H3C S5830V2 Security Configuration Manual page 17

Basic RADIUS packet exchange process
Figure 3 illustrates the interactions between a user host, the RADIUS client, and the RADIUS server.
Figure 3 Basic RADIUS packet exchange process
RADIUS operates in the following manner:
1. The host sends a connection request that includes the user's username and password to the
RADIUS client.
2. The RADIUS client encrypts the user password by using the MD5 algorithm, the shared key, and
some other information, encapsulates the username and the encrypted password to an
authentication request (Access-Request), and sends the request to the RADIUS server.
3. The RADIUS server authenticates the username and password. If the authentication succeeds, the
server sends back an Access-Accept packet that contains the user's authorization information. If
the authentication fails, the server returns an Access-Reject packet.
4. The RADIUS client permits or denies the user according to the authentication result. If it permits the
user, it sends a start-accounting request (Accounting-Request) packet to the RADIUS server.
5. The RADIUS server returns an acknowledgement (Accounting-Response) packet and starts
accounting.
6. The user accesses the network resources.
7. The host requests the RADIUS client to tear down the connection.
8. The RADIUS client sends a stop-accounting request (Accounting-Request) packet to the RADIUS
server.
9. The RADIUS server returns an acknowledgement (Accounting-Response) and stops accounting for
the user.
10. The RADIUS client notifies the user of the termination.
3