Router User Manual
Nortel Secure Router 8000 Series
Troubleshooting - VAS 1 AAA troubleshooting
Issue 01.01 (30 March 2009) Nortel Networks Inc. 1-3
Value Packet type Indication Description
1 Access-request Sending an
authentication request
NAS sends an authentication
request to a RADIUS server.
2 Access-accept Accepting the
authentication request
A RADIUS server sends a
response packet to accept the
authentication request.
3 Access-request Rejecting the
authentication request
A RADIUS server sends a
response packet to reject the
authentication request.
4 Accounting-request Sending an
accounting request
NAS sends an accounting
request to a RADIUS server.
5 Accounting-response Responding to the
accounting request
A RADIUS server responds to
an accounting request packet.
The three types of accounting packets are as follows. They are distinguished by the No.40 attributes
area.
z
value of No.40 attributes area is 1: accounting start packets
z
value of No.40 attributes area is 2: hot billing packets
z
value of No.40 attributes area is 3: accounting stop packets
z
Identifier—contains 1 byte, used to match request packets or response packets.
z
Length—contains 2 bytes, indicating the total length of all fields.
z
Authenticator—contains 16 bytes. This value is used to authenticate the reply from the
RADIUS server, and is used in the password hiding algorithm.
z
Attribute—has a flexible length and consists of various attributes. Figure 1-2 shows the
attribute format.
Figure 1-2 Attribute format
Type Length Value
01234567012345670123456701234567
− Type—indicates the attribute type.
− Length—indicates the length of every attribute and contains 1 byte.
− Value—indicates the attribute value and is flexible.
The NAS works as the RADIUS client and supports the following:
− standard RADIUS protocol and extended attributes, including RFC2865 and
RFC2866
− Nortel extended RADIUS+1.1 protocol
− active detection on the RADIUS server state