RADIUS or (Remote Authentication Dial In User Service) is a widely used protocol for wired and wireless network access control. In non flat-rate services, RADIUS Accounting is used to record service usages such as connection time and network use, then based on these records the user is billed. This article provides an overview on how RADIUS Accounting works.

In RADIUS accounting, Network Access Server (NAS), which can be a modem, bridge or access point, issues a RADIUS Accounting-Request start message (Acct-Status-Type attribute set to Stop=1) to the accounting server, right after the peer is authenticated and authorized. At the end of the session (when the peer logs off), the NAS issues an Accounting-Request stop message (Acct-Status-Type attribute set to Stop=2) to provide service usage and accounting information to the accounting server.

Optionally, the NAS may also send RADIUS Accounting-Request update messages (Acct-Status-Type attribute set to Interim-Update=3) to provide accounting information about an on-going session. Each RADIUS Accounting-Request message is acknowledged by the RADIUS accounting server with a RADIUS Accounting-Response message.

[RFC 2866] provides information about RADIUS accounting packet formats. In addition to attributes specific to RADIUS accounting, the Accounting-Request and Accounting-Response messages can carry any other attributed defined in the base RADIUS protocol [RFC 2865]. For instance, the User-Name attributed is used in the Accounting-Request message to indicate the identity of the user who received the service.

Labels: security