More on Proxying
RADIUS accounting proxies act in much the same way as RADIUS authentication/authorization proxies do. Consider the following process:
The RADIUS client gear sends the
Accounting Startpacket to the accounting server.The receiving accounting server logs the packet. It may then add the
Proxy-Stateattribute and accompanying details (though it is not required to do so). It updates the request authenticator and then forwards the information to a remote machine.This remote machine logs the incoming, forwarded packet. It then does what the first server could not do (that is to say, it performs the action that was required of the proxy), retains and copies all of the
Proxy-Stateattributes exactly as they appeared, and sends anAccounting-Responsepacket back to the original forwarding server.The original forwarding server receives the acknowledgment, strips out the
Proxy-Stateinformation, constructs and adds theResponse Authenticator, and sends the modified acknowledgment response back to the RADIUS client gear.
Figure 4-1 shows the flow of this process.
![]() |
