6.2. RADIUS Messaging

The RADIUS message set is rather simple and consists of only eight messages, of which only the first four are specified in the base specifications. We will describe the function of these messages briefly. For now, here is a list:

  • Access Request: This message is generated by the NAS (RADIUS client) towards the server to forward the request from or on behalf of a user. (NAS-->AS).

  • Access Challenge: This message is sent from the RADIUS server to the RADIUS client (NAS) and is generally used to question the NAS or the user about something or perform some sort of negotiation.

  • Access Accept: This message is sent from the RADIUS server to the NAS to indicate a successful completion of (and typically grant) the request.

  • Access Reject: This message is sent by the server to indicate the rejection of a request.

  • Accounting request: This message is sent from the client to the accounting server to convey accounting information regarding the service provided to the user.

  • Accounting response: This message is sent by the server to the client to acknowledge that the accounting information sent by the client has been received and indicates the result of the performed accounting function by the server.

  • Status-Server and Status-Client: These two messages are experimental.

It should be noted that newer RADIUS specifications such as [RAD3576] have defined a number of new RADIUS messages (codes). However, due to the large deployment base for RADIUS, the RADIUS community is very protective ...

Get AAA and Network Security for Mobile Access: Radius, Diameter, EAP, PKI and IP Mobility now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.