Internet DRAFT - draft-ilgun-radius-accvsa
draft-ilgun-radius-accvsa
Network Working Group Koral Ilgun
INTERNET-DRAFT Ericsson Datacom Access
Category: Internet Draft
Title: draft-ilgun-radius-accvsa-02.txt
Date: 20 October 1999
Expires: 20 April 2000
RADIUS Vendor Specific Attributes for Ericsson Datacom Access
Status of this Memo
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as ``work in progress.''
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/lid-abstracts.txt
To view the list of Internet-Draft Shadow directories, see
http://www.ietf.org/shadow.html
The distribution of this memo is unlimited. It is filed as <draft-
ilgun-radius-accvsa-02.txt>, and expires April 20, 2000. Please send
comments to the author.
Abstract
This document describes vendor specific attributes for carrying
authentication, authorization and accounting information between an
Ericsson Datacom Access Network Access Server (NAS) and an
Authentication/Accounting Server using the Remote Authentication Dial
In User Service (RADIUS) protocol described in RFC 2058 and RFC 2059.
Ilgun [Page 1]
Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999
Table of Contents
1. Introduction ........................................... 4
2. Ericsson Datacom Access Radius Authentication Attributes 4
2.1 Acc-Ccp-Option ..................................... 5
2.2 Acc-Ip-Gateway-Pri ................................. 6
2.3 Acc-Ip-Gateway-Sec ................................. 7
2.4 Acc-Route-Policy ................................... 8
2.5 Acc-ML-MLX-Admin-State ............................. 9
2.6 Acc-ML-Call-Threshold .............................. 10
2.7 Acc-ML-Clear-Threshold ............................. 11
2.8 Acc-ML-Damping-Factor .............................. 11
2.9 Acc-Tunnel-Secret ................................. 12
2.10 Acc-Service-Profile ................................ 13
2.11 Acc-Request-Type .................................. 14
2.12 Acc-Framed-Bridge .................................. 15
2.13 Acc-Dns-Server-Pri ................................. 16
2.14 Acc-Dns-Server-Sec ................................. 17
2.15 Acc-Nbns-Server-Pri ................................ 18
2.16 Acc-Nbns-Server-Sec ................................ 18
2.17 Acc-Ip-Compression ................................. 19
2.18 Acc-Ipx-Compression ................................ 20
2.19 Acc-Callback-Delay ................................. 21
2.20 Acc-Callback-Num-Valid ............................. 22
2.21 Acc-Callback-Mode .................................. 23
2.22 Acc-Callback-CBCP-Type ............................. 24
2.23 Acc-Dialout-Auth-Mode .............................. 24
2.24 Acc-Dialout-Auth-Password .......................... 25
2.25 Acc-Dialout-Auth-Username .......................... 26
2.26 Acc-Access-Community ............................... 27
2.27 Acc-Vpsm-Reject-Cause .............................. 27
2.28 Acc-Ace-Token ...................................... 28
2.29 Acc-Ace-Token-Ttl .................................. 29
2.30 Acc-Ip-Pool-Name ................................... 30
2.31 Acc-Igmp-Admin-State ............................... 31
2.32 Acc-Igmp-Version ................................... 32
3. Ericsson Datacom Access Radius Accounting Attributes ..... 32
3.1 Acc-Reason-Code .................................... 34
3.2 Acc-Input-Errors ................................... 36
3.3 Acc-Output-Errors .................................. 36
3.4 Acc-Access-Partition ............................... 37
3.5 Acc-Customer-Id .................................... 38
3.6 Acc-Clearing-Cause ................................. 38
3.7 Acc-Clearing-Location .............................. 40
3.8 Acc-Vpsm-Oversubscribed ............................ 41
3.9 Acc-Acct-On-Off-Reason ............................. 42
Ilgun [Page 2]
Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999
3.10 Acc-Tunnel-Port .................................... 43
3.11 Acc-Dial-Port-Index ................................ 44
3.12 Acc-Connect-Tx-Speed ............................... 44
3.13 Acc-Connect-Rx-Speed ............................... 45
3.14 Acc-Modem-Modulation-Type .......................... 46
3.15 Acc-Modem-Error-Protocol ........................... 46
4. Security Considerations .................................. 47
5. References ............................................... 47
6. Expiration Date .......................................... 48
7. Author's Address ......................................... 48
Ilgun [Page 3]
Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999
1. Introduction
The Remote Authentication Dial In User Service (RADIUS) protocol is
specified by the RADIUS Working Group of the Internet Engineering
Task Force (IETF). There are two specifications that make up the
RADIUS protocol suite: Authentication [RIG97a] and Accounting
[RIG97b]. These protocols aim to centralize authentication,
configuration, and accounting of dial-in services to an independent
server.
Ericsson Datacom Access has implemented RADIUS authentication and
accounting for its Network Access Server family of router products.
This document provides details of Ericsson Datacom Access's RADIUS
implementation, in particular the use of Vendor Specific Attributes
(VSAs). It is intended as a guide for using the RADIUS protocol for
Ericsson Datacom Access products. Ericsson Datacom Access's VSAs use
a vendor Id of 5. For more information on Ericsson Datacom Access's
RADIUS implementation, see the white paper [EDA97b].
2. Ericsson Datacom Access Radius Authentication Attributes
The table below indicates how the authentication vendor-specific
attributes are used in the access request and response packets.
Ilgun [Page 4]
Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999
+---------------------------+----+-----+--------+--------+------+
| Attribute Name | # | Req | Accept | Reject | Chal |
+---------------------------+----+-----+--------+--------+------+
| Acc-Ccp-Option | 2 | | X | | |
| Acc-Ip-Gateway-Pri | 7 | | X | | |
| Acc-Ip-Gateway-Sec | 8 | | X | | |
| Acc-Route-Policy | 9 | | X | | |
| Acc-ML-MLX-Admin-State | 10 | | X | | |
| Acc-ML-Call-Threshold | 11 | | X | | |
| Acc-ML-Clear-Threshold | 12 | | X | | |
| Acc-ML-Damping-Factor | 13 | | X | | |
| Acc-Tunnel-Secret | 14 | | X | | |
| Acc-Service-Profile | 17 | | X | | |
| Acc-Request-Type | 18 | X | | | |
| Acc-Framed-Bridge | 19 | | X | | |
| Acc-Dns-Server-Pri | 23 | | X | | |
| Acc-Dns-Server-Sec | 24 | | X | | |
| Acc-Nbns-Server-Pri | 25 | | X | | |
| Acc-Nbns-Server-Sec | 26 | | X | | |
| Acc-Ip-Compression | 28 | | X | | |
| Acc-Ipx-Compression | 29 | | X | | |
| Acc-Callback-Delay | 34 | | X | | |
| Acc-Callback-Num-Valid | 35 | | X | | |
| Acc-Callback-Mode | 36 | | X | | |
| Acc-Callback-CBCP-Type | 37 | | X | | |
| Acc-Dialout-Auth-Mode | 38 | | X | | |
| Acc-Dialout-Auth-Password | 39 | | X | | |
| Acc-Dialout-Auth-UserName | 40 | | X | | |
| Acc-Access-Community | 42 | | X | | |
| Acc-Vpsm-Reject-Cause | 43 | | | X | |
| Acc-Ace-Token | 44 | X | | | X |
| Acc-Ace-Token-Ttl | 45 | | X | | |
| Acc-Ip-Pool-Name | 46 | | X | | |
| Acc-Igmp-Admin-State | 47 | | X | | |
| Acc-Igmp-Version | 48 | | X | | |
+---------------------------+----+-----+--------+--------+------+
2.1 Acc-Ccp-Option
Description
This attribute indicates if PPP CCP [RAN96] compression
negotiation is to be attempted on the dial-in link. It may be used
in Access-Accept packets only.
A summary of the Acc-Ccp-Option Attribute format within the Ericsson
Datacom Access vendor- specific attribute is shown below. The fields
Ilgun [Page 5]
Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999
are transmitted left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
2 for Acc-Ccp-Option
Length
6
Value
The value field is four octets.
1 Disabled
2 Enabled
2.2 Acc-Ip-Gateway-Pri
Description
This attribute defines the next hop IP address where the dial-in
user's data packets should be directed to. This address could be
a router that is directly attached to a VPN (Virtual Private
Network) customer's network or to a router that forwards the
packet to its final destination based on the Source IP Address. It
may be used in Access-Accept packets only.
A summary of the Acc-Ip-Gateway-Pri Attribute format within the
Ericsson Datacom Access vendor- specific attribute is shown below.
The fields are transmitted left-to-right.
Ilgun [Page 6]
Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Address
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Address (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
7 for Acc-Ip-Gateway-Pri
Length
6
Address
The Address field is a four octet IP Address.
2.3 Acc-Ip-Gateway-Sec
Description
Similar to Acc-Ip-Gateway-Pri described in Section 2.2, this
attribute defines the next hop IP address in case the Acc-Ip-
Gateway-Pri is unreachable. It may be used in Access-Accept
packets only.
A summary of the Acc-Ip-Gateway-Sec Attribute format within the
Ericsson Datacom Access vendor- specific attribute is shown below.
The fields are transmitted left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Address
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Address (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
8 for Acc-Ip-Gateway-Sec
Ilgun [Page 7]
Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999
Length
6
Address
The Address field is a four octet IP Address.
2.4 Acc-Route-Policy
Description
This attribute indicates the route policy to be used with Access
Partitioning [EDA97a]. Access Partitioning gives carriers the
ability to partition dial-in resources and assign these partitions
to dial-in Virtual Private Networks. If the Acc-Route-Policy
attribute is set to Direct (2) two dial-in links belonging to the
same Access Partition can route directly to each other without
going through the IP home gateway. If this attribute is not
defined or set to Funnel (1), it means all packets received from
the dial-in user of this access partition will be forwarded to the
designated home gateway. It may be used in Access-Accept packets
only.
A summary of the Acc-Route-Policy Attribute format within the
Ericsson Datacom Access vendor- specific attribute is shown below.
The fields are transmitted left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
9 for Acc-Route-Policy
Length
6
Value
Ilgun [Page 8]
Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999
The value field is four octets.
1 Funnel
2 Direct
2.5 Acc-ML-MLX-Admin-State
Description
If the standard Port-Limit attribute is configured for the dial-in
user on the RADIUS server, the Ericsson Datacom Access NAS
attempts to place the dial-in user in a multilink group. The
Port-Limit attribute defines the maximum number of members the
multilink group can have. All members of the multilink group must
have the same dial-in user name. When the first member of a
multilink group calls in, a multilink group is created on receipt
of the access-accept with the Port-Limit attribute configured. The
multilink group exists for as long as there is a call up in the
multilink group. When the last call in the multilink group is
cleared, the multilink group is deleted. When subsequent links in
the multilink group call in, they are added to the multilink
group. The multilink group uses the IETF standard PPP Multilink
protocol [SKL96]. The MLX (also known as MP+ [SMI96])
administrative state, call threshold, clear threshold and damping
factor values of the multilink group can also be set using the
Ericsson Datacom Access VSAs described in 2.5, 2.6, 2.7 and 2.8
The Acc-ML-MLX-Admin-State attribute indicates if PPP MLX (RFC
1934) negotiation is to be attempted on the dial-in link. It may
be used in Access-Accept packets only.
A summary of the Acc-ML-MLX-Admin-State Attribute format within the
Ericsson Datacom Access vendor-specific attribute is shown below. The
fields are transmitted left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
Ilgun [Page 9]
Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999
10 for Acc-ML-MLX-Admin-State
Length
6
Value
The value field is four octets.
1 Enabled
2 Disabled
2.6 Acc-ML-Call-Threshold
Description
This attribute indicates the call threshold value to be used with
the multilink group that is to be configured. It may be used in
Access-Accept packets only. See Section 2.5 for more information
about this attribute.
A summary of the Acc-ML-Call-Threshold Attribute format within the
Ericsson Datacom Access vendor-specific attribute is shown below. The
fields are transmitted left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
11 for Acc-ML-Call-Threshold
Length
6
Value
The value field is four octets. The minimum value is 0 and
Ilgun [Page 10]
Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999
maximum value is 101.
2.7 Acc-ML-Clear-Threshold
Description
This attribute indicates the clear threshold value to be used with
the multilink group that is to be configured. It may be used in
Access-Accept packets only.
A summary of the Acc-ML-Clear-Threshold Attribute format within the
Ericsson Datacom Access vendor-specific attribute is shown below. The
fields are transmitted left-to-right. See Section 2.5 for more
information about this attribute.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
12 for Acc-ML-Clear-Threshold
Length
6
Value
The value field is four octets. The minimum value is 0 and
maximum value is 100.
2.8 Acc-ML-Damping-Factor
Description
This attribute indicates the damping factor value to be used with
the multilink group that is to be configured. It may be used in
Access-Accept packets only. See Section 2.5 for more information
about this attribute.
Ilgun [Page 11]
Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999
A summary of the Acc-ML-Damping-Factor Attribute format within the
Ericsson Datacom Access vendor-specific attribute is shown below. The
fields are transmitted left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
13 for Acc-ML-Damping-Factor
Length
6
Value
The value field is four octets. The minimum value is 0 and
maximum value is 64.
2.9 Acc-Tunnel-Secret
Description
This attribute sets the shared secret to support the CHAP style
endpoint authentication used by L2TP [VAL97]. The purpose for this
attribute is same as Tunnel-Password [ZOR98], except that Acc-
Tunnel-Secret is sent in clear. Therefore, Acc-Tunnel-Secret
should only be used if the RADIUS server does not support salt
encryption. It may be used in Access-Accept packets only.
A summary of the Acc-Tunnel-Secret Attribute format within the
Ericsson Datacom Access vendor- specific attribute is shown below.
The fields are transmitted left-to-right.
0 1 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | String...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Ilgun [Page 12]
Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999
Type
14 for Acc-Tunnel-Secret
Length
>= 3
String
The String field is one or more octets. It is the clear text
tunnel secret.
2.10 Acc-Service-Profile
Description
This attribute the service profile to be used on the dial-in link.
It may be used in Access-Accept packets only.
With the addition of Acc-Service-Profile VSA, RADIUS can identify
the Service Profile to be assigned to a dial-in user. This
attribute should only be present in an access accept message when
the NAS has queried RADIUS prior to answering the call. In this
case all RADIUS has is the called number. The service profile
identified by this VSA must exist on the NAS in its locally
configured Service Profile database. For the regular routing case
the service profile indicates that dial-in calls to be routed
based on the Destination IP Address received from a dial-in user.
This service is used primarily to provide carrier-based Internet
access. For the called number routing case, the service profile
forces IP dial-in calls to be specifically directed to a VPN
customer's network. A service profile may also indicate that
Layer 2 Tunneling should be performed for a given dial-in user.
A summary of the Acc-Service-Profile Attribute format within the
Ericsson Datacom Access vendor- specific attribute is shown below.
The fields are transmitted left-to-right.
0 1 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | String...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
Ilgun [Page 13]
Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999
17 for Acc-Service-Profile
Length
>= 3
String
The String field is one or more octets. It is the name of the
service profile.
2.11 Acc-Request-Type
Description
This attribute indicates the type of the Access-Request or
Accounting-Request packet. It may be used in Access-Request and
Accounting-Request packets only. The attribute values from 1 to 4
are used in Access-Request packets, whereas 5 and 6 are used in
Accounting-Request packets.
An Ericsson Datacom Access NAS may send an Access-Request packet
to the RADIUS server before it answers the call. In this case the
User-Name attribute includes the Called Number and the Acc-
Request-Type attribute contains the value 1, i.e. Ring-Indication.
A special-purpose RADIUS server (or proxy) receiving this message
may accept or reject the call based on its policy, e.g. it may
reject the call if the quota assigned for this Called Number has
been exceeded. This is useful when an ISP or TELCO outsources
their dial-in ports to separate customers and partitions the
customers by differentiating them based on the number they call
in. Ericsson Datacom Access's VPSM server product is an example
for this type of operation.
A value of 2 in the Acc-Request-Type field indicates that the NAS
is attempting to authorize an outgoing call. A value of 3
indicates that the type of access request is for user
authentication, which is the default behavior for the RADIUS
authentication. A value of 4 indicates that a tunnel
authentication is requested by the LAC (L2TP Access Concentrator)
in response to a tunnel request from an LNS (L2TP Network Server).
This attribute may also be present in Accounting-Request packets.
A value of 5 indicates that the Accounting-Request is for a PPP
session, whereas a value of 6 indicates that the Accounting-
Request is for a tunnel session. The latter case also indicates
that this accounting information is being provided for a dial-in
session that is not authenticated at the LAC end of the tunnel,
Ilgun [Page 14]
Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999
but possibly authenticated at the LNS end.
A summary of the Acc-Request-Type Attribute format within the
Ericsson Datacom Access vendor- specific attribute is shown below.
The fields are transmitted left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
18 for Acc-Request-Type
Length
6
Value
The value field is four octets.
1 Ring Indication
2 Dial Request
3 User Authentication
4 Tunnel Authentication
5 User Accounting
6 Tunnel Accounting
2.12 Acc-Framed-Bridge
Description
This attribute indicates if Transparent (Ethernet) Bridging should
be enabled on the dial-in link. It may be used in Access-Accept
packets only.
A summary of the Acc-Framed-Bridge Attribute format within the
Ericsson Datacom Access vendor-specific attribute is shown below. The
fields are transmitted left-to-right.
Ilgun [Page 15]
Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
19 for Acc-Framed-Bridge
Length
6
Value
The value field is four octets.
0 Disabled
1 Enabled
2.13 Acc-Dns-Server-Pri
Description
This attribute indicates the primary DNS (Domain Name System)
Server Address to be provided to the dial-in user during IPCP
negotiation. The IPCP protocol (RFC 1332) [MCG92] provides the
option of negotiating the IP addresses of the primary and
secondary DNS and NBNS (NetBIOS Name Server) servers. The support
for these options is specified by RFC 1877 [COB95]. The Acc-Dns-
Server-Pri attribute may be used in Access-Accept packets only.
A summary of the Acc-Dns-Server-Pri attribute format within the
Ericsson Datacom Access vendor-specific attribute is shown below. The
fields are transmitted left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Ilgun [Page 16]
Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999
Type
23 for Acc-Dns-Server-Pri
Length
6
Value
The value field is four octets.
2.14 Acc-Dns-Server-Sec
Description
This attribute indicates the secondary DNS (Domain Name System)
Server Address to be provided to the dial-in user during IPCP
negotiation. The IPCP protocol (RFC 1332) [MCG92] provides the
option of negotiating the IP addresses of the primary and
secondary DNS and NBNS (NetBIOS Name Server) servers. The support
for these options is specified by RFC 1877 [COB95]. The Acc-Dns-
Server-Sec attribute may be used in Access-Accept packets only.
A summary of the Acc-Dns-Server-Sec attribute format within the
Ericsson Datacom Access vendor-specific attribute is shown below. The
fields are transmitted left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
24 for Acc-Dns-Server-Sec
Length
6
Value
Ilgun [Page 17]
Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999
The value field is four octets.
2.15 Acc-Nbns-Server-Pri
Description
This attribute indicates the primary NBNS (NetBIOS Name Server)
Address to be provided to the dial-in user during IPCP
negotiation. The IPCP protocol (RFC 1332) [MCG92] provides the
option of negotiating the IP addresses of the primary and
secondary DNS (Domain Name System) and NBNS (NetBIOS Name Server)
servers. The support for these options is specified by RFC 1877
[COB95]. The Acc-Nbns-Server-Pri attribute may be used in
Access-Accept packets only.
A summary of the Acc-Nbns-Server-Pri attribute format within the
Ericsson Datacom Access vendor-specific attribute is shown below. The
fields are transmitted left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
25 for Acc-Nbns-Server-Pri
Length
6
Value
The value field is four octets.
2.16 Acc-Nbns-Server-Sec
Description
This attribute indicates the secondary NBNS (NetBIOS Name Server)
Address to be provided to the dial-in user during IPCP
Ilgun [Page 18]
Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999
negotiation. The IPCP protocol (RFC 1332) [MCG92] provides the
option of negotiating the IP addresses of the primary and
secondary DNS (Domain Name System) and NBNS (NetBIOS Name Server)
servers. The support for these options is specified by RFC 1877
[COB95]. The Acc-Nbns-Server-Sec attribute may be used in
Access-Accept packets only.
A summary of the Acc-Nbns-Server-Sec attribute format within the
Ericsson Datacom Access vendor-specific attribute is shown below. The
fields are transmitted left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
26 for Acc-Nbns-Server-Sec
Length
6
Value
The value field is four octets.
2.17 Acc-Ip-Compression
Description
This attribute indicates whether VJ Header Compression should be
enabled for the dial-in user's IP traffic. The Acc-Ip-Compression
attribute may be used in Access-Accept packets only.
A summary of the Acc-Ip-Compression attribute format within the
Ericsson Datacom Access vendor-specific attribute is shown below. The
fields are transmitted left-to-right.
Ilgun [Page 19]
Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
28 for Acc-Ip-Compression
Length
6
Value
The value field is four octets.
0 Disabled
1 Enabled
2.18 Acc-Ipx-Compression
Description
This attribute indicates whether Header Compression should be
enabled for the dial-in user's IPX traffic. The Acc-Ipx-
Compression attribute may be used in Access-Accept packets only.
A summary of the Acc-Ipx-Compression attribute format within the
Ericsson Datacom Access vendor-specific attribute is shown below. The
fields are transmitted left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
Ilgun [Page 20]
Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999
29 for Acc-Ipx-Compression
Length
6
Value
The value field is four octets.
0 Disabled
1 Enabled
2.19 Acc-Callback-Delay
Description
This attribute specifies the delay time in seconds before the
remote side is called back. The Acc-Callback-Delay attribute may
be used in Access-Accept packets only.
A summary of the Acc-Callback-Delay attribute format within the
Ericsson Datacom Access vendor-specific attribute is shown below. The
fields are transmitted left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
34 for Acc-Callback-Delay
Length
6
Value
The value field is four octets.
Ilgun [Page 21]
Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999
2.19 Acc-Callback-Num-Valid
Description
This attribute specifies the acceptable callback number for the
remote site to be called back. Each dial-in user may be
associated with zero or more valid number attributes. If this
attribute is not used then the callback will proceed as usual.
Also, if the Acc-Callback-Mode (see Section 2.21) is not one of 3
(User-Specified-E-164) and 6 (CBCP-Callback) then the valid number
filtering will not be performed. Otherwise, if this attribute is
returned in an Access-Reply message, then the callback number
negotiated from the callback phase will be compared to the numbers
in this attribute. Multiple instances (up to 16) of this
attribute can be returned in the same Access-Reply message. This
attribute contains a string (valid characters: representing a
number filter. 'x' and 'X' represent single character wildcards,
and '-' character is ignored during filtering. The matching
starts from the end of the string. The filter string specified in
this attribute must be at least the same length as the callback
number (excluding the '-' characters). If the negotiated callback
number is determined to be valid then callback will proceed,
otherwise no callback will be made. The Acc-Callback-Num-Valid
attribute may be used in Access-Accept packets only.
A summary of the Acc-Callback-Num-Valid attribute format within the
Ericsson Datacom Access vendor-specific attribute is shown below. The
fields are transmitted left-to-right.
0 1 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | String...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
35 for Acc-Callback-Num-Valid
Length
>= 3
Value
Ilgun [Page 22]
Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999
The String field is one or more octets.
2.21 Acc-Callback-Mode
Description
This attribute indicates what type of callback should be performed
for the dial-in user. A value of 0 (User-Auth) indicates the
callback will depend on the user authentication. A value of 3
(User-Specified-E-164) indicates the callback will be done to the
user specified callback number. A value of 6 (CBCP-Callback)
indicates callback will be negotiated using CBCP. A value of 7
(CLI-Callback) indicates CLI (Calling Line Identifier) type
callback will be used. The Acc-Callback-Mode attribute may be
used in Access-Accept packets only.
A summary of the Acc-Callback-Mode attribute format within the
Ericsson Datacom Access vendor-specific attribute is shown below. The
fields are transmitted left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
36 for Acc-Callback-Mode
Length
6
Value
The value field is four octets.
0 User-Auth
3 User-Specified-E-164
6 CBCP-Callback
7 CLI-Callback
Ilgun [Page 23]
Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999
2.22 Acc-Callback-CBCP-Type
Description
This attribute indicates the type of CBCP to be used for the
dial-in user. The Acc-Callback-CBCP-Type attribute may be used in
Access-Accept packets only.
A summary of the Acc-Callback-CBCP-Type attribute format within the
Ericsson Datacom Access vendor-specific attribute is shown below. The
fields are transmitted left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
37 for Acc-Callback-CBCP-Type
Length
6
Value
The value field is four octets.
CBCP-None 1
CBCP-User-Specified 2
CBCP-Pre-Specified 3
2.23 Acc-Dialout-Auth-Mode
Description
This attribute indicates the type of authentication to be used for
the dialout of the callback session. The Acc-Dialout-Auth-Mode
attribute may be used in Access-Accept packets only.
Ilgun [Page 24]
Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999
A summary of the Acc-Dialout-Auth-Mode attribute format within the
Ericsson Datacom Access vendor-specific attribute is shown below. The
fields are transmitted left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
38 for Acc-Dialout-Auth-Mode
Length
6
Value
The value field is four octets.
PAP 1
CHAP 2
CHAP-PAP 3
NONE 4
2.24 Acc-Dialout-Auth-Password
Description
This attribute indicates the password to be used for the outgoing
authentication of the callback. The Acc-Dialout-Auth-Password
attribute may be used in Access-Accept packets only.
A summary of the Acc-Dialout-Auth-Password attribute format within
the Ericsson Datacom Access vendor-specific attribute is shown below.
The fields are transmitted left-to-right.
Ilgun [Page 25]
Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999
0 1 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | String...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
36 for Acc-Dialout-Auth-Password
Length
>= 3
Value
The String field is one or more octets.
2.25 Acc-Dialout-Auth-Username
Description
This attribute indicates the username to be used for the outgoing
authentication of the callback. The Acc-Dialout-Auth-Username
attribute may be used in Access-Accept packets only.
A summary of the Acc-Dialout-Auth-Username attribute format within
the Ericsson Datacom Access vendor-specific attribute is shown below.
The fields are transmitted left-to-right.
0 1 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | String...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
37 for Acc-Dialout-Auth-Username
Length
>= 3
Ilgun [Page 26]
Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999
Value
The String field is one or more octets.
2.26 Acc-Access-Community
Description
This attribute indicates SNMP community name for the RADIUS
authenticated console login session. The Acc-Access-Community
attribute may be used in Access-Accept packets only.
A summary of the Acc-Access-Community attribute format within the
Ericsson Datacom Access vendor-specific attribute is shown below. The
fields are transmitted left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
42 for Acc-Access-Community
Length
6
Value
The value field is four octets.
PUBLIC 1
NETMAN 2
2.27 Acc-Vpsm-Reject-Cause
Description
This attribute indicates the rejection reason by VPSM (Virtual
Ilgun [Page 27]
Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999
Port Service Manager) sent in response to an Access Request. The
Acc-Vpsm-Reject-Cause attribute may be used in Access-Reject
packets only.
A summary of the Acc-Vspm-Reject-Cause attribute format within the
Ericsson Datacom Access vendor-specific attribute is shown below. The
fields are transmitted left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
43 for Acc-Vpsm-Reject-Cause
Length
6
Value
The value field is four octets.
No-Access-Partition 1
Access-Partition-Disabled 2
Partition-Portlimit-Exceeded 3
License-Portlimit-Exceeded 4
Home-Server-Down 5
Rejected-By-Home-Server 6
NAS-Administratively-Disabled 7
2.28 Acc-Ace-Token
Description
This attribute is used to carry a user entered "passcode" for ACE
authentication. Steel Belted Radius proxies this information to
the ACE authentication server. The Acc-Ace-Token attribute may be
used in Access-Challenge and Access-Request packets only.
Ilgun [Page 28]
Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999
A summary of the Acc-Ace-Token attribute format within the Ericsson
Datacom Access vendor-specific attribute is shown below. The fields
are transmitted left-to-right.
0 1 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | String...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
44 for Acc-Ace-Token
Length
>= 3
String
The string field is one or more octets and carries the user
entered passcode.
2.29 Acc-Ace-Token-Ttl
Description
This attribute indicates the time to live (TTL) in seconds for an
ACE token of a dial-in user. When the user is authenticated using
Steel Belted Radius (with token caching) the server returns a
configured TTL for that user. This allows the NAS to make an
educated guess to when the cached token will expire in the RADIUS
cache. If a value is not specified, the TTL is set to zero, which
indicates that no caching will be used. The Acc-Ace-Token-Ttl
attribute may be used in Access-Accept packets only.
A summary of the Acc-Ace-Token-Ttl attribute format within the
Ericsson Datacom Access vendor-specific attribute is shown below. The
fields are transmitted left-to-right.
Ilgun [Page 29]
Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
45 for Acc-Ace-Token-Ttl
Length
6
Value
The value field is four octets and it can be from 0 to 65535 (in
seconds).
2.30 Acc-Ip-Pool-Name
Description
This attribute The Acc-Ip-Pool-Name attribute contains a string
identifying an IP address pool name to be used for assigning an IP
address from a pool configured on the NAS with the same name.
This attribute may only be used if the IP address attribute
indicates an IP assigned by NAS (Framed-IP-Address =
255.255.255.254). The Acc-Ip-Pool-Name may be used in Access-
Accept packets only.
A summary of the Acc-Ip-Pool-Name attribute format within the
Ericsson Datacom Access vendor-specific attribute is shown below. The
fields are transmitted left-to-right.
0 1 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | String...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Ilgun [Page 30]
Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999
Type
46 for Acc-Ip-Pool-Name
Length
>= 3
String
The string field is one or more octets, and should match the name
of an IP address pool configured on the NAS.
2.31 Acc-Igmp-Admin-State
Description
This attribute indicates the administrative state of IGMP for a
dial-in user. The Acc-Igmp-Admin-State attribute may be used in
Access-Accept packets only.
A summary of the Acc-Igmp-Admin-State attribute format within the
Ericsson Datacom Access vendor-specific attribute is shown below. The
fields are transmitted left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
47 for Acc-Igmp-Admin-State
Length
6
Value
Ilgun [Page 31]
Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999
The value field is four octets.
Enabled 1
Disabled 2
2.32 Acc-Igmp-Version
Description
This attribute indicates the version of IGMP that will be used by
a dial-in user. The Acc-Igmp-Version attribute may be used in
Access-Accept packets only.
A summary of the Acc-Igmp-Version attribute format within the
Ericsson Datacom Access vendor-specific attribute is shown below. The
fields are transmitted left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
48 for Acc-Igmp-Version
Length
6
Value
The value field is four octets.
V1 1
V2 2
3. Ericsson Datacom Access Radius Accounting Attributes
The table below indicates how the accounting vendor-specific
attributes are used in the accounting request packets. The attributes
Ilgun [Page 32]
Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999
with (*) are accounting specific attributes. An X indicates in which
type of Accounting-Request packet the attribute may be included.
Note that any Accounting-Request packet may include a copy of all the
configuration attributes. The attributes listed below with no (X)
associated with them may be used in any Accounting-Request packet,
though they are not Accounting specific attributes.
+-------------------------------+--------+-------+------+---------+
| Attribute Name | Number | Start | Stop | Interim |
+-------------------------------+--------+-------+------+---------+
| Acc-Reason-Code (*) | 1 | | X | |
| Acc-Ccp-Option | 2 | | | |
| Acc-Input-Errors (*) | 3 | | X | X |
| Acc-Output-Errors (*) | 4 | | X | X |
| Acc-Access-Partition (*) | 5 | X | X | X |
| Acc-Customer-Id (*) | 6 | X | X | X |
| Acc-Ip-Gateway-Pri | 7 | | | |
| Acc-Ip-Gateway-Sec | 8 | | | |
| Acc-Route-Policy | 9 | | | |
| Acc-ML-MLX-Admin-State | 10 | | | |
| Acc-ML-Call-Threshold | 11 | | | |
| Acc-ML-Clear-Threshold | 12 | | | |
| Acc-ML-Damping-Factor | 13 | | | |
| Acc-Clearing-Cause (*) | 15 | | X | |
| Acc-Clearing-Location (*) | 16 | | X | |
| Acc-Service-Profile | 17 | X | X | X |
| Acc-Request-Type | 18 | X | X | X |
| Acc-Framed-Bridge | 19 | | | |
| Acc-Vpsm-Oversubscribed (*) | 20 | X | X | |
| Acc-Acct-On-Off-Reason (*) | 21 | | | |
| Acc-Tunnel-Port (*) | 22 | X | X | X |
| Acc-Dns-Server-Pri | 23 | | | |
| Acc-Dns-Server-Sec | 24 | | | |
| Acc-Nbns-Server-Pri | 25 | | | |
| Acc-Nbns-Server-Sec | 26 | | | |
| Acc-Dial-Port-Index (*) | 27 | X | X | X |
| Acc-Ip-Compression | 28 | | | |
| Acc-Ipx-Compression | 29 | | | |
| Acc-Connect-Tx-Speed (*) | 30 | X | X | X |
| Acc-Connect-Rx-Speed (*) | 31 | X | X | X |
| Acc-Modem-Modulation-Type (*) | 32 | X | X | X |
| Acc-Modem-Error-Protocol (*) | 33 | X | X | X |
| Acc-Callback-Delay | 34 | | | |
| Acc-Callback-Num-Valid | 35 | | | |
| Acc-Callback-Mode | 36 | | | |
| Acc-Callback-CBCP-Type | 37 | | | |
| Acc-Dialout-Auth-Mode | 38 | | | |
| Acc-Dialout-Auth-Password | 39 | | | |
Ilgun [Page 33]
Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999
| Acc-Dialout-Auth-UserName | 40 | | | |
| Acc-Access-Community | 42 | | | |
| Acc-Vpsm-Reject-Cause | 43 | | | |
| Acc-Ace-Token | 44 | | | |
| Acc-Ace-Token-Ttl | 45 | | | |
| Acc-Ip-Pool-Name | 46 | | | |
| Acc-Igmp-Admin-State | 47 | | | |
| Acc-Igmp-Version | 48 | | | |
+-------------------------------+--------+-------+------+---------+
3.1 Acc-Reason-Code
Description
This attribute provides an extension to the standard Acct-
Terminate-Cause attribute. It provides more detail on the
termination reason for a call.
A summary of the Acc-Reason-Code Attribute format within the Ericsson
Datacom Access vendor- specific attribute is shown below. The fields
are transmitted left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
1 for Acc-Reason-Code
Length
6
Value
The value field is four octets.
0 no reason given/no failure
1 resource shortage
2 session already open
3 too many RADIUS users
Ilgun [Page 34]
Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999
4 no authentication server
5 no authentication response
6 no accounting server
7 no accounting response
8 access denied
9 temporary buffer shortage
10 protocol error
11 invalid attribute
12 invalid service type
13 invalid framed protocol
14 invalid attribute value
15 invalid user information
16 invalid IP address
17 invalid integer syntax
18 invalid NAS port
19 requested by user
20 network disconnect
21 service interruption
22 physical port error
23 idle timeout
24 session timeout
25 administrative reset
26 NAS reload or reset
27 NAS error
28 NAS request
29 undefined reason given
30 conflicting attributes
31 port limit exceeded
32 facility not available
33 internal configuration error
34 bad route specification
35 Access Partition bind failure
36 security violation
37 request type conflict
38 configuration disallowed
39 missing attribute
40 invalid request
41 missing parameter
42 invalid parameter
43 call cleared with cause
44 inopportune config request
45 invalid config parameter
46 missing config parameter
47 incompatible service profile
48 administrative reset
49 administrative reload
50 port unneeded
51 port preempted
Ilgun [Page 35]
Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999
52 port suspended
53 service unavailable
54 callback
55 user error
56 host request
3.2 Acc-Input-Errors
Description
This attribute indicates the number of receive errors on the
physical port the dial- in user was connected to.
A summary of the Acc-Input-Errors Attribute format within the
Ericsson Datacom Access vendor- specific attribute is shown below.
The fields are transmitted left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
3 for Acc-Input-Errors
Length
6
Value
The value field is four octets.
3.3 Acc-Output-Errors
Description
This attribute indicates the number of send errors on the physical
port the dial-in user was connected to.
Ilgun [Page 36]
Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999
A summary of the Acc-Output-Errors Attribute format within the
Ericsson Datacom Access vendor- specific attribute is shown below.
The fields are transmitted left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
4 for Acc-Output-Errors
Length
6
Value
The value field is four octets.
3.4 Acc-Access-Partition
Description
This attribute specifies the name of the Access Partition the
dial-in user is assigned to. Access Partitioning [EDA97a] gives
carriers the ability to partition dial-in resources and assign
these partitions to dial-in Virtual Private Networks.
A summary of the Acc-Access-Partition Attribute format within the
Ericsson Datacom Access vendor- specific attribute is shown below.
The fields are transmitted left-to-right.
0 1 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | String...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
Ilgun [Page 37]
Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999
5 for Acc-Access-Partition
Length
>= 3
String
The String field is one or more octets.
3.5 Acc-Customer-Id
Description
This attribute specifies the Id of the Customer the dial-in user
is associated with.
A summary of the Acc-Customer-Id Attribute format within the Ericsson
Datacom Access vendor- specific attribute is shown below. The fields
are transmitted left-to-right.
0 1 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | String...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
6 for Acc-Customer-Id
Length
>= 3
Value
The String field is one or more octets.
3.6 Acc-Clearing-Cause
Description
This attribute provides an extension to the Acc-Reason-Code
attribute. It provides more detail if Acc-Reason-Code indicates
Call-Cleared-With-Cause (43).
Ilgun [Page 38]
Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999
A summary of the Acc-Clearing-Cause Attribute format within the
Ericsson Datacom Access vendor- specific attribute is shown below.
The fields are transmitted left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
15 for Acc-Clearing-Cause
Length
6
Value
The value field is four octets.
0 cause unspecified
1 unassigned number
2 no route to transit network
3 no route to destination
6 channel unacceptable
7 call awarded being delivered
16 normal clearing
17 user busy
18 no user responding
19 user alerted no answer
21 call rejected
22 number changed
26 non selected user clearing
27 destination out of order
28 invalid or incomplete number
29 facility rejected
30 response to status inquiry
31 normal unspecified cause
34 no circuit or channel available
38 network out of order
41 temporary failure
42 switching equipment congestion
Ilgun [Page 39]
Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999
43 access information discarded
44 circuit or channel unavailable
45 circuit or channel preempted
47 resources unavailable
49 quality of service unavailable
50 facility not subscribed
52 outgoing calls barred
54 incoming calls barred
57 bearer capability unauthorized
58 bearer capability not available
63 service not available
65 bearer capability not implemented
66 channel type not implemented
69 facility not implemented
70 restricted digital information only
79 service not implemented
81 invalid call reference
82 identified channel does not exist
83 call identity does not exist
84 call identity in use
85 no call suspended
86 suspended call cleared
88 incompatible destination
91 invalid transit network selection
95 invalid message
96 mandatory information element missing
97 message not implemented
98 inopportune message
99 information element not implemented
100 invalid information element contents
101 message incompatible with state
102 recovery on timer expiration
103 mandatory information element length error
111 protocol error
127 interworking
3.7 Acc-Clearing-Location
Description
This attribute provides an extension to the Acc-Reason-Code
attribute. It provides detail on where the call has been cleared.
A summary of the Acc-Clearing-Location Attribute format within the
Ericsson Datacom Access vendor-specific attribute is shown below. The
fields are transmitted left-to-right.
Ilgun [Page 40]
Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
16 for Acc-Clearing-Location
Length
6
Value
The value field is four octets
0 local or remote user
1 private network serving local user
2 public network serving local user
3 transit network
4 private network serving remote user
5 public network serving remote user
6 international network
10 beyond interworking point
3.8 Acc-Vpsm-Oversubscribed
Description
This attribute is specific to Ericsson Datacom Access's VPSM
(Virtual Port Service Manager) server software. VPSM runs as a
proxy RADIUS server between an Ericsson Datacom Access NAS and a
home RADIUS server. If the VPSM server detects that this
connection caused the corresponding Access Partition quota to be
exceeded, the Accounting-Start record for the connection will
include the Acc-Vpsm-Oversubscribed attribute with a value of 2
(True).
A summary of the Acc-Vpsm-Oversubscribed Attribute format within the
Ericsson Datacom Access vendor-specific attribute is shown below. The
fields are transmitted left-to-right.
Ilgun [Page 41]
Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
20 for Acc-Vpsm-Oversubscribed
Length
6
Value
The value field is four octets.
1 False
2 True
3.9 Acc-Acct-On-Off-Reason
Description
This attribute provides a reason code for why the Accounting-On or
Accounting- Off message is sent.
A summary of the Acc-Acct-On-Off-Reason Attribute format within the
Ericsson Datacom Access vendor-specific attribute is shown below. The
fields are transmitted left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
21 for Acc-Acct-On-Off-Reason
Ilgun [Page 42]
Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999
Length
6
Value
The value field is four octets.
0 NAS Reset
1 NAS Reload
2 Configuration Reset
3 Configuration Reload
4 Enabled
5 Disabled
3.10 Acc-Tunnel-Port
Description
This attribute indicates the index of the Tunnel Port the dial-in
user is connected to.
A summary of the Acc-Tunnel-Port attribute format within the Ericsson
Datacom Access vendor-specific attribute is shown below. The fields
are transmitted left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
22 for Acc-Tunnel-Port
Length
6
Value
The value field is four octets.
Ilgun [Page 43]
Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999
3.11 Acc-Dial-Port-Index
Description
This attribute indicates the index of the Dial Port the dial-in
user is connected to.
A summary of the Acc-Dial-Port-Index attribute format within the
Ericsson Datacom Access vendor-specific attribute is shown below. The
fields are transmitted left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
27 for Acc-Dial-Port-Index
Length
6
Value
The value field is four octets.
3.12 Acc-Connect-Tx-Speed
Description
This attribute indicates the transmit speed that is negotiated on
the NAS port for this dial-in connection. If an LNS (L2TP Network
Server) is generating this accounting record, then the value is
passed to the LNS from a LAC (L2TP Access Concentrator).
A summary of the Acc-Connect-Tx-Speed attribute format within the
Ericsson Datacom Access vendor-specific attribute is shown below. The
fields are transmitted left-to-right.
Ilgun [Page 44]
Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
30 for Acc-Connect-Tx-Speed
Length
6
Value
The value field is four octets.
3.13 Acc-Connect-Rx-Speed
Description
This attribute indicates the receive speed that is negotiated on
the NAS port for this dial-in connection. If an LNS (L2TP Network
Server) is generating this accounting record, then the value is
passed to the LNS from a LAC (L2TP Access Concentrator).
A summary of the Acc-Connect-Rx-Speed attribute format within the
Ericsson Datacom Access vendor-specific attribute is shown below. The
fields are transmitted left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
31 for Acc-Connect-Rx-Speed
Ilgun [Page 45]
Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999
Length
6
Value
The value field is four octets.
3.14 Acc-Modem-Modulation-Type
Description
This attribute indicates the modem modulation type that is used on
the NAS port for this dial-in connection. This attribute is only
available if the dial-in NAS port is a modem port.
A summary of the Acc-Modem-Modulation-Type attribute format within
the Ericsson Datacom Access vendor-specific attribute is shown below.
The fields are transmitted left-to-right.
0 1 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | String...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
32 for Acc-Modem-Modulation-Type
Length
>=3
Value
The value field is four octets.
3.15 Acc-Modem-Error-Protocol
Description
This attribute indicates the modem error protocol that is used on
the NAS port for this dial-in connection. This attribute is only
available if the dial-in NAS port is a modem port.
Ilgun [Page 46]
Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999
A summary of the Acc-Modem-Error-Protocol attribute format within the
Ericsson Datacom Access vendor-specific attribute is shown below. The
fields are transmitted left-to-right.
0 1 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | String...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
33 for Acc-Modem-Error-Protocol
Length
>=3
Value
The value field is four octets.
4. Security Considerations
Security issues regarding the RADIUS protocol are discussed in RFC
2138 [RIG97a] and RFC 2139 [RIG97b]. The use of Acc-Tunnel-Secret
attribute is insecure. The Tunnel-Password attribute, defined in
[ZOR98], should be used whenever possible and Acc-Tunnel-Secret
attribute should only be used if the RADIUS server does not support
salt encryption.
5. References
[EDA97a] "Access Partitioning" White Paper,
available via http://www.acc.com,
Ericsson Datacom Access, August 1997
[EDA97b] "RADIUS Implementation" White Paper,
available via http://www.acc.com,
Ericsson Datacom Access, January 1998
[COB95] Cobb, S., PPP Internet Protocol Control Protocol
Extensions for Name Server Addresses,
RFC 1877, Microsoft, December 1995.
[GID94] Gidwani, N., Proposal for Callback Control Protocol (CBCP),
draft-ietf-pppext-callback-cp-02.txt, Microsoft, July 1994.
Ilgun [Page 47]
Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999
[MCG92] McGregor, G., PPP Internet Control Protocol",
RFC 1332, Merit, May 1992.
[RAN96] Rand, D., The PPP Compression Control Protocol (CCP),
RFC 1962, Novell, June 1996.
[RIG97a] Rigney, C., Remote Authentication Dial In User Service
(RADIUS), RFC 2138, Livingston, April 1997.
[RIG97b] Rigney, C., et al, RADIUS Accounting,
RFC 2139, Livingston, April 1997.
[SIM98] Simpson, W., PPP LCP CallBack,
draft-ietf-pppext-callback-ds-02.txt, Daydreamer, August
1998.
[SKL96] Sklower, K., et al, The PPP Multilink Protocol (MP),
RFC 1990, UC Berkeley, August 1996.
[SMI96] Smith, K., Ascend's Multilink Protocol Plus (MP+),
Ascend, RFC 1934, August 1996.
[VAL97] Valencia, et al., Layer Two Tunneling Protocol (L2TP),
draft-ietf-pppext-l2tp-06.txt, June 1997.
[ZOR98] Zorn, G., et al, RADIUS Attributes for Tunnel
Protocol Support, draft-ietf-radius-tunnel-auth-05.txt,
Microsoft-Ascend-Shiva, April 1998.
6. Expiration Date
This document expires June 1, 1999.
7. Author's Address
Koral Ilgun
Ericsson Inc.
Datacom Networks and IP Services
Access Product Unit
340 Storke Road
Santa Barbara, CA 93117
Phone: (805) 961-0279
E-Mail: koral@acc.com
Ilgun [Page 48]
