H3C S3100-52P Operation Manual page 407

Operation Manual – AAA
H3C S3100-52P Ethernet switch
Code
3
4
5
2) The Identifier field (one byte) is used to match requests and responses. It changes
whenever the content of the Attributes field changes, and whenever a valid
response has been received for a previous request, but remains unchanged for
message retransmission.
3) The Length field (two bytes) specifies the total length of the message (including
the Code, Identifier, Length, Authenticator and Attributes fields). The bytes beyond
the length are regarded as padding and are ignored upon reception. If a received
message is shorter than what the Length field indicates, it is discarded.
4) The Authenticator field (16 bytes) is used to authenticate the response from the
RADIUS server; and is used in the password hiding algorithm. There are two kinds
of authenticators: Request Authenticator and Response Authenticator.
5) The Attributes field contains specific authentication/authorization/accounting
information to provide the configuration details of a request or response message.
This field contains a list of field triplet (Type, Length and Value):
The Type field (one byte) specifies the type of an attribute. Its value ranges from 1
to 255.
authentication/authorization.
The Length field (one byte) specifies the total length of the attribute in bytes
(including the Type, Length and Value fields).
The Value field (up to 253 bytes) contains the information of the attribute. Its
format is determined by the Type and Length fields.
Message type
Access-Reject
Accounting-Request
Accounting-Response
Table 1-2 lists the attributes that are commonly used in RADIUS
Message description
Direction: server->client.
The server transmits this message to the
client if any attribute value carried in the
Access-Request message is unacceptable
(that is, the user fails the authentication).
Direction: client->server.
The client transmits this message to the
server to request the server to start or end the
accounting (whether to start or to end the
accounting is determined by the
Acct-Status-Type attribute in the message).
This message carries almost the same
attributes as those carried in the
Access-Request message.
Direction: server->client.
The server transmits this message to the
client to notify the client that it has received
the Accounting-Request message and has
correctly recorded the accounting information.
1-6
Chapter 1 AAA Overview