H3C S7500 Series Operation Manual page 528

Operation Manual – AAA & RADIUS & HWTACACS & EAD
H3C S7500 Series Ethernet Switches
Code
3
4
5
2) The Identifier field (one byte) identifies the request and response packets. It is
subject to the Attribute field and varies with the received valid responses, but it
keeps unchanged during retransmission.
3) The Length field (two bytes) specifies the total length of the packet (including the
Code, Identifier, Length, Authenticator, and Attribute fields). The bytes beyond the
length will be regarded as padding bytes and are ignored upon receiving the
packet. If the received packet is shorter than the value of this field, it will be
discarded.
4) The Authenticator field (16 bytes) is used to verify the packet returned from the
RADIUS server; it is also used in the password hiding algorithm. There are two
kinds of authenticators: Request and Response.
5) The Attribute field contains special authentication, authorization, and accounting
information to provide the configuration details of a request or response packet.
This field is represented by a field triplet (Type, Length, and Value):
The Type field (one byte) specifies the type of the attribute. Its value ranges from 1
to 255.
authentication and authorization.
The Length field (one byte) specifies the total length of the Attribute field in bytes
(including the Type, Length and Value fields).
The Value field (up to 253 bytes) contains the information about the attribute. Its
content and format are determined by the Type and Length fields.
Packet type
Access-Reject
Accounting-Reque
st
Accounting-Respo
nse
Table 1-2 lists the attributes that are commonly used in RADIUS
1-6
Chapter 1 AAA & RADIUS & HWTACACS
Packet description
Direction: server->client.
The server transmits this packet to the client if
any attribute value carried in the
Access-Request packet is not accepted (that is,
the user authentication fails).
Direction: client->server.
The client transmits this packet to the server to
request the server to start or end the accounting
(whether to start or to end the accounting is
determined by the Acct-Status-Type attribute in
the packet).
This packet carries almost the same attributes
as those carried in the Access-Request packet.
Direction: server->client.
The server transmits this packet to the client to
notify the client that it has received the
Accounting-Request packet and has correctly
recorded the accounting information.
Configuration