Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP-UX AAA Server A.06.02 Administrator's Guide: HP-UX 11i v1 and 11i v2 > Chapter 1 Overview: The HP-UX AAA Server

Establishing a RADIUS Session
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

The RADIUS session handles a user request through a series of message exchanges. These message exchanges attempt to provide the user with a network service by establishing a session for the user. This transaction can be described as a series of actions that exchange data packets containing information related to the request. Figure 1-2 “Client-Server RADIUS Transaction” illustrates the details of the transaction between a RADIUS AAA server and a client (an NAS in this example). When the user’s workstation connects to the client, the client sends an Access-Request RADIUS data packet to the AAA server.

Figure 1-2 Client-Server RADIUS Transaction

Client-Server RADIUS Transaction

When the server receives the request, it validates the sending client. If the client is permitted to send requests to the server, the server will then take information from the Access-Request and attempt to match the request to a user profile. The profile contains a list of requirements that must be met to successfully authenticate the user. Authentication usually includes verification of a password, but can also specify other information, such as the port number of the client or the service type that has been requested, that must be verified.

If all conditions are met, the server sends an Access-Accept packet to the client; otherwise, the server sends an Access-Reject packet. An Access-Accept data packet often includes authorization information that specifies the services the user can access and other session information, such as a timeout value that indicates when the user must be disconnected from the system.

When the client receives an Access-Accept packet, it generates an Accounting-Request to start the session and send the request to the server. The Accounting-Request data packet describes the type of service being delivered, and the user of the service. The server then responds with an Accounting-Response to acknowledge that the request was successfully received and recorded. The user’s session ends when the client generates an Accounting-Request—triggered by the user, by the client, or an interruption in service—to stop the session. The server then acknowledges the Accounting-Request with an Accounting-Response.



RADIUS Topology
  		 


Product Structure  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2001-2005 Hewlett-Packard Development Company, L.P.