RADIUS IETF Attributes
IETF Attributes Versus VSAs
RADIUS Internet Engineering Task Force (IETF) attributes are the original set of 255 standard attributes that are used to communicate AAA information between a client and a server. Because IETF attributes are standard, the attribute data is predefined and well known; thus all clients and servers who exchange AAA information via IETF attributes must agree on attribute data such as the exact meaning of the attributes and the general bounds of the values for each attribute.
RADIUS vendor-specific attributes (VSAs) derived from one IETF attribute-vendor-specific (attribute 26). Attribute 26 allows a vendor to create an additional 255 attributes however they wish. That is, a vendor can create an attribute that does not match the data of any IETF attribute and encapsulate it behind attribute 26; thus, the newly created attribute is accepted if the user accepts attribute 26.
Name |
Value |
Type |
---|---|---|
Acct-Authentic | integer | 45 |
Acct-Delay-Time | integer | 41 |
Acct-Input-Giga-Words | integer | 52 |
Acct-Input-Octets | integer | 42 |
Acct-Input-Packets | integer | 47 |
Acct-Interim-Interval | integer | 85 |
Acct-Link-Count | integer | 51 |
Acct-Output-Giga-Words | integer | 53 |
Acct-Output-Octets | integer | 43 |
Acct-Output-Packets | integer | 48 |
Acct-Session-Time | integer | 46 |
Acct-Status-Type | integer | 40 |
Acct-Terminate-Cause | integer | 49 |
CHAP-Challenge | binary | 40 |
CHAP-Password | binary | 3 |
Dynamic-Author-Error-Cause | integer | 101 |
Event-Timestamp | integer | 55 |
Filter-Id | binary | 11 |
Framed-Protocol | integer | 7 |
Framed-IP-Address | ipv4addr | 8 |
Framed-IP-Netmask |
ipv4addr |
9 |
Framed-Route | "string" | 22 |
login-ip-addr-host | ipv4addr | 14 |
Multilink-Session-ID | string | 50 |
Nas-Identifier | string | 32 |
NAS-IP-Address | ipv4addr | 4 |
NAS-Port | integer | 5 |
Reply-Message | binary | 18 |
Service-Type | integer | 6 |
Tunnel-Assignment-Id | string | 32 |
Tunnel-Packets-Lost | integer | 86 |
X-Ascend-Client-Primary-DNS | ipv4addr | 135 |
X-Ascend-Client-Secondary-DNS | ipv4addr | 136 |
NAS-IPv6-Address | string | 95 |
Delegated-IPv6-Prefix | binary | 123 |
Stateful-IPv6-Address-Pool | binary | 123 |
Framed-IPv6-Prefix | binary | 97 |
Framed-Interface-Id | binary | 96 |
Framed-IPv6-Pool | string | 100 |
Framed-IPv6-Route | string | 99 |
login-ip-addr-host | string | 98 |
IETF Tagged Attributes on LAC
The IETF Tagged Attributes support on L2TP Access Concentrator (LAC) provides a means of grouping tunnel attributes referring to the same tunnel in an Access-Accept packet sent from the RADIUS server to the LAC. The Access-Accept packet can contain multiple instances of same RADIUS attributes, but with different tags. The tagged attributes support ensures that all attributes pertaining to a given tunnel contain the same value in their respective tag fields, and that each set includes an appropriately-valued instance of the Tunnel-Preference attribute. This conforms to the tunnel attributes that are to be used in a multi-vendor network environment, thereby eliminating interoperability issues among Network Access Servers (NASs) manufactured by different vendors.
For details of RADIUS Attributes for Tunnel Protocol Support, refer RFC 2868.
These examples describe the format of IETF Tagged Attributes:
Tunnel-Type = :0:L2TP,
Tunnel-Medium-Type = :0:IP, Tunnel-Server-Endpoint = :0:"1.1.1.1",
Tunnel-Assignment-Id = :0:"1", Tunnel-Preference = :0:1, Tunnel-Password =
:0:"hello"
A tag value of 0 is
used in the above example in the format of
:0:
,
to group those attributes in the same packet that refer to the same tunnel.
Similar examples are:
Tunnel-Type = :1:L2TP,
Tunnel-Medium-Type = :1:IP, Tunnel-Server-Endpoint = :1:"2.2.2.2",
Tunnel-Assignment-Id = :1:"1", Tunnel-Preference = :1:1, Tunnel-Password =
:1:"hello"
Tunnel-Type = :2:L2TP,
Tunnel-Medium-Type = :2:IP, Tunnel-Server-Endpoint = :2:"3.3.3.3",
Tunnel-Assignment-Id = :2:"1", Tunnel-Preference = :2:2, Tunnel-Password =
:2:"hello"
Tunnel-Type = :3:L2TP,
Tunnel-Medium-Type = :3:IP, Tunnel-Server-Endpoint = :3:"4.4.4.4",
Tunnel-Assignment-Id = :3:"1", Tunnel-Preference = :3:2, Tunnel-Password =
:3:"hello"
Tunnel-Type = :4:L2TP,
Tunnel-Medium-Type = :4:IP, Tunnel-Server-Endpoint = :4:"5.5.5.5",
Tunnel-Assignment-Id = :4:"1", Tunnel-Preference = :4:3, Tunnel-Password =
:4:"hello"
Tunnel-Type = :5:L2TP,
Tunnel-Medium-Type = :5:IP, Tunnel-Server-Endpoint = :5:"6.6.6.6",
Tunnel-Assignment-Id = :5:"1", Tunnel-Preference = :5:3, Tunnel-Password =
:5:"hello"
IETF Tagged Attribute Name |
Value |
Type |
---|---|---|
Tunnel-Type | integer | 64 |
Tunnel-Medium-Type | integer | 65 |
Tunnel-Client-Endpoint | string | 66 |
Tunnel-Server-Endpoint | string | 67 |
Tunnel-Password | string | 69 |
Tunnel-Assignment-ID | string | 82 |
Tunnel-Preference | integer | 83 |
Tunnel-Client-Auth-ID | string | 90 |
Tunnel-Server-Auth-ID | string | 91 |