H3C S5500-SI Series Operation Manual page 549

Table 1-1 Main values of the Code field
Code
1 Access-Request
2 Access-Accept
3 Access-Reject
4 Accounting-Request
5 Accounting-Response
3) The Identifier field (1-byte long) is for matching request packets and response packets and
detecting retransmitted request packets. The request and response packets of the same type have
the same identifier.
4) The Length field (2-byte long) indicates the length of the entire packet, including the Code,
Identifier, Length, Authenticator, and Attribute fields. The value of the field is in the range 20 to
4096. Bytes beyond the length are considered the padding and are neglected upon reception. If the
length of a received packet is less than that indicated by the Length field, the packet is dropped.
5) The Authenticator field (16-byte long) is used to authenticate replies from the RADIUS server, and
is also used in the password hiding algorithm. There are two kinds of authenticators: request
authenticator and response authenticator.
6) The Attribute field, with a variable length, carries the specific authentication, authorization, and
accounting information for defining configuration details of the request or response. This field is
represented in triplets of Type, Length, and Value.
Type: One byte, in the range 1 to 255. It indicates the type of the attribute. Commonly used
attributes for RADIUS authentication, authorization and accounting are listed in
Length: One byte for indicating the length of the attribute in bytes, including the Type, Length, and
Value fields.
Value: Value of the attribute, up to 253 bytes. Its format and content depend on the Type and
Length fields.
Packet type
1-5
Description
From the client to the server. A packet of this type
carries user information for the server to
authenticate the user. It must contain the
User-Name attribute and can optionally contain the
attributes of NAS-IP-Address, User-Password,
and NAS-Port.
From the server to the client. If all the attribute
values carried in the Access-Request are
acceptable, that is, the authentication succeeds,
the server sends an Access-Accept response.
From the server to the client. If any attribute value
carried in the Access-Request is unacceptable, the
server rejects the user and sends an
Access-Reject response.
From the client to the server. A packet of this type
carries user information for the server to start/stop
accounting for the user. It contains the
Acct-Status-Type attribute, which indicates
whether the server is requested to start the
accounting or to end the accounting.
From the server to the client. The server sends to
the client a packet of this type to notify that it has
received the Accounting-Request and has
correctly started recording the accounting
information.
Table 1-2.