3Com WX3000 Series Operation Manual page 255

Code Message type
3 Access-Reject
Accounting-Requ
4
est
Accounting-Resp
5
onse
2) The Identifier field (one byte) is used to match requests and responses. It changes whenever the
content of the Attributes field changes, and whenever a valid response has been received for a
previous request, but remains unchanged for message retransmission.
3) The Length field (two bytes) specifies the total length of the message (including the Code, Identifier,
Length, Authenticator and Attributes fields). The bytes beyond the length are regarded as padding
and are ignored upon reception. If a received message is shorter than what the Length field
indicates, it is discarded.
4) The Authenticator field (16 bytes) is used to authenticate the response from the RADIUS server;
and is used in the password hiding algorithm. There are two kinds of authenticators: Request
Authenticator and Response Authenticator.
5) The Attributes field contains specific authentication/authorization/accounting information to provide
the configuration details of a request or response message. This field contains a list of field triplet
(Type, Length and Value):
The Type field (one byte) specifies the type of an attribute. Its value ranges from 1 to 255.
lists the attributes that are commonly used in RADIUS authentication/authorization.
The Length field (one byte) specifies the total length of the attribute in bytes (including the Type,
Length and Value fields).
The Value field (up to 253 bytes) contains the information of the attribute. Its format is determined
by the Type and Length fields.
Table 1-2 RADIUS attributes
Type field value
1
2
3
4
5
6
7
Direction: server->client.
The server transmits this message to the client if any attribute
value carried in the Access-Request message is unacceptable
(that is, the user fails the authentication).
Direction: client->server.
The client transmits this message to the server to request the
server to start or end the accounting (whether to start or to end the
accounting is determined by the Acct-Status-Type attribute in the
message).
This message carries almost the same attributes as those carried
in the Access-Request message.
Direction: server->client.
The server transmits this message to the client to notify the client
that it has received the Accounting-Request message and has
correctly recorded the accounting information.
Attribute type
User-Name
User-Password
CHAP-Password
NAS-IP-Address
NAS-Port
Service-Type
Framed-Protocol
1-5
Message description
Type field value
23 Framed-IPX-Network
24 State
25 Class
26 Vendor-Specific
27 Session-Timeout
28 Idle-Timeout
29 Termination-Action
Table 1-2
Attribute type