| < draft-ietf-radius-accounting-03.txt | draft-ietf-radius-accounting-04.txt > | |||
|---|---|---|---|---|
| RADIUS Working Group C Rigney | RADIUS Working Group C Rigney | |||
| INTERNET-DRAFT Livingston | INTERNET-DRAFT Livingston | |||
| expires in six months May 1996 | expires in six months June 1996 | |||
| RADIUS Accounting | RADIUS Accounting | |||
| draft-ietf-radius-accounting-03.txt | draft-ietf-radius-accounting-04.txt | |||
| Status of this Memo | Status of this Memo | |||
| This document is a submission to the RADIUS Working Group of the | This document is a submission to the RADIUS Working Group of the | |||
| Internet Engineering Task Force (IETF). Comments should be submitted | Internet Engineering Task Force (IETF). Comments should be submitted | |||
| to the ietf-radius@livingston.com mailing list. | to the ietf-radius@livingston.com mailing list. | |||
| Distribution of this memo is unlimited. | Distribution of this memo is unlimited. | |||
| This document is an Internet-Draft. Internet-Drafts are working | This document is an Internet-Draft. Internet-Drafts are working | |||
| skipping to change at page 1, line 34 ¶ | skipping to change at page 1, line 34 ¶ | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as ``work in progress.'' | material or to cite them other than as ``work in progress.'' | |||
| To learn the current status of any Internet-Draft, please check the | To learn the current status of any Internet-Draft, please check the | |||
| ``1id-abstracts.txt'' listing contained in the Internet-Drafts Shadow | ``1id-abstracts.txt'' listing contained in the Internet-Drafts Shadow | |||
| Directories on on ftp.is.co.za (Africa), nic.nordu.net (Europe), | Directories on on ftp.is.co.za (Africa), nic.nordu.net (Europe), | |||
| munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or | munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or | |||
| ftp.isi.edu (US West Coast). | ftp.isi.edu (US West Coast). | |||
| This document expires November 24th, 1996. | ||||
| Abstract | Abstract | |||
| This document describes a protocol for carrying accounting | This document describes a protocol for carrying accounting | |||
| information between a Network Access Server and a shared Accounting | information between a Network Access Server and a shared Accounting | |||
| Server. | Server. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction .......................................... 1 | 1. Introduction .......................................... 1 | |||
| 1.1 Specification of Requirements ................ 2 | 1.1 Specification of Requirements ................... 2 | |||
| 1.2 Terminology ..................................... 2 | 1.2 Terminology ..................................... 2 | |||
| 2. Operation ............................................. 3 | 2. Operation ............................................. 3 | |||
| 3. Packet Format ......................................... 4 | 3. Packet Format ......................................... 4 | |||
| 4. Packet Types .......................................... 6 | 4. Packet Types .......................................... 6 | |||
| 4.1 Accounting-Request .............................. 6 | 4.1 Accounting-Request .............................. 6 | |||
| 4.2 Accounting-Response ............................. 7 | 4.2 Accounting-Response ............................. 7 | |||
| 5. Attributes ............................................ 9 | 5. Attributes ............................................ 9 | |||
| 5.1 Acct-Status-Type ................................ 10 | 5.1 Acct-Status-Type ................................ 10 | |||
| 5.2 Acct-Delay-Time ................................. 11 | 5.2 Acct-Delay-Time ................................. 11 | |||
| 5.3 Acct-Input-Octets ............................... 12 | 5.3 Acct-Input-Octets ............................... 12 | |||
| 5.4 Acct-Output-Octets .............................. 12 | 5.4 Acct-Output-Octets .............................. 13 | |||
| 5.5 Acct-Session-Id ................................. 13 | 5.5 Acct-Session-Id ................................. 13 | |||
| 5.6 Acct-Authentic .................................. 14 | 5.6 Acct-Authentic .................................. 14 | |||
| 5.7 Acct-Session-Time ............................... 15 | 5.7 Acct-Session-Time ............................... 15 | |||
| 5.8 Acct-Input-Packets .............................. 16 | 5.8 Acct-Input-Packets .............................. 16 | |||
| 5.9 Acct-Output-Packets ............................. 16 | 5.9 Acct-Output-Packets ............................. 17 | |||
| 5.10 Acct-Terminate-Cause ............................ 17 | 5.10 Acct-Terminate-Cause ............................ 17 | |||
| 5.11 Acct-Multi-Session-Id ........................... 19 | 5.11 Acct-Multi-Session-Id ........................... 20 | |||
| 5.12 Table of Attributes ............................. 20 | 5.12 Acct-Link-Count ................................. 20 | |||
| 5.13 Table of Attributes ............................. 22 | ||||
| Security Considerations ...................................... 22 | Security Considerations ...................................... 24 | |||
| References ................................................... 22 | References ................................................... 24 | |||
| Acknowledgements ............................................. 22 | Acknowledgements ............................................. 24 | |||
| Chair's Address .............................................. 23 | Chair's Address .............................................. 25 | |||
| Author's Address ............................................. 23 | Author's Address ............................................. 25 | |||
| 1. Introduction | 1. Introduction | |||
| Managing dispersed serial line and modem pools for large numbers of | Managing dispersed serial line and modem pools for large numbers of | |||
| users can create the need for significant administrative support. | users can create the need for significant administrative support. | |||
| Since modem pools are by definition a link to the outside world, they | Since modem pools are by definition a link to the outside world, they | |||
| require careful attention to security, authorization and accounting. | require careful attention to security, authorization and accounting. | |||
| This can be best achieved by managing a single "database" of users, | This can be best achieved by managing a single "database" of users, | |||
| which allows for authentication (verifying user name and password) as | which allows for authentication (verifying user name and password) as | |||
| well as configuration information detailing the type of service to | well as configuration information detailing the type of service to | |||
| skipping to change at page 2, line 5 ¶ | skipping to change at page 2, line 5 ¶ | |||
| Transactions between the client and RADIUS accounting server | Transactions between the client and RADIUS accounting server | |||
| are authenticated through the use of a shared secret, which is | are authenticated through the use of a shared secret, which is | |||
| never sent over the network. | never sent over the network. | |||
| Extensible Protocol | Extensible Protocol | |||
| All transactions are comprised of variable length Attribute- | All transactions are comprised of variable length Attribute- | |||
| Length-Value 3-tuples. New attribute values can be added | Length-Value 3-tuples. New attribute values can be added | |||
| without disturbing existing implementations of the protocol. | without disturbing existing implementations of the protocol. | |||
| 1.1. Specification of Requirements | 1.1. Specification of Requirements | |||
| In this document, several words are used to signify the | In this document, several words are used to signify the requirements | |||
| requirements of the specification. These words are often | of the specification. These words are often capitalized. | |||
| capitalized. | ||||
| MUST This word, or the adjective "required", means that the | MUST This word, or the adjective "required", means that the | |||
| definition is an absolute requirement of the | definition is an absolute requirement of the specification. | |||
| specification. | ||||
| MUST NOT This phrase means that the definition is an absolute | MUST NOT This phrase means that the definition is an absolute | |||
| prohibition of the specification. | prohibition of the specification. | |||
| SHOULD This word, or the adjective "recommended", means that | SHOULD This word, or the adjective "recommended", means that there | |||
| there may exist valid reasons in particular | may exist valid reasons in particular circumstances to | |||
| circumstances to ignore this item, but the full | ignore this item, but the full implications must be | |||
| implications must be understood and carefully weighed | understood and carefully weighed before choosing a | |||
| before choosing a different course. | different course. | |||
| MAY This word, or the adjective "optional", means that this | MAY This word, or the adjective "optional", means that this | |||
| item is one of an allowed set of alternatives. An | item is one of an allowed set of alternatives. An | |||
| implementation which does not include this option MUST | implementation which does not include this option MUST be | |||
| be prepared to interoperate with another implementation | prepared to interoperate with another implementation which | |||
| which does include the option. | does include the option. | |||
| 1.2. Terminology | 1.2. Terminology | |||
| This document uses the following terms: | This document uses the following terms: | |||
| service The NAS provides a service to the dial-in user, such as PPP | service The NAS provides a service to the dial-in user, such as PPP | |||
| or Telnet. | or Telnet. | |||
| session Each service provided by the NAS to a dial-in user | session Each service provided by the NAS to a dial-in user | |||
| constitutes a session, with the beginning of the session | constitutes a session, with the beginning of the session | |||
| skipping to change at page 9, line 47 ¶ | skipping to change at page 9, line 47 ¶ | |||
| 41 Acct-Delay-Time | 41 Acct-Delay-Time | |||
| 42 Acct-Input-Octets | 42 Acct-Input-Octets | |||
| 43 Acct-Output-Octets | 43 Acct-Output-Octets | |||
| 44 Acct-Session-Id | 44 Acct-Session-Id | |||
| 45 Acct-Authentic | 45 Acct-Authentic | |||
| 46 Acct-Session-Time | 46 Acct-Session-Time | |||
| 47 Acct-Input-Packets | 47 Acct-Input-Packets | |||
| 48 Acct-Output-Packets | 48 Acct-Output-Packets | |||
| 49 Acct-Terminate-Cause | 49 Acct-Terminate-Cause | |||
| 50 Acct-Multi-Session-Id | 50 Acct-Multi-Session-Id | |||
| 51 Acct-Link-Count | ||||
| 60+ (refer to RADIUS Internet-Draft) | 60+ (refer to RADIUS Internet-Draft) | |||
| Length | Length | |||
| The Length field is one octet, and indicates the length of this | The Length field is one octet, and indicates the length of this | |||
| attribute including the Type, Length and Value fields. If an | attribute including the Type, Length and Value fields. If an | |||
| attribute is received in an Accounting-Request with an invalid | attribute is received in an Accounting-Request with an invalid | |||
| Length, the entire request should be silently discarded. | Length, the entire request should be silently discarded. | |||
| Value | Value | |||
| skipping to change at page 20, line 23 ¶ | skipping to change at page 20, line 36 ¶ | |||
| 50 for Acct-Multi-Session-Id. | 50 for Acct-Multi-Session-Id. | |||
| Length | Length | |||
| >= 3 | >= 3 | |||
| String | String | |||
| The String field SHOULD be a string of printable ASCII characters. | The String field SHOULD be a string of printable ASCII characters. | |||
| 5.12. Table of Attributes | 5.12. Acct-Link-Count | |||
| Description | ||||
| This attribute gives the count of links which are known to have | ||||
| been in a given multilink session at the time the accounting | ||||
| record is generated. The NAS MAY include the Acct-Link-Count | ||||
| attribute in any Accounting-Request which might have multiple | ||||
| links. | ||||
| A summary of the Acct-Link-Count attribute format is show below. The | ||||
| fields are transmitted from left to right. | ||||
| 0 1 2 3 | ||||
| 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | ||||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ||||
| | Type | Length | Value | ||||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ||||
| Value (cont) | | ||||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ||||
| Type | ||||
| 51 for Acct-Link-Count. | ||||
| Length | ||||
| 6 | ||||
| Value | ||||
| The Value field is four octets, and contains the number of links | ||||
| seen so far in this Multilink Session. | ||||
| It may be used to make it easier for an accounting server to know | ||||
| when it has all the records for a given Multilink session. When | ||||
| the number of Accounting-Requests received with Acct-Status-Type = | ||||
| Stop and the same Acct-Multi-Session-Id and unique Acct-Session- | ||||
| Id's equals the largest value of Acct-Link-Count seen in those | ||||
| Accounting-Requests, all Stop Accounting-Requests for that | ||||
| Multilink Session have been received. | ||||
| An example showing 8 Accounting-Requests should make things | ||||
| clearer. For clarity only the relevant attributes are shown, but | ||||
| additional attributes containing accounting information will also | ||||
| be present in the Accounting-Request. | ||||
| Multi-Session-Id Session-Id Status-Type Link-Count | ||||
| "10" "10" Start 1 | ||||
| "10" "11" Start 2 | ||||
| "10" "11" Stop 2 | ||||
| "10" "12" Start 3 | ||||
| "10" "13" Start 4 | ||||
| "10" "12" Stop 4 | ||||
| "10" "13" Stop 4 | ||||
| "10" "10" Stop 4 | ||||
| 5.13. Table of Attributes | ||||
| The following table provides a guide to which attributes may be found | The following table provides a guide to which attributes may be found | |||
| in Accounting-Request packets. No attributes should be found in | in Accounting-Request packets. No attributes should be found in | |||
| Accounting-Response packets (except possibly for Vendor-Specific). | Accounting-Response packets (except possibly for Vendor-Specific). | |||
| # Attribute | # Attribute | |||
| 0-1 User-Name | 0-1 User-Name | |||
| 0 User-Password | 0 User-Password | |||
| 0 CHAP-Password | 0 CHAP-Password | |||
| 0-1 NAS-IP-Address [4] | 0-1 NAS-IP-Address [4] | |||
| skipping to change at page 21, line 34 ¶ | skipping to change at page 23, line 12 ¶ | |||
| 0-1 Acct-Delay-Time | 0-1 Acct-Delay-Time | |||
| 0-1 Acct-Input-Octets | 0-1 Acct-Input-Octets | |||
| 0-1 Acct-Output-Octets | 0-1 Acct-Output-Octets | |||
| 1 Acct-Session-Id | 1 Acct-Session-Id | |||
| 0-1 Acct-Authentic | 0-1 Acct-Authentic | |||
| 0-1 Acct-Session-Time | 0-1 Acct-Session-Time | |||
| 0-1 Acct-Input-Packets | 0-1 Acct-Input-Packets | |||
| 0-1 Acct-Output-Packets | 0-1 Acct-Output-Packets | |||
| 0-1 Acct-Terminate-Cause | 0-1 Acct-Terminate-Cause | |||
| 0+ Acct-Multi-Session-Id | 0+ Acct-Multi-Session-Id | |||
| 0+ Acct-Link-Count | ||||
| 0 CHAP-Challenge | 0 CHAP-Challenge | |||
| 0-1 NAS-Port-Type | 0-1 NAS-Port-Type | |||
| 0-1 Port-Limit | 0-1 Port-Limit | |||
| 0-1 Login-LAT-Port | 0-1 Login-LAT-Port | |||
| [4] An Accounting-Request MUST contain either a NAS-IP-Address or a | [4] An Accounting-Request MUST contain either a NAS-IP-Address or a | |||
| NAS-Identifier, and it is permitted (but not recommended) for it to | NAS-Identifier, and it is permitted (but not recommended) for it to | |||
| contain both. | contain both. | |||
| The following table defines the above table entries. | The following table defines the above table entries. | |||
| skipping to change at page 23, line 27 ¶ | skipping to change at line 1105 ¶ | |||
| Author's Address | Author's Address | |||
| Questions about this memo can also be directed to: | Questions about this memo can also be directed to: | |||
| Carl Rigney | Carl Rigney | |||
| Livingston Enterprises | Livingston Enterprises | |||
| 6920 Koll Center Parkway, Suite 220 | 6920 Koll Center Parkway, Suite 220 | |||
| Pleasanton, California 94566 | Pleasanton, California 94566 | |||
| E-Mail: cdr@livingston.com | E-Mail: cdr@livingston.com | |||
| This document expires November 24th, 1996. | ||||
| End of changes. 22 change blocks. | ||||
| 34 lines changed or deleted | 90 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||