HP 5120 EI Switch Series Configuration Manual page 13

Figure 3 RADIUS basic message exchange process
Host
1) Username and password
9) Notification of access termination
RADIUS operates in the following manner:
The host initiates a connection request carrying the username and password to the RADIUS client.
1.
Having received the username and password, the RADIUS client sends an authentication request
2.
(Access-Request) to the RADIUS server, with the user password encrypted by using the Message-
Digest 5 (MD5) algorithm and the shared key.
The RADIUS server authenticates the username and password. If the authentication succeeds, it
3.
sends back an Access-Accept message containing the user's authorization information. If the
authentication fails, it returns an Access-Reject message.
The RADIUS client permits or denies the user according to the returned authentication result. If it
4.
permits the user, it sends a start-accounting request (Accounting-Request) to the RADIUS server.
The RADIUS server returns a start-accounting response (Accounting-Response) and starts
5.
accounting.
The user accesses the network resources.
6.
The host requests the RADIUS client to tear down the connection and the RADIUS client sends a
7.
stop-accounting request (Accounting-Request) to the RADIUS server.
The RADIUS server returns a stop-accounting response (Accounting-Response) and stops accounting
8.
for the user.
The user stops access to network resources.
9.
RADIUS packet format
RADIUS uses UDP to transmit messages. It ensures smooth message exchange between the RADIUS server
and the client through a series of mechanisms, including the timer management mechanism, the
retransmission mechanism, and the backup server mechanism.
RADIUS client
2) Access-Request
3) Access-Accept/Reject
4) Accounting-Request (start)
6) The host accesses the resources
7) Accounting-Request (stop)
3
RADIUS server
5) Accounting-Response
8) Accounting-Response
Figure 4 shows the RADIUS packet format.