Basic Message Exchange Process Of Radius - HP V1910 Switch Series User Manual

addition, to prevent user passwords from being intercepted on insecure networks, RADIUS encrypts
passwords before transmitting them.
A RADIUS server supports multiple user authentication methods. Moreover, a RADIUS server can act as
the client of another AAA server to provide authentication proxy services.

Basic message exchange process of RADIUS

Figure 329 illustrates the interaction of the host, the RADIUS client, and the RADIUS server.
Figure 329 Basic message exchange process of RADIUS
RADIUS operates in the following manner:
The host initiates a connection request that carries the user's username and password to the
1.
RADIUS client.
After receiving the username and password, the RADIUS client sends an authentication request
2.
(Access-Request) to the RADIUS server, with the user password encrypted by using the
Message-Digest 5 (MD5) algorithm and the shared key.
The RADIUS server authenticates the username and password. If the authentication succeeds, the
3.
server sends back an Access-Accept message containing the user's authorization information. If
the authentication fails, the server returns an Access-Reject message.
The RADIUS client permits or denies the user according to the returned authentication result. If it
4.
permits the user, it sends a start-accounting request (Accounting-Request) to the RADIUS server.
The RADIUS server returns a start-accounting response (Accounting-Response) and starts
5.
accounting.
The user accesses the network resources.
6.
The host requests the RADIUS client to tear down the connection and the RADIUS client sends a
7.
stop-accounting request (Accounting-Request) to the RADIUS server.