithm and
shared key.
3.
The RADIUS server authenticates the username and password. If the authentication succeeds, the
server sends back an Access-Accept packet that contains the user's authorization information. If
the authentication fails, the server returns an Access-Reject packet.
4.
The RADIUS client permits or denies the user according to the authentication result. If the result
permits the user, the RADIUS client sends a start-accounting request (Accounting-Request) packet to
the RADIUS server.
5.
The RADIUS server returns an acknowledgement (Accounting-Response) packet and starts
accounting.
6.
The user accesses the network resources.
7.
The host requests the RADIUS client to tear down the connection.
8.
The RADIUS client sends a stop-accounting request (Accounting-Request) packet to the RADIUS
server.
9.
The RADIUS server returns an acknowledgement (Accounting-Response) and stops accounting for
the user.
10.
The RADIUS client notifies the user of the termination.