ISR Computing -
How Radius works?
RADIUS Packet General Structure
| Field | Length |
| Code | 1 byte |
| Identifier | 1 byte |
| Length | 2 bytes |
| Authenticator | 16 bytes |
| Attributes | Variable Length |
The attributes section is where an arbitrary number of attribute fields are stored.
"Must have" attributes are the "User-Name" and "User-Password attributes.
The Identifier is a one octet value that allows the RADIUS client to match a RADIUS response with the correct outstanding request.
Simple Authentication Exchange
1) Client sends Access-Request packet
Code = 1 (Accept-Request)
Identifier = simple counter (generated by client)
Length =
Authenticator = randomly chosen 16 bit string.
Attributes:
"User-Name" - clear text
"User-Password" = md5(shared secret + Request Authenticator) XOR "password".
2) Server send Access-Accept
Code=2
Identifier = same as what client sent
Authenticator = MD5 hash of the response packet with the associated request packet's Request Authenticator in the Authenticator field, concatenated with the shared secret.
ResponseAuth = MD5(Code+ID+Length+RequestAuth+Attributes+Secret) where + denotes concatenation.
Attributes: NONE
3) Client received Access-Accept and matches received identifier with the one it sent earlier.
RADIUS Reference
The code establishes the type of RADIUS packet. The codes are:
| Value | Description |
| 1 | Access-Request |
| 2 | Access-Accept |
| 3 | Access-Reject |
| 4 | Accounting-Request |
| 5 | Accounting-Response |
| 11 | Access-Challenge |
| 12 | Status-Server (experimental) |
| 13 | Status-Client (experimental) |
| 255 | Reserved |
RADIUS Attribute Types:
| Type Values | Description |
|
1 |
User-Name |
|
2 |
User-Password |
|
3 |
CHAP-Password |
|
4 |
NAS-IP-Address |
|
5 |
NAS-Port |
|
6 |
Service-Type |
|
7 |
Framed-Protocol |
|
8 |
Framed-IP-Address |
|
9 |
Framed-IP-Netmask |
|
10 |
Framed-Routing |
|
11 |
Filter-ID |
|
12 |
Framed-MTU |
|
13 |
Framed-Compression |
|
19 |
Reply-Message |
|
24 |
State |
|
25 |
Class |
|
26 |
Vendor-Specific |
|
27 |
Session-Timeout |
|
28 |
Idle-Timeout |
|
29 |
Termination-Action |
|
32 |
NAS-Identifier |
|
61 |
NAS-Port-Type |
|
62 |
Port-Limit |
Search
Moving your apps to Amazon or Miscrosoft Clouds?
We can help you analyze your existing infrastructure, identify the cost savings we can achieve by migrating to a cloud provider. We can then execute end-to-end migration plan of your infrastructure and bringing down your TCO.
Ready for IPv6 Migration?
The Internet is running out of the equivalent of phone numbers - familiar problem, non-trivial solution.
The world has to move to IPv6, with its 128-bit addresses. But that's easier said than done.
Are you fluent in "Linux"?
Learn Linux from a leading expert and quickly master you Linux skills.
Learn how to simplify your workflow and increase your productivity using tips and techniques of the pros.
Ideal training for Corporate IT Beginners and Advanced IT Admins alike.
Who's Online
We have 8 guests and no members online