A RADIUS session tracks the life of a user session through
a series of message exchanges. RADIUS sessions are used to limit simultaneous
access to a resource for users who share the same credential, and
to manage the allocation and release of IP addresses acquired on behalf
of the user by the AAA server. Figure 1-2 illustrates the transaction between a RADIUS
AAA server and a client:
When the user's device connects to the client, the client sends
a RADIUS Access-Request to the AAA server. When the server receives
the request, it validates the sending client. If the client is permitted
to send requests to the server, the server then takes information
from the Access-Request and attempts to match the request to a user
profile. If all conditions are met, the server sends an Access-Accept
packet to the client; otherwise, the server sends an Access-Reject
packet. An Access-Accept data packet often includes authorization
information that specifies the services the user can access and other
session information, such as a timeout value that indicates when the
user must be disconnected from the system.
When the client receives an Access-Accept packet, it generates
an Accounting-Request to start the session and send the request to
the server. The Accounting-Request data packet describes the type
of service being delivered and the user of the service. The server
then responds with an Accounting-Response to acknowledge that the
request was successfully received and recorded. The user's session
ends when the client generates an Accounting-Request that is triggered
by the user, the client, or an interruption in service-to stop the
session. The server acknowledges the Accounting-Request with an Accounting-Response.
Printable version
