How does radius accounting work

Accounting-Response packets are sent by the RADIUS accounting server to the client to acknowledge that the Accounting-Request has been received and recorded successfully. When the client receives an Accounting-Response, the Identifier field is matched with a pending Accounting-Request. Invalid packets are silently discarded.

At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes. Skip to main content Press Enter. The device performs a match check between all attributes and user information on the device.

The device performs a match check between all the preceding attributes in the Request packet and user information on the device. If all the preceding attributes are successfully matched, the device responds with an ACK packet; otherwise, the device responds with a NAK packet. For the error code description, see Table and Table Parsing the attributes in the request packet fails. The request packet contains attributes that are not supported by the device or do not exist, so that the attribute check fails.

Errors that may occur are as follows:. The session request fails. The cause includes:. This error code is used for other authorization failures. The user fails to be deleted or the user does not exist. Exchange Procedure CoA allows the administrator to change the rights of an online user or perform reauthentication for the user through RADIUS after the user passes authentication.

Figure CoA interaction process. Figure DM interaction process. Session Identification Each service provided by the NAS to a user constitutes a session, with the beginning of the session defined as the point where service is first provided and the end of the session defined as the point where service is ended.

Errors that may occur are as follows: The authorized service scheme does not exist. The authorized QoS profile does not exist or no user queue is configured in the QoS profile. The authorized values of upstream and downstream priorities exceed the maximum values.

If there is no matching policy, then the server sends an Access-Reject message. If the shared secret matches, the Client reads the value of the Filter ID attribute. The Filter ID is a string of text. The request packet comprises the user ID, network address, session identifier, and point of access. These packets include details like the current session duration and data usage.

The packet includes information such as total time, data, and packets transferred the reason for disconnection, and other information relevant to the user's session. Upgrade your security. Click Here to learn how Foxpass can help you avoid costly security mistakes.