字段 | 长度 | 描述 |
Code | 1 byte | 用来标识RADIUS报文类型。
|
Packet Identifier | 1 byte | 用于匹配请求和回应报文。果在一个很短的时间内接收到相同的源IP地址、源UDP端口号和相同的Identifier域的请求报文,RADIUS服务器就可以认为是重复的请求报文。 |
Packet Length | 2 bytes | 包含了报文中的Code域,Identifier域,Length域,Authenticator域和属性域的总长度。如果收到的报文实际长度超过Length,超过部分被当做填充内容忽略掉,如果实际长度小于Length,报文被丢弃。 |
Authenticator | 16 bytes | 用于认证来自服务端的响应,也用于用户密码的加密处理中。 |
AVPs | 变长 | 属性字段,承载认证、授权、计费以及配置等信息。采用TLV格式:
|
属性编号 | 属性名 |
1 | User-Name |
2 | User-Password |
3 | CHAP-Password |
4 | NAS-IP-Address |
5 | NAS-Port |
6 | Service-Type |
7 | Framed-Protocol |
8 | Framed-IP-Address |
9 | Framed-IP-Netmask |
10 | Framed-Routing |
11 | Filter-Id |
12 | Framed-MTU |
13 | Framed-Compression |
14 | Login-IP-Host |
15 | Login-Service |
16 | Login-TCP-Port |
18 | Reply-Message |
19 | Callback-Number |
20 | Callback-Id |
22 | Framed-Route |
23 | Framed-IPX-Network |
24 | State |
25 | Class |
26 | Vendor-Specific |
27 | Session-Timeout |
28 | Idle-Timeout |
29 | Termination-Action |
30 | Called-Station-Id |
31 | Calling-Station-Id |
32 | NAS-Identifier |
33 | Proxy-State |
34 | Login-LAT-Service |
35 | Login-LAT-Node |
36 | Login-LAT-Group |
37 | Framed-AppleTalk-Link |
38 | Framed-AppleTalk-Network |
39 | Framed-AppleTalk-Zone |
40 | Acct-Status-Type |
41 | Acct-Delay-Time |
42 | Acct-Input-Octets |
43 | Acct-Output-Octets |
44 | Acct-Session-Id |
45 | Acct-Authentic |
46 | Acct-Session-Time |
47 | Acct-Input-Packets |
48 | Acct-Output-Packets |
49 | Acct-Terminate-Cause |
50 | Acct-Multi-Session-Id |
51 | Acct-Link-Count |
52 | Acct-Input-Gigawords |
53 | Acct-Output-Gigawords |
55 | Event-Timestamp |
60 | CHAP-Challenge |
61 | NAS-Port-Type |
62 | Port-Limit |
63 | Login-LAT-Port |
64 | Tunnel-Type |
65 | Tunnel-Medium-Type |
66 | Tunnel-Client-Endpoint |
67 | Tunnel-Server-Endpoint |
68 | Acct-Tunnel-Connection |
69 | Tunnel-Password |
70 | ARAP-Password |
71 | ARAP-Features |
72 | ARAP-Zone-Access |
73 | ARAP-Security |
74 | ARAP-Security-Data |
75 | Password-Retry |
76 | Prompt |
77 | Connect-Info |
78 | Configuration-Token |
79 | EAP-Message |
80 | Message-Authenticator |
81 | Tunnel-Private-Group-ID |
82 | Tunnel-Assignment-ID |
83 | Tunnel-Preference |
84 | ARAP-Challenge-Response |
85 | Acct-Interim-Interval |
86 | Acct-Tunnel-Packets-Lost |
87 | NAS-Port-Id |
88 | Framed-Pool |
89 | Chargeable-User-Identity |
90 | Tunnel-Client-Auth-ID |
91 | Tunnel-Server-Auth-ID |
94 | Originating-Line-Info |
95 | NAS-IPv6-Address |
96 | Framed-Interface-Id |
97 | Framed-IPv6-Prefix |
98 | Login-IPv6-Host |
99 | Framed-IPv6-Route |
100 | Framed-IPv6-Pool |
101 | Error-Cause |
192-223 | 保留给实验用 |
224-240 | 保留给特定实现用 |
241-255 | 预留的,而且不应该使用它们 |
标准 | 描述 |
RFC 2865 | Remote Authentication Dial In User Service (RADIUS) |
RFC 2866 | RADIUS Accounting |
RFC 2867 | RADIUS Accounting Modifications for Tunnel Protocol Support |
RFC 2868 | RADIUS Attributes for Tunnel Protocol Support |
RFC 2869 | RADIUS Extensions |
RFC 3162 | RADIUS and IPv6 |
RFC 3576 | Dynamic Authorization Extensions to Remote Authentication Dial In User Service (RADIUS) |
RFC 4372 | Chargeable User Identity |
欢迎光临 鸿鹄论坛 (https://bbs.hh010.com/) | Powered by Discuz! X3.4 |