One document matched: draft-ilgun-radius-accvsa-01.txt
Differences from draft-ilgun-radius-accvsa-00.txt
Network Working Group Koral Ilgun
INTERNET-DRAFT ACC/Ericsson Datacom Access
Category: Internet Draft
Title: draft-ilgun-radius-accvsa-01.txt
Date: 18 December 1998
Expires: 18 June 1999
RADIUS Vendor Specific Attributes for ACC/Ericsson Datacom Access
Status of this Memo
This document is a submission to the RADIUS Working Group of the
Internet Engineering Task Force (IETF). Comments should be submitted
to the ietf-radius@livingston.com mailing list.
Distribution of this memo is unlimited.
This document is an Internet-Draft. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas,
and its working groups. Note that other groups may also distribute
working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as ``work in progress.''
To learn the current status of any Internet-Draft, please check the
``1id-abstracts.txt'' listing contained in the Internet-Drafts Shadow
Directories on on ftp.is.co.za (Africa), nic.nordu.net (Europe),
munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or
ftp.isi.edu (US West Coast).
Abstract
This document describes vendor specific attributes for carrying
authentication, authorization and accounting information between
ACC's (now called Ericsson Datacom Access) Network Access Server
(NAS) and an Authentication/Accounting Server using the Remote
Authentication Dial In User Service (RADIUS) protocol described in
RFC 2058 and RFC 2059.
Ilgun [Page 1]
Internet Draft ACC's Vendor Specific Attributes 27 November 1998
Table of Contents
1. Introduction ........................................... 4
2. ACC's Radius Authentication Attributes ................. 4
2.1 Acc-Ccp-Option ..................................... 5
2.2 Acc-Ip-Gateway-Pri ................................. 6
2.3 Acc-Ip-Gateway-Sec ................................. 7
2.4 Acc-Route-Policy ................................... 7
2.5 Acc-ML-MLX-Admin-State ............................. 8
2.6 Acc-ML-Call-Threshold .............................. 10
2.7 Acc-ML-Clear-Threshold ............................. 11
2.8 Acc-ML-Damping-Factor .............................. 11
2.9 Acc-Tunnel-Secret ................................. 12
2.10 Acc-Service-Profile ................................ 13
2.11 Acc-Request-Type .................................. 13
2.12 Acc-Framed-Bridge .................................. 15
2.13 Acc-Dns-Server-Pri ................................. 16
2.14 Acc-Dns-Server-Sec ................................. 16
2.15 Acc-Nbns-Server-Pri ................................ 17
2.16 Acc-Nbns-Server-Sec ................................ 18
2.17 Acc-Ip-Compression ................................. 19
2.18 Acc-Ipx-Compression ................................ 20
2.19 Acc-Callback-Delay ................................. 20
2.20 Acc-Callback-Num-Valid ............................. 21
2.21 Acc-Callback-Mode .................................. 22
2.22 Acc-Callback-CBCP-Type ............................. 23
2.23 Acc-Dialout-Auth-Mode .............................. 24
2.24 Acc-Dialout-Auth-Password .......................... 25
2.25 Acc-Dialout-Auth-Username .......................... 25
2.26 Acc-Access-Community ............................... 26
3. ACC's Radius Accounting Attributes ....................... 27
3.1 Acc-Reason-Code .................................... 28
3.2 Acc-Input-Errors ................................... 30
3.3 Acc-Output-Errors .................................. 31
3.4 Acc-Access-Partition ............................... 32
3.5 Acc-Customer-Id .................................... 32
3.6 Acc-Clearing-Cause ................................. 33
3.7 Acc-Clearing-Location .............................. 35
3.8 Acc-Vpsm-Oversubscribed ............................ 36
3.9 Acc-Acct-On-Off-Reason ............................. 37
3.10 Acc-Tunnel-Port .................................... 37
3.11 Acc-Dial-Port-Index ................................ 38
3.12 Acc-Connect-Tx-Speed ............................... 39
3.13 Acc-Connect-Rx-Speed ............................... 40
3.14 Acc-Modem-Modulation-Type .......................... 40
3.15 Acc-Modem-Error-Protocol ........................... 41
Ilgun [Page 2]
Internet Draft ACC's Vendor Specific Attributes 27 November 1998
4. Security Considerations .................................. 42
5. References ............................................... 42
6. Expiration Date .......................................... 43
7. Author's Address ......................................... 43
Ilgun [Page 3]
Internet Draft ACC's Vendor Specific Attributes 27 November 1998
1. Introduction
The Remote Authentication Dial In User Service (RADIUS) protocol is
specified by the RADIUS Working Group of the Internet Engineering
Task Force (IETF). There are two specifications that make up the
RADIUS protocol suite: Authentication [RIG97a] and Accounting
[RIG97b]. These protocols aim to centralize authentication,
configuration, and accounting of dial-in services to an independent
server.
ACC has implemented RADIUS authentication and accounting for its
Network Access Server family of router products. This document
provides details of ACC's RADIUS implementation, in particular the
use of Vendor Specific Attributes (VSA's). It is intended as a guide
for using the RADIUS protocol for ACC products. ACC's vendor-
specific attributes use a vendor Id of 5. For more information on
ACC's RADIUS implementation, see the white paper [ACC97b].
2. ACC's Radius Authentication Attributes
The table below indicates how the authentication vendor-specific
attributes are used in the access request and response packets.
Ilgun [Page 4]
Internet Draft ACC's Vendor Specific Attributes 27 November 1998
+---------------------------+--------+---------+--------+--------+
| Attribute Name | Number | Request | Accept | Reject |
+---------------------------+--------+---------+--------+--------+
| Acc-Ccp-Option | 2 | | X | |
| Acc-Ip-Gateway-Pri | 7 | | X | |
| Acc-Ip-Gateway-Sec | 8 | | X | |
| Acc-Route-Policy | 9 | | X | |
| Acc-ML-MLX-Admin-State | 10 | | X | |
| Acc-ML-Call-Threshold | 11 | | X | |
| Acc-ML-Clear-Threshold | 12 | | X | |
| Acc-ML-Damping-Factor | 13 | | X | |
| Acc-Tunnel-Secret | 14 | | X | |
| Acc-Service-Profile | 17 | | X | |
| Acc-Request-Type | 18 | X | | |
| Acc-Framed-Bridge | 19 | | X | |
| Acc-Dns-Server-Pri | 23 | | X | |
| Acc-Dns-Server-Sec | 24 | | X | |
| Acc-Nbns-Server-Pri | 25 | | X | |
| Acc-Nbns-Server-Sec | 26 | | X | |
| Acc-Ip-Compression | 28 | | X | |
| Acc-Ipx-Compression | 29 | | X | |
| Acc-Callback-Delay | 34 | | X | |
| Acc-Callback-Num-Valid | 35 | | X | |
| Acc-Callback-Mode | 36 | | X | |
| Acc-Callback-CBCP-Type | 37 | | X | |
| Acc-Dialout-Auth-Mode | 38 | | X | |
| Acc-Dialout-Auth-Password | 39 | | X | |
| Acc-Dialout-Auth-UserName | 40 | | X | |
| Acc-Access-Community | 42 | | X | |
+---------------------------+--------+---------+--------+--------+
2.1 Acc-Ccp-Option
Description
This attribute indicates if PPP CCP [RAN96] compression
negotiation is to be attempted on the dial-in link. It may be used
in Access-Accept packets only.
A summary of the Acc-Ccp-Option Attribute format within the ACC
vendor- specific attribute is shown below. The fields are transmitted
left-to-right.
Ilgun [Page 5]
Internet Draft ACC's Vendor Specific Attributes 27 November 1998
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
2 for Acc-Ccp-Option
Length
6
Value
The value field is four octets.
1 Disabled
2 Enabled
2.2 Acc-Ip-Gateway-Pri
Description
This attribute defines the next hop IP address where the dial-in
user's data packets should be directed to. This address could be
a router that is directly attached to a VPN (Virtual Private
Network) customer's network or to a router that forwards the
packet to its final destination based on the Source IP Address. It
may be used in Access-Accept packets only.
A summary of the Acc-Ip-Gateway-Pri Attribute format within the ACC
vendor- specific attribute is shown below. The fields are transmitted
left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Address
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Address (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Ilgun [Page 6]
Internet Draft ACC's Vendor Specific Attributes 27 November 1998
Type
7 for Acc-Ip-Gateway-Pri
Length
6
Address
The Address field is a four octet IP Address.
2.3 Acc-Ip-Gateway-Sec
Description
Similar to Acc-Ip-Gateway-Pri described in Section 2.2, this
attribute defines the next hop IP address in case the Acc-Ip-
Gateway-Pri is unreachable. It may be used in Access-Accept
packets only.
A summary of the Acc-Ip-Gateway-Sec Attribute format within the ACC
vendor- specific attribute is shown below. The fields are transmitted
left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Address
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Address (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
8 for Acc-Ip-Gateway-Sec
Length
6
Address
The Address field is a four octet IP Address.
2.4 Acc-Route-Policy
Ilgun [Page 7]
Internet Draft ACC's Vendor Specific Attributes 27 November 1998
Description
This attribute indicates the route policy to be used with Access
Partitioning [ACC97a]. Access Partitioning gives carriers the
ability to partition dial-in resources and assign these partitions
to dial-in Virtual Private Networks. If the Acc-Route-Policy
attribute is set to Direct (2) two dial-in links belonging to the
same Access Partition can route directly to each other without
going through the IP home gateway. If this attribute is not
defined or set to Funnel (1), it means all packets received from
the dial-in user of this access partition will be forwarded to the
designated home gateway. It may be used in Access-Accept packets
only.
A summary of the Acc-Route-Policy Attribute format within the ACC
vendor- specific attribute is shown below. The fields are transmitted
left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
9 for Acc-Route-Policy
Length
6
Value
The value field is four octets.
1 Funnel
2 Direct
2.5 Acc-ML-MLX-Admin-State
Description
Ilgun [Page 8]
Internet Draft ACC's Vendor Specific Attributes 27 November 1998
If the standard Port-Limit attribute is configured for the dial-in
user on the RADIUS server, the ACC NAS attempts to place the
dial-in user in a multilink group. The Port-Limit attribute
defines the maximum number of members the multilink group can
have. All members of the multilink group must have the same dial-
in user name. When the first member of a multilink group calls in,
a multilink group is created on receipt of the access-accept with
the Port-Limit attribute configured. The multilink group exists
for as long as there is a call up in the multilink group. When the
last call in the multilink group is cleared, the multilink group
is deleted. When subsequent links in the multilink group call in,
they are added to the multilink group. The multilink group uses
the IETF standard PPP Multilink protocol [SKL96]. The MLX (also
known as MP+ [SMI96]) administrative state, call threshold, clear
threshold and damping factor values of the multilink group can
also be set using the ACC VSAs described in 2.5, 2.6, 2.7 and 2.8
The Acc-ML-MLX-Admin-State attribute indicates if PPP MLX (RFC
1934) negotiation is to be attempted on the dial-in link. It may
be used in Access-Accept packets only.
A summary of the Acc-ML-MLX-Admin-State Attribute format within the
ACC vendor-specific attribute is shown below. The fields are
transmitted left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
10 for Acc-ML-MLX-Admin-State
Length
6
Value
The value field is four octets.
1 Enabled
Ilgun [Page 9]
Internet Draft ACC's Vendor Specific Attributes 27 November 1998
2 Disabled
2.6 Acc-ML-Call-Threshold
Description
This attribute indicates the call threshold value to be used with
the multilink group that is to be configured. It may be used in
Access-Accept packets only. See Section 2.5 for more information
about this attribute.
A summary of the Acc-ML-Call-Threshold Attribute format within the
ACC vendor-specific attribute is shown below. The fields are
transmitted left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
11 for Acc-ML-Call-Threshold
Length
6
Value
The value field is four octets. The minimum value is 0 and
maximum value is 101.
2.7 Acc-ML-Clear-Threshold
Description
This attribute indicates the clear threshold value to be used with
the multilink group that is to be configured. It may be used in
Access-Accept packets only.
Ilgun [Page 10]
Internet Draft ACC's Vendor Specific Attributes 27 November 1998
A summary of the Acc-ML-Clear-Threshold Attribute format within the
ACC vendor-specific attribute is shown below. The fields are
transmitted left-to-right. See Section 2.5 for more information
about this attribute.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
12 for Acc-ML-Clear-Threshold
Length
6
Value
The value field is four octets. The minimum value is 0 and
maximum value is 100.
2.8 Acc-ML-Damping-Factor
Description
This attribute indicates the damping factor value to be used with
the multilink group that is to be configured. It may be used in
Access-Accept packets only. See Section 2.5 for more information
about this attribute.
A summary of the Acc-ML-Damping-Factor Attribute format within the
ACC vendor-specific attribute is shown below. The fields are
transmitted left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Ilgun [Page 11]
Internet Draft ACC's Vendor Specific Attributes 27 November 1998
Type
13 for Acc-ML-Damping-Factor
Length
6
Value
The value field is four octets. The minimum value is 0 and
maximum value is 64.
2.9 Acc-Tunnel-Secret
Description
This attribute sets the shared secret to support the CHAP style
endpoint authentication used by L2TP [VAL97]. The purpose for this
attribute is same as Tunnel-Password [ZOR98], except that Acc-
Tunnel-Secret is sent in clear. Therefore, Acc-Tunnel-Secret
should only be used if the RADIUS server does not support salt
encryption. It may be used in Access-Accept packets only.
A summary of the Acc-Tunnel-Secret Attribute format within the ACC
vendor- specific attribute is shown below. The fields are transmitted
left-to-right.
0 1 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | String...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
14 for Acc-Tunnel-Secret
Length
>= 3
String
The String field is one or more octets. It is the clear text
tunnel secret.
Ilgun [Page 12]
Internet Draft ACC's Vendor Specific Attributes 27 November 1998
2.10 Acc-Service-Profile
Description
This attribute the service profile to be used on the dial-in link.
It may be used in Access-Accept packets only.
With the addition of Acc-Service-Profile VSA, RADIUS can identify
the Service Profile to be assigned to a dial-in user. This
attribute should only be present in an access accept message when
the NAS has queried RADIUS prior to answering the call. In this
case all RADIUS has is the called number. The service profile
identified by this VSA must exist on the NAS in its locally
configured Service Profile database. For the regular routing case
the service profile indicates that dial-in calls to be routed
based on the Destination IP Address received from a dial-in user.
This service is used primarily to provide carrier-based Internet
access. For the called number routing case, the service profile
forces IP dial-in calls to be specifically directed to a VPN
customer's network. A service profile may also indicate that
Layer 2 Tunneling should be performed for a given dial-in user.
A summary of the Acc-Service-Profile Attribute format within the ACC
vendor- specific attribute is shown below. The fields are transmitted
left-to-right.
0 1 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | String...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
17 for Acc-Service-Profile
Length
>= 3
String
The String field is one or more octets. It is the name of the
service profile.
2.11 Acc-Request-Type
Ilgun [Page 13]
Internet Draft ACC's Vendor Specific Attributes 27 November 1998
Description
This attribute indicates the type of the Access-Request or
Accounting-Request packet. It may be used in Access-Request and
Accounting-Request packets only. The attribute values from 1 to 4
are used in Access-Request packets, whereas 5 and 6 are used in
Accounting-Request packets.
An ACC NAS may send an Access-Request packet to the RADIUS server
before it answers the call. In this case the User-Name attribute
includes the Called Number and the Acc-Request-Type attribute
contains the value 1, i.e. Ring-Indication. A special-purpose
RADIUS server (or proxy) receiving this message may accept or
reject the call based on its policy, e.g. it may reject the call
if the quota assigned for this Called Number has been exceeded.
This is useful when an ISP or TELCO outsources their dial-in ports
to separate customers and partitions the customers by
differentiating them based on the number they call in. ACC's VPSM
server product is an example for this type of operation.
A value of 2 in the Acc-Request-Type field indicates that the NAS
is attempting to authorize an outgoing call. A value of 3
indicates that the type of access request is for user
authentication, which is the default behavior for the RADIUS
authentication. A value of 4 indicates that a tunnel
authentication is requested by the LAC (L2TP Access Concentrator)
in response to a tunnel request from an LNS (L2TP Network Server).
This attribute may also be present in Accounting-Request packets.
A value of 5 indicates that the Accounting-Request is for a PPP
session, whereas a value of 6 indicates that the Accounting-
Request is for a tunnel session. The latter case also indicates
that this accounting information is being provided for a dial-in
session that is not authenticated at the LAC end of the tunnel,
but possibly authenticated at the LNS end.
A summary of the Acc-Request-Type Attribute format within the ACC
vendor- specific attribute is shown below. The fields are transmitted
left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Ilgun [Page 14]
Internet Draft ACC's Vendor Specific Attributes 27 November 1998
Type
18 for Acc-Request-Type
Length
6
Value
The value field is four octets.
1 Ring Indication
2 Dial Request
3 User Authentication
4 Tunnel Authentication
5 User Accounting
6 Tunnel Accounting
2.12 Acc-Framed-Bridge
Description
This attribute indicates if Transparent (Ethernet) Bridging should
be enabled on the dial-in link. It may be used in Access-Accept
packets only.
A summary of the Acc-Framed-Bridge Attribute format within the ACC
vendor-specific attribute is shown below. The fields are transmitted
left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
19 for Acc-Framed-Bridge
Length
6
Ilgun [Page 15]
Internet Draft ACC's Vendor Specific Attributes 27 November 1998
Value
The value field is four octets.
0 Disabled
1 Enabled
2.13 Acc-Dns-Server-Pri
Description
This attribute indicates the primary DNS (Domain Name System)
Server Address to be provided to the dial-in user during IPCP
negotiation. The IPCP protocol (RFC 1332) [MCG92] provides the
option of negotiating the IP addresses of the primary and
secondary DNS and NBNS (NetBIOS Name Server) servers. The support
for these options is specified by RFC 1877 [COB95]. The Acc-Dns-
Server-Pri attribute may be used in Access-Accept packets only.
A summary of the Acc-Dns-Server-Pri attribute format within the ACC
vendor-specific attribute is shown below. The fields are transmitted
left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
23 for Acc-Dns-Server-Pri
Length
6
Value
The value field is four octets.
2.14 Acc-Dns-Server-Sec
Description
Ilgun [Page 16]
Internet Draft ACC's Vendor Specific Attributes 27 November 1998
This attribute indicates the secondary DNS (Domain Name System)
Server Address to be provided to the dial-in user during IPCP
negotiation. The IPCP protocol (RFC 1332) [MCG92] provides the
option of negotiating the IP addresses of the primary and
secondary DNS and NBNS (NetBIOS Name Server) servers. The support
for these options is specified by RFC 1877 [COB95]. The Acc-Dns-
Server-Sec attribute may be used in Access-Accept packets only.
A summary of the Acc-Dns-Server-Sec attribute format within the ACC
vendor-specific attribute is shown below. The fields are transmitted
left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
24 for Acc-Dns-Server-Sec
Length
6
Value
The value field is four octets.
2.15 Acc-Nbns-Server-Pri
Description
This attribute indicates the primary NBNS (NetBIOS Name Server)
Address to be provided to the dial-in user during IPCP
negotiation. The IPCP protocol (RFC 1332) [MCG92] provides the
option of negotiating the IP addresses of the primary and
secondary DNS (Domain Name System) and NBNS (NetBIOS Name Server)
servers. The support for these options is specified by RFC 1877
[COB95]. The Acc-Nbns-Server-Pri attribute may be used in
Access-Accept packets only.
Ilgun [Page 17]
Internet Draft ACC's Vendor Specific Attributes 27 November 1998
A summary of the Acc-Nbns-Server-Pri attribute format within the ACC
vendor-specific attribute is shown below. The fields are transmitted
left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
25 for Acc-Nbns-Server-Pri
Length
6
Value
The value field is four octets.
2.16 Acc-Nbns-Server-Sec
Description
This attribute indicates the secondary NBNS (NetBIOS Name Server)
Address to be provided to the dial-in user during IPCP
negotiation. The IPCP protocol (RFC 1332) [MCG92] provides the
option of negotiating the IP addresses of the primary and
secondary DNS (Domain Name System) and NBNS (NetBIOS Name Server)
servers. The support for these options is specified by RFC 1877
[COB95]. The Acc-Nbns-Server-Sec attribute may be used in
Access-Accept packets only.
A summary of the Acc-Nbns-Server-Sec attribute format within the ACC
vendor-specific attribute is shown below. The fields are transmitted
left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
Ilgun [Page 18]
Internet Draft ACC's Vendor Specific Attributes 27 November 1998
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
26 for Acc-Nbns-Server-Sec
Length
6
Value
The value field is four octets.
2.17 Acc-Ip-Compression
Description
This attribute indicates whether VJ Header Compression should be
enabled for the dial-in user's IP traffic. The Acc-Ip-Compression
attribute may be used in Access-Accept packets only.
A summary of the Acc-Ip-Compression attribute format within the ACC
vendor-specific attribute is shown below. The fields are transmitted
left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
28 for Acc-Ip-Compression
Length
6
Ilgun [Page 19]
Internet Draft ACC's Vendor Specific Attributes 27 November 1998
Value
The value field is four octets.
0 Disabled
1 Enabled
2.18 Acc-Ipx-Compression
Description
This attribute indicates whether Header Compression should be
enabled for the dial-in user's IPX traffic. The Acc-Ipx-
Compression attribute may be used in Access-Accept packets only.
A summary of the Acc-Ipx-Compression attribute format within the ACC
vendor-specific attribute is shown below. The fields are transmitted
left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
29 for Acc-Ipx-Compression
Length
6
Value
The value field is four octets.
0 Disabled
1 Enabled
2.19 Acc-Callback-Delay
Description
Ilgun [Page 20]
Internet Draft ACC's Vendor Specific Attributes 27 November 1998
This attribute specifies the delay time in seconds before the
remote side is called back. The Acc-Callback-Delay attribute may
be used in Access-Accept packets only.
A summary of the Acc-Callback-Delay attribute format within the ACC
vendor-specific attribute is shown below. The fields are transmitted
left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
34 for Acc-Callback-Delay
Length
6
Value
The value field is four octets.
2.19 Acc-Callback-Num-Valid
Description
This attribute specifies the acceptable callback number for the
remote site to be called back. Each dial-in user may be
associated with zero or more valid number attributes. If this
attribute is not used then the callback will proceed as usual.
Also, if the Acc-Callback-Mode (see Section 2.21) is not one of 3
(User-Specified-E-164) and 6 (CBCP-Callback) then the valid number
filtering will not be performed. Otherwise, if this attribute is
returned in an Access-Reply message, then the callback number
negotiated from the callback phase will be compared to the numbers
in this attribute. Multiple instances (up to 16) of this
attribute can be returned in the same Access-Reply message. This
attribute contains a string (valid characters: representing a
number filter. 'x' and 'X' represent single character wildcards,
Ilgun [Page 21]
Internet Draft ACC's Vendor Specific Attributes 27 November 1998
and '-' character is ignored during filtering. The matching
starts from the end of the string. The filter string specified in
this attribute must be at least the same length as the callback
number (excluding the '-' characters). If the negotiated callback
number is determined to be valid then callback will proceed,
otherwise no callback will be made. The Acc-Callback-Num-Valid
attribute may be used in Access-Accept packets only.
A summary of the Acc-Callback-Num-Valid attribute format within the
ACC vendor-specific attribute is shown below. The fields are
transmitted left-to-right.
0 1 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | String...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
35 for Acc-Callback-Num-Valid
Length
>= 3
Value
The String field is one or more octets.
2.21 Acc-Callback-Mode
Description
This attribute indicates what type of callback should be performed
for the dial-in user. A value of 0 (User-Auth) indicates the
callback will depend on the user authentication. A value of 3
(User-Specified-E-164) indicates the callback will be done to the
user specified callback number. A value of 6 (CBCP-Callback)
indicates callback will be negotiated using CBCP. A value of 7
(CLI-Callback) indicates CLI (Calling Line Identifier) type
callback will be used. The Acc-Callback-Mode attribute may be
used in Access-Accept packets only.
Ilgun [Page 22]
Internet Draft ACC's Vendor Specific Attributes 27 November 1998
A summary of the Acc-Callback-Mode attribute format within the ACC
vendor-specific attribute is shown below. The fields are transmitted
left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
36 for Acc-Callback-Mode
Length
6
Value
The value field is four octets.
0 User-Auth
3 User-Specified-E-164
6 CBCP-Callback
7 CLI-Callback
2.22 Acc-Callback-CBCP-Type
Description
This attribute indicates the type of CBCP to be used for the
dial-in user. The Acc-Callback-CBCP-Type attribute may be used in
Access-Accept packets only.
A summary of the Acc-Callback-CBCP-Type attribute format within the
ACC vendor-specific attribute is shown below. The fields are
transmitted left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
Ilgun [Page 23]
Internet Draft ACC's Vendor Specific Attributes 27 November 1998
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
37 for Acc-Callback-CBCP-Type
Length
6
Value
The value field is four octets.
CBCP-None 1
CBCP-User-Specified 2
CBCP-Pre-Specified 3
2.23 Acc-Dialout-Auth-Mode
Description
This attribute indicates the type of authentication to be used for
the dialout of the callback session. The Acc-Dialout-Auth-Mode
attribute may be used in Access-Accept packets only.
A summary of the Acc-Dialout-Auth-Mode attribute format within the
ACC vendor-specific attribute is shown below. The fields are
transmitted left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
38 for Acc-Dialout-Auth-Mode
Ilgun [Page 24]
Internet Draft ACC's Vendor Specific Attributes 27 November 1998
Length
6
Value
The value field is four octets.
PAP 1
CHAP 2
CHAP-PAP 3
NONE 4
2.24 Acc-Dialout-Auth-Password
Description
This attribute indicates the password to be used for the outgoing
authentication of the callback. The Acc-Dialout-Auth-Password
attribute may be used in Access-Accept packets only.
A summary of the Acc-Dialout-Auth-Password attribute format within
the ACC vendor-specific attribute is shown below. The fields are
transmitted left-to-right.
0 1 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | String...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
36 for Acc-Dialout-Auth-Password
Length
>= 3
Value
The String field is one or more octets.
2.25 Acc-Dialout-Auth-Username
Ilgun [Page 25]
Internet Draft ACC's Vendor Specific Attributes 27 November 1998
Description
This attribute indicates the username to be used for the outgoing
authentication of the callback. The Acc-Dialout-Auth-Username
attribute may be used in Access-Accept packets only.
A summary of the Acc-Dialout-Auth-Username attribute format within
the ACC vendor-specific attribute is shown below. The fields are
transmitted left-to-right.
0 1 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | String...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
37 for Acc-Dialout-Auth-Username
Length
>= 3
Value
The String field is one or more octets.
2.26 Acc-Access-Community
Description
This attribute indicates SNMP community name for the RADIUS
authenticated console login session. The Acc-Access-Community
attribute may be used in Access-Accept packets only.
A summary of the Acc-Access-Community attribute format within the ACC
vendor-specific attribute is shown below. The fields are transmitted
left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Ilgun [Page 26]
Internet Draft ACC's Vendor Specific Attributes 27 November 1998
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
42 for Acc-Access-Community
Length
6
Value
The value field is four octets.
PUBLIC 1
NETMAN 2
3. ACC's Radius Accounting Attributes
The table below indicates how the accounting vendor-specific
attributes are used in the accounting request packets. The attributes
with (*) are accounting specific attributes. An X indicates in which
type of Accounting-Request packet the attribute may be included.
Note that any Accounting-Request packet may include a copy of all the
configuration attributes.
Ilgun [Page 27]
Internet Draft ACC's Vendor Specific Attributes 27 November 1998
+-------------------------------+--------+-------+------+---------+
| Attribute Name | Number | Start | Stop | Interim |
+-------------------------------+--------+-------+------+---------+
| Acc-Reason-Code (*) | 1 | | X | |
| Acc-Ccp-Option | 2 | | | |
| Acc-Input-Errors (*) | 3 | | X | X |
| Acc-Output-Errors (*) | 4 | | X | X |
| Acc-Access-Partition (*) | 5 | X | X | X |
| Acc-Customer-Id (*) | 6 | X | X | X |
| Acc-Ip-Gateway-Pri | 7 | | | |
| Acc-Ip-Gateway-Sec | 8 | | | |
| Acc-Route-Policy | 9 | | | |
| Acc-ML-MLX-Admin-State | 10 | | | |
| Acc-ML-Call-Threshold | 11 | | | |
| Acc-ML-Clear-Threshold | 12 | | | |
| Acc-ML-Damping-Factor | 13 | | | |
| Acc-Clearing-Cause (*) | 15 | | X | |
| Acc-Clearing-Location (*) | 16 | | X | |
| Acc-Service-Profile | 17 | X | X | X |
| Acc-Request-Type | 18 | X | X | X |
| Acc-Framed-Bridge | 19 | | | |
| Acc-Vpsm-Oversubscribed (*) | 20 | X | X | |
| Acc-Acct-On-Off-Reason (*) | 21 | | | |
| Acc-Tunnel-Port (*) | 22 | X | X | X |
| Acc-Dns-Server-Pri | 23 | | | |
| Acc-Dns-Server-Sec | 24 | | | |
| Acc-Nbns-Server-Pri | 25 | | | |
| Acc-Nbns-Server-Sec | 26 | | | |
| Acc-Dial-Port-Index (*) | 27 | X | X | X |
| Acc-Ip-Compression | 28 | | | |
| Acc-Ipx-Compression | 29 | | | |
| Acc-Connect-Tx-Speed (*) | 30 | X | X | X |
| Acc-Connect-Rx-Speed (*) | 31 | X | X | X |
| Acc-Modem-Modulation-Type (*) | 32 | X | X | X |
| Acc-Modem-Error-Protocol (*) | 33 | X | X | X |
| Acc-Callback-Delay | 34 | | | |
| Acc-Callback-Num-Valid | 35 | | | |
| Acc-Callback-Mode | 36 | | | |
| Acc-Callback-CBCP-Type | 37 | | | |
| Acc-Dialout-Auth-Mode | 38 | | | |
| Acc-Dialout-Auth-Password | 39 | | | |
| Acc-Dialout-Auth-UserName | 40 | | | |
| Acc-Access-Community | 42 | | | |
+-------------------------------+--------+-------+------+---------+
3.1 Acc-Reason-Code
Description
Ilgun [Page 28]
Internet Draft ACC's Vendor Specific Attributes 27 November 1998
This attribute provides an extension to the standard Acct-
Terminate-Cause attribute. It provides more detail on the
termination reason for a call.
A summary of the Acc-Reason-Code Attribute format within the ACC
vendor- specific attribute is shown below. The fields are transmitted
left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
1 for Acc-Reason-Code
Length
6
Value
The value field is four octets.
0 no reason given/no failure
1 resource shortage
2 session already open
3 too many RADIUS users
4 no authentication server
5 no authentication response
6 no accounting server
7 no accounting response
8 access denied
9 temporary buffer shortage
10 protocol error
11 invalid attribute
12 invalid service type
13 invalid framed protocol
14 invalid attribute value
15 invalid user information
16 invalid IP address
17 invalid integer syntax
Ilgun [Page 29]
Internet Draft ACC's Vendor Specific Attributes 27 November 1998
18 invalid NAS port
19 requested by user
20 network disconnect
21 service interruption
22 physical port error
23 idle timeout
24 session timeout
25 administrative reset
26 NAS reload or reset
27 NAS error
28 NAS request
29 undefined reason given
30 conflicting attributes
31 port limit exceeded
32 facility not available
33 internal configuration error
34 bad route specification
35 Access Partition bind failure
36 security violation
37 request type conflict
38 configuration disallowed
39 missing attribute
40 invalid request
41 missing parameter
42 invalid parameter
43 call cleared with cause
44 inopportune config request
45 invalid config parameter
46 missing config parameter
47 incompatible service profile
48 administrative reset
49 administrative reload
50 port unneeded
51 port preempted
52 port suspended
53 service unavailable
54 callback
55 user error
56 host request
3.2 Acc-Input-Errors
Description
This attribute indicates the number of receive errors on the
physical port the dial- in user was connected to.
Ilgun [Page 30]
Internet Draft ACC's Vendor Specific Attributes 27 November 1998
A summary of the Acc-Input-Errors Attribute format within the ACC
vendor- specific attribute is shown below. The fields are transmitted
left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
3 for Acc-Input-Errors
Length
6
Value
The value field is four octets.
3.3 Acc-Output-Errors
Description
This attribute indicates the number of send errors on the physical
port the dial-in user was connected to.
A summary of the Acc-Output-Errors Attribute format within the ACC
vendor- specific attribute is shown below. The fields are transmitted
left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
Ilgun [Page 31]
Internet Draft ACC's Vendor Specific Attributes 27 November 1998
4 for Acc-Output-Errors
Length
6
Value
The value field is four octets.
3.4 Acc-Access-Partition
Description
This attribute specifies the name of the Access Partition the
dial-in user is assigned to. Access Partitioning [ACC97a] gives
carriers the ability to partition dial-in resources and assign
these partitions to dial-in Virtual Private Networks.
A summary of the Acc-Access-Partition Attribute format within the ACC
vendor- specific attribute is shown below. The fields are transmitted
left-to-right.
0 1 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | String...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
5 for Acc-Access-Partition
Length
>= 3
String
The String field is one or more octets.
3.5 Acc-Customer-Id
Description
This attribute specifies the Id of the Customer the dial-in user
Ilgun [Page 32]
Internet Draft ACC's Vendor Specific Attributes 27 November 1998
is associated with.
A summary of the Acc-Customer-Id Attribute format within the ACC
vendor- specific attribute is shown below. The fields are transmitted
left-to-right.
0 1 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | String...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
6 for Acc-Customer-Id
Length
>= 3
Value
The String field is one or more octets.
3.6 Acc-Clearing-Cause
Description
This attribute provides an extension to the Acc-Reason-Code
attribute. It provides more detail if Acc-Reason-Code indicates
Call-Cleared-With-Cause (43).
A summary of the Acc-Clearing-Cause Attribute format within the ACC
vendor- specific attribute is shown below. The fields are transmitted
left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Ilgun [Page 33]
Internet Draft ACC's Vendor Specific Attributes 27 November 1998
Type
15 for Acc-Clearing-Cause
Length
6
Value
The value field is four octets.
0 cause unspecified
1 unassigned number
2 no route to transit network
3 no route to destination
6 channel unacceptable
7 call awarded being delivered
16 normal clearing
17 user busy
18 no user responding
19 user alerted no answer
21 call rejected
22 number changed
26 non selected user clearing
27 destination out of order
28 invalid or incomplete number
29 facility rejected
30 response to status inquiry
31 normal unspecified cause
34 no circuit or channel available
38 network out of order
41 temporary failure
42 switching equipment congestion
43 access information discarded
44 circuit or channel unavailable
45 circuit or channel preempted
47 resources unavailable
49 quality of service unavailable
50 facility not subscribed
52 outgoing calls barred
54 incoming calls barred
57 bearer capability unauthorized
58 bearer capability not available
63 service not available
65 bearer capability not implemented
66 channel type not implemented
69 facility not implemented
Ilgun [Page 34]
Internet Draft ACC's Vendor Specific Attributes 27 November 1998
70 restricted digital information only
79 service not implemented
81 invalid call reference
82 identified channel does not exist
83 call identity does not exist
84 call identity in use
85 no call suspended
86 suspended call cleared
88 incompatible destination
91 invalid transit network selection
95 invalid message
96 mandatory information element missing
97 message not implemented
98 inopportune message
99 information element not implemented
100 invalid information element contents
101 message incompatible with state
102 recovery on timer expiration
103 mandatory information element length error
111 protocol error
127 interworking
3.7 Acc-Clearing-Location
Description
This attribute provides an extension to the Acc-Reason-Code
attribute. It provides detail on where the call has been cleared.
A summary of the Acc-Clearing-Location Attribute format within the
ACC vendor-specific attribute is shown below. The fields are
transmitted left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
16 for Acc-Clearing-Location
Length
Ilgun [Page 35]
Internet Draft ACC's Vendor Specific Attributes 27 November 1998
6
Value
The value field is four octets
0 local or remote user
1 private network serving local user
2 public network serving local user
3 transit network
4 private network serving remote user
5 public network serving remote user
6 international network
10 beyond interworking point
3.8 Acc-Vpsm-Oversubscribed
Description
This attribute is specific to ACC's VPSM (Virtual Port Service
Manager) server software. VPSM runs as a proxy RADIUS server
between an ACC NAS and a home RADIUS server. If the VPSM server
detects that this connection caused the corresponding Access
Partition quota to be exceeded, the Accounting-Start record for
the connection will include the Acc-Vpsm-Oversubscribed attribute
with a value of 2 (True).
A summary of the Acc-Vpsm-Oversubscribed Attribute format within the
ACC vendor-specific attribute is shown below. The fields are
transmitted left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
20 for Acc-Vpsm-Oversubscribed
Length
6
Ilgun [Page 36]
Internet Draft ACC's Vendor Specific Attributes 27 November 1998
Value
The value field is four octets.
1 False
2 True
3.9 Acc-Acct-On-Off-Reason
Description
This attribute provides a reason code for why the Accounting-On or
Accounting- Off message is sent.
A summary of the Acc-Acct-On-Off-Reason Attribute format within the
ACC vendor-specific attribute is shown below. The fields are
transmitted left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
21 for Acc-Acct-On-Off-Reason
Length
6
Value
The value field is four octets.
0 NAS Reset
1 NAS Reload
2 Configuration Reset
3 Configuration Reload
4 Enabled
5 Disabled
3.10 Acc-Tunnel-Port
Ilgun [Page 37]
Internet Draft ACC's Vendor Specific Attributes 27 November 1998
Description
This attribute indicates the index of the Tunnel Port the dial-in
user is connected to.
A summary of the Acc-Tunnel-Port attribute format within the ACC
vendor-specific attribute is shown below. The fields are transmitted
left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
22 for Acc-Tunnel-Port
Length
6
Value
The value field is four octets.
3.11 Acc-Dial-Port-Index
Description
This attribute indicates the index of the Dial Port the dial-in
user is connected to.
A summary of the Acc-Dial-Port-Index attribute format within the ACC
vendor-specific attribute is shown below. The fields are transmitted
left-to-right.
Ilgun [Page 38]
Internet Draft ACC's Vendor Specific Attributes 27 November 1998
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
27 for Acc-Dial-Port-Index
Length
6
Value
The value field is four octets.
3.12 Acc-Connect-Tx-Speed
Description
This attribute indicates the transmit speed that is negotiated on
the NAS port for this dial-in connection.
A summary of the Acc-Connect-Tx-Speed attribute format within the ACC
vendor-specific attribute is shown below. The fields are transmitted
left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
30 for Acc-Connect-Tx-Speed
Length
Ilgun [Page 39]
Internet Draft ACC's Vendor Specific Attributes 27 November 1998
6
Value
The value field is four octets.
3.13 Acc-Connect-Rx-Speed
Description
This attribute indicates the receive speed that is negotiated on
the NAS port for this dial-in connection.
A summary of the Acc-Connect-Rx-Speed attribute format within the ACC
vendor-specific attribute is shown below. The fields are transmitted
left-to-right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
31 for Acc-Connect-Rx-Speed
Length
6
Value
The value field is four octets.
3.14 Acc-Modem-Modulation-Type
Description
This attribute indicates the modem modulation type that is used on
the NAS port for this dial-in connection.
A summary of the Acc-Modem-Modulation-Type attribute format within
Ilgun [Page 40]
Internet Draft ACC's Vendor Specific Attributes 27 November 1998
the ACC vendor-specific attribute is shown below. The fields are
transmitted left-to-right.
0 1 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | String...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
32 for Acc-Modem-Modulation-Type
Length
>=3
Value
The value field is four octets.
3.15 Acc-Modem-Error-Protocol
Description
This attribute indicates the modem error protocol that is used on
the NAS port for this dial-in connection.
A summary of the Acc-Modem-Error-Protocol attribute format within the
ACC vendor-specific attribute is shown below. The fields are
transmitted left-to-right.
0 1 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | String...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
33 for Acc-Modem-Error-Protocol
Length
>=3
Ilgun [Page 41]
Internet Draft ACC's Vendor Specific Attributes 27 November 1998
Value
The value field is four octets.
4. Security Considerations
Security issues regarding the RADIUS protocol are discussed in RFC
2138 [RIG97a] and RFC 2139 [RIG97b]. The use of Acc-Tunnel-Secret
attribute is insecure. The Tunnel-Password attribute, defined in
[ZOR98], should be used whenever possible and Acc-Tunnel-Secret
attribute should only be used if the RADIUS server does not support
salt encryption.
5. References
[ACC97a] "Access Partitioning" White Paper,
http://www.acc.com/internet/whitepapers/
accesspartitioning.html, ACC, August 1997
[ACC97b] "RADIUS Implementation" White Paper,
http://www.acc.com/internet/whitepapers/
radiusimp.html, ACC, January 1998
[COB95] Cobb, S., PPP Internet Protocol Control Protocol
Extensions for Name Server Addresses,
RFC 1877, Microsoft, December 1995.
[GID94] Gidwani, N., Proposal for Callback Control Protocol (CBCP),
draft-ietf-pppext-callback-cp-02.txt, Microsoft, July 1994.
[MCG92] McGregor, G., PPP Internet Control Protocol",
RFC 1332, Merit, May 1992.
[RAN96] Rand, D., The PPP Compression Control Protocol (CCP),
RFC 1962, Novell, June 1996.
[RIG97a] Rigney, C., Remote Authentication Dial In User Service
(RADIUS), RFC 2138, Livingston, April 1997.
[RIG97b] Rigney, C., et al, RADIUS Accounting,
RFC 2139, Livingston, April 1997.
[SIM98] Simpson, W., PPP LCP CallBack,
draft-ietf-pppext-callback-ds-02.txt, Daydreamer, August 1998.
[SKL96] Sklower, K., et al, The PPP Multilink Protocol (MP),
RFC 1990, UC Berkeley, August 1996.
Ilgun [Page 42]
Internet Draft ACC's Vendor Specific Attributes 27 November 1998
[SMI96] Smith, K., Ascend's Multilink Protocol Plus (MP+),
Ascend, RFC 1934, August 1996.
[VAL97] Valencia, et al., Layer Two Tunneling Protocol (L2TP),
draft-ietf-pppext-l2tp-06.txt, June 1997.
[ZOR98] Zorn, G., et al, RADIUS Attributes for Tunnel
Protocol Support, draft-ietf-radius-tunnel-auth-05.txt,
Microsoft-Ascend-Shiva, April 1998.
6. Expiration Date
This document expires June 18, 1999.
7. Author's Address
Koral Ilgun
ACC/Ericsson Datacom Access
340 Storke Road
Santa Barbara, CA 93117
Phone: (805) 961-0279
EMail: koral@acc.com
Ilgun [Page 43]
| PAFTECH AB 2003-2026 | 2026-04-22 23:20:12 |