HP 6125G Configuration Manual page 13

Figure 3 Basic RADIUS message exchange process
RADIUS operates in the following manner:
The host initiates a connection request that carries the user's username and password to the
1.
RADIUS client.
Having received the username and password, the RADIUS client sends an authentication request
2.
(Access-Request) to the RADIUS server, with the user password encrypted by using the
Message-Digest 5 (MD5) algorithm and the shared key.
The RADIUS server authenticates the username and password. If the authentication succeeds, the
3.
server sends back an Access-Accept message containing the user's authorization information. If
the authentication fails, the server returns an Access-Reject message.
The RADIUS client permits or denies the user according to the returned authentication result. If it
4.
permits the user, it sends a start-accounting request (Accounting-Request) to the RADIUS server.
The RADIUS server returns a start-accounting response (Accounting-Response) and starts
5.
accounting.
The user accesses the network resources.
6.
The host requests the RADIUS client to tear down the connection and the RADIUS client sends a
7.
stop-accounting request (Accounting-Request) to the RADIUS server.
The RADIUS server returns a stop-accounting response (Accounting-Response) and stops
8.
accounting for the user.
RADIUS packet format
RADIUS uses UDP to transmit messages. To ensure smooth message exchange between the RADIUS
server and the client, RADIUS uses a series of mechanisms, including the timer management mechanism,
the retransmission mechanism, and the backup server mechanism.
format.
Figure 4
3
shows the RADIUS packet