Subscriber AAA Access Messages Overview

Authorization and authentication access messages identify subscribers before the RADIUS server grants or denies them access to the network or network services. When an application requests user authentication, the request must have certain authenticating attributes, such as a user’s name, password, and the particular type of service the user is requesting. This information is sent in the authentication request via the RADIUS protocol to the RADIUS server. In response, the RADIUS server grants or denies the request.

The router supports the following types of authentication and authorization messages:

• Access-Request—Requests client authentication. RADIUS responds to a client authentication request with either an Access-Accept, an Access-Reject, or an Access-Challenge message. An Access-Request message can contain a number of RADIUS attributes.
• Access-Accept—Grants the client’s access request and can provide specific configuration information necessary to begin delivery of service to the user.
• Access-Reject—Sent if any value of the received attributes is not acceptable.
• Access-Challenge—Sent to the client, requesting additional authentication information.
• Change-of-Authorization-Request (CoA-Request)—Dynamically modifies session attributes, such as data filters.
• Disconnect-Request—Immediately terminates a user session.