HP 12500 Series Configuration Manual page 17

A RADIUS server supports multiple user authentication methods, such as the Password Authentication
Protocol (PAP) and the Challenge Handshake Authentication Protocol (CHAP). Moreover, a RADIUS
server can act as the client of another AAA server to provide authentication proxy services.
Basic message exchange process
Figure 3 illustrates the interactions between the host, the RADIUS client, and the RADIUS server.
Figure 3 Basic message exchange process
RADIUS operates in the following manner:
The host initiates a connection request that carries the user's username and password to the
1.
RADIUS client.
Having received the username and password, the RADIUS client sends an authentication request
2.
(Access-Request) to the RADIUS server, with the user password encrypted by using the
Message-Digest 5 (MD5) algorithm and the shared key.
The RADIUS server authenticates the username and password. If the authentication succeeds, the
3.
server sends back an Access-Accept message containing the user's authorization information. If
the authentication fails, the server returns an Access-Reject message.
The RADIUS client permits or denies the user according to the returned authentication result. If it
4.
permits the user, it sends a start-accounting request (Accounting-Request) to the RADIUS server.
The RADIUS server returns a start-accounting response (Accounting-Response) and starts
5.
accounting.
The user accesses the network resources.
6.
The host requests the RADIUS client to tear down the connection and the RADIUS client sends a
7.
stop-accounting request (Accounting-Request) to the RADIUS server.
The RADIUS server returns a stop-accounting response (Accounting-Response) and stops
8.
accounting for the user.
7