Radius Protocol:
The RADIUS protocol is an application layer protocol, which runs over UDP. It is defined in RFC 2865. The RADIUS accounting protocol is described in RFC 2866.
Packet Format:
|
0 |
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
|
Code |
Identifier |
Length |
|||||||||||||||||||||||||||||
|
Authenticator |
|||||||||||||||||||||||||||||||
|
Attributes |
|||||||||||||||||||||||||||||||
Radius packets are sent using the UDP protocol. The packet itself consists of a RADIUS header followed by a list of attributes.
Code (8 bits) - Identifies the type of RADIUS packet. Different packet types are handled by different agents within a RADIUS client or server:
|
Code |
Description |
|
|
1 |
Access - Request |
Send from the RADIUS client and contains the user's login name and encrypted password. |
|
2 |
Access-Accept |
Sent from the RADIUS server in response to an Access Request, If the user is authorized to log in. This packet will contain attributes that define what will happen to this user next. |
|
3 |
Access-Reject |
Sent from the RADIUS server in response to an Access Request, if the user is not authorized to log in. |
|
4 |
Accounting-Request |
Sent from the RADIUS client when users log in and off or are disconnected. |
|
5 |
Accounting-Response |
Sent from the RADIUS server in reply to accounting Requests, so that the client knows that its request was received and processed. |
|
11 |
Access-Challenge |
|
Identifier (8 bits) - Used to match Radius request and reply packets.
Length (16 bits) - Indicates the length of the entire packet .
Authenticator (16 bits) - This value is used to authenticate the reply from the RADIUS server, and is used in the password hiding algorithm. These special codes called keys or secrets are used by the RADIUS client and server to ensure that the packets it recieves come from an authorized source.
Attributes - RADIUS attributes carry the specific authentication, authorization and accounting details for the request and response. Some attributes MAY be included more than once.
Type 8 bits.
Length (8 bits) - Indicated the length of this attribute including the type, length and value fields.
Value - Contains the information specific to the attribute.
To a complete list
of the attributes
