idnits 2.17.1 draft-ilgun-radius-accvsa-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Cannot find the required boilerplate sections (Copyright, IPR, etc.) in this document. Expected boilerplate is as follows today (2024-04-25) according to https://trustee.ietf.org/license-info : IETF Trust Legal Provisions of 28-dec-2009, Section 6.a: This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 2: Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 3: This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts. ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** There are 47 instances of too long lines in the document, the longest one being 7 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == Unrecognized Status in 'Category: Internet Draft', assuming Proposed Standard (Expected one of 'Standards Track', 'Full Standard', 'Draft Standard', 'Proposed Standard', 'Best Current Practice', 'Informational', 'Experimental', 'Informational', 'Historic'.) -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (18 December 1998) is 9260 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'GID94' is defined on line 1808, but no explicit reference was found in the text == Unused Reference: 'SIM98' is defined on line 1823, but no explicit reference was found in the text -- Possible downref: Non-RFC (?) normative reference: ref. 'ACC97a' -- Possible downref: Non-RFC (?) normative reference: ref. 'ACC97b' ** Downref: Normative reference to an Informational RFC: RFC 1877 (ref. 'COB95') -- Possible downref: Normative reference to a draft: ref. 'GID94' ** Obsolete normative reference: RFC 2138 (ref. 'RIG97a') (Obsoleted by RFC 2865) ** Obsolete normative reference: RFC 2139 (ref. 'RIG97b') (Obsoleted by RFC 2866) -- Possible downref: Normative reference to a draft: ref. 'SIM98' ** Downref: Normative reference to an Informational RFC: RFC 1934 (ref. 'SMI96') == Outdated reference: A later version (-16) exists of draft-ietf-pppext-l2tp-06 == Outdated reference: A later version (-08) exists of draft-ietf-radius-tunnel-auth-05 ** Downref: Normative reference to an Informational draft: draft-ietf-radius-tunnel-auth (ref. 'ZOR98') Summary: 14 errors (**), 0 flaws (~~), 5 warnings (==), 6 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group Koral Ilgun 3 INTERNET-DRAFT ACC/Ericsson Datacom Access 4 Category: Internet Draft 5 Title: draft-ilgun-radius-accvsa-01.txt 6 Date: 18 December 1998 7 Expires: 18 June 1999 9 RADIUS Vendor Specific Attributes for ACC/Ericsson Datacom Access 11 Status of this Memo 13 This document is a submission to the RADIUS Working Group of the 14 Internet Engineering Task Force (IETF). Comments should be submitted 15 to the ietf-radius@livingston.com mailing list. 17 Distribution of this memo is unlimited. 19 This document is an Internet-Draft. Internet-Drafts are working 20 documents of the Internet Engineering Task Force (IETF), its areas, 21 and its working groups. Note that other groups may also distribute 22 working documents as Internet-Drafts. 24 Internet-Drafts are draft documents valid for a maximum of six months 25 and may be updated, replaced, or obsoleted by other documents at any 26 time. It is inappropriate to use Internet-Drafts as reference 27 material or to cite them other than as ``work in progress.'' 29 To learn the current status of any Internet-Draft, please check the 30 ``1id-abstracts.txt'' listing contained in the Internet-Drafts Shadow 31 Directories on on ftp.is.co.za (Africa), nic.nordu.net (Europe), 32 munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or 33 ftp.isi.edu (US West Coast). 35 Abstract 37 This document describes vendor specific attributes for carrying 38 authentication, authorization and accounting information between 39 ACC's (now called Ericsson Datacom Access) Network Access Server 40 (NAS) and an Authentication/Accounting Server using the Remote 41 Authentication Dial In User Service (RADIUS) protocol described in 42 RFC 2058 and RFC 2059. 44 Table of Contents 46 1. Introduction ........................................... 4 48 2. ACC's Radius Authentication Attributes ................. 4 49 2.1 Acc-Ccp-Option ..................................... 5 50 2.2 Acc-Ip-Gateway-Pri ................................. 6 51 2.3 Acc-Ip-Gateway-Sec ................................. 7 52 2.4 Acc-Route-Policy ................................... 7 53 2.5 Acc-ML-MLX-Admin-State ............................. 8 54 2.6 Acc-ML-Call-Threshold .............................. 10 55 2.7 Acc-ML-Clear-Threshold ............................. 11 56 2.8 Acc-ML-Damping-Factor .............................. 11 57 2.9 Acc-Tunnel-Secret ................................. 12 58 2.10 Acc-Service-Profile ................................ 13 59 2.11 Acc-Request-Type .................................. 13 60 2.12 Acc-Framed-Bridge .................................. 15 61 2.13 Acc-Dns-Server-Pri ................................. 16 62 2.14 Acc-Dns-Server-Sec ................................. 16 63 2.15 Acc-Nbns-Server-Pri ................................ 17 64 2.16 Acc-Nbns-Server-Sec ................................ 18 65 2.17 Acc-Ip-Compression ................................. 19 66 2.18 Acc-Ipx-Compression ................................ 20 67 2.19 Acc-Callback-Delay ................................. 20 68 2.20 Acc-Callback-Num-Valid ............................. 21 69 2.21 Acc-Callback-Mode .................................. 22 70 2.22 Acc-Callback-CBCP-Type ............................. 23 71 2.23 Acc-Dialout-Auth-Mode .............................. 24 72 2.24 Acc-Dialout-Auth-Password .......................... 25 73 2.25 Acc-Dialout-Auth-Username .......................... 25 74 2.26 Acc-Access-Community ............................... 26 76 3. ACC's Radius Accounting Attributes ....................... 27 77 3.1 Acc-Reason-Code .................................... 28 78 3.2 Acc-Input-Errors ................................... 30 79 3.3 Acc-Output-Errors .................................. 31 80 3.4 Acc-Access-Partition ............................... 32 81 3.5 Acc-Customer-Id .................................... 32 82 3.6 Acc-Clearing-Cause ................................. 33 83 3.7 Acc-Clearing-Location .............................. 35 84 3.8 Acc-Vpsm-Oversubscribed ............................ 36 85 3.9 Acc-Acct-On-Off-Reason ............................. 37 86 3.10 Acc-Tunnel-Port .................................... 37 87 3.11 Acc-Dial-Port-Index ................................ 38 88 3.12 Acc-Connect-Tx-Speed ............................... 39 89 3.13 Acc-Connect-Rx-Speed ............................... 40 90 3.14 Acc-Modem-Modulation-Type .......................... 40 91 3.15 Acc-Modem-Error-Protocol ........................... 41 93 4. Security Considerations .................................. 42 95 5. References ............................................... 42 97 6. Expiration Date .......................................... 43 99 7. Author's Address ......................................... 43 101 1. Introduction 103 The Remote Authentication Dial In User Service (RADIUS) protocol is 104 specified by the RADIUS Working Group of the Internet Engineering 105 Task Force (IETF). There are two specifications that make up the 106 RADIUS protocol suite: Authentication [RIG97a] and Accounting 107 [RIG97b]. These protocols aim to centralize authentication, 108 configuration, and accounting of dial-in services to an independent 109 server. 111 ACC has implemented RADIUS authentication and accounting for its 112 Network Access Server family of router products. This document 113 provides details of ACC's RADIUS implementation, in particular the 114 use of Vendor Specific Attributes (VSA's). It is intended as a guide 115 for using the RADIUS protocol for ACC products. ACC's vendor- 116 specific attributes use a vendor Id of 5. For more information on 117 ACC's RADIUS implementation, see the white paper [ACC97b]. 119 2. ACC's Radius Authentication Attributes 121 The table below indicates how the authentication vendor-specific 122 attributes are used in the access request and response packets. 124 +---------------------------+--------+---------+--------+--------+ 125 | Attribute Name | Number | Request | Accept | Reject | 126 +---------------------------+--------+---------+--------+--------+ 127 | Acc-Ccp-Option | 2 | | X | | 128 | Acc-Ip-Gateway-Pri | 7 | | X | | 129 | Acc-Ip-Gateway-Sec | 8 | | X | | 130 | Acc-Route-Policy | 9 | | X | | 131 | Acc-ML-MLX-Admin-State | 10 | | X | | 132 | Acc-ML-Call-Threshold | 11 | | X | | 133 | Acc-ML-Clear-Threshold | 12 | | X | | 134 | Acc-ML-Damping-Factor | 13 | | X | | 135 | Acc-Tunnel-Secret | 14 | | X | | 136 | Acc-Service-Profile | 17 | | X | | 137 | Acc-Request-Type | 18 | X | | | 138 | Acc-Framed-Bridge | 19 | | X | | 139 | Acc-Dns-Server-Pri | 23 | | X | | 140 | Acc-Dns-Server-Sec | 24 | | X | | 141 | Acc-Nbns-Server-Pri | 25 | | X | | 142 | Acc-Nbns-Server-Sec | 26 | | X | | 143 | Acc-Ip-Compression | 28 | | X | | 144 | Acc-Ipx-Compression | 29 | | X | | 145 | Acc-Callback-Delay | 34 | | X | | 146 | Acc-Callback-Num-Valid | 35 | | X | | 147 | Acc-Callback-Mode | 36 | | X | | 148 | Acc-Callback-CBCP-Type | 37 | | X | | 149 | Acc-Dialout-Auth-Mode | 38 | | X | | 150 | Acc-Dialout-Auth-Password | 39 | | X | | 151 | Acc-Dialout-Auth-UserName | 40 | | X | | 152 | Acc-Access-Community | 42 | | X | | 153 +---------------------------+--------+---------+--------+--------+ 155 2.1 Acc-Ccp-Option 157 Description 159 This attribute indicates if PPP CCP [RAN96] compression 160 negotiation is to be attempted on the dial-in link. It may be used 161 in Access-Accept packets only. 163 A summary of the Acc-Ccp-Option Attribute format within the ACC 164 vendor- specific attribute is shown below. The fields are transmitted 165 left-to-right. 167 0 1 2 3 168 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 169 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 170 | Type | Length | Value 171 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 172 Value (cont) | 173 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 175 Type 177 2 for Acc-Ccp-Option 179 Length 181 6 183 Value 185 The value field is four octets. 187 1 Disabled 188 2 Enabled 190 2.2 Acc-Ip-Gateway-Pri 192 Description 194 This attribute defines the next hop IP address where the dial-in 195 user's data packets should be directed to. This address could be 196 a router that is directly attached to a VPN (Virtual Private 197 Network) customer's network or to a router that forwards the 198 packet to its final destination based on the Source IP Address. It 199 may be used in Access-Accept packets only. 201 A summary of the Acc-Ip-Gateway-Pri Attribute format within the ACC 202 vendor- specific attribute is shown below. The fields are transmitted 203 left-to-right. 205 0 1 2 3 206 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 207 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 208 | Type | Length | Address 209 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 210 Address (cont) | 211 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 212 Type 214 7 for Acc-Ip-Gateway-Pri 216 Length 218 6 220 Address 222 The Address field is a four octet IP Address. 224 2.3 Acc-Ip-Gateway-Sec 226 Description 228 Similar to Acc-Ip-Gateway-Pri described in Section 2.2, this 229 attribute defines the next hop IP address in case the Acc-Ip- 230 Gateway-Pri is unreachable. It may be used in Access-Accept 231 packets only. 233 A summary of the Acc-Ip-Gateway-Sec Attribute format within the ACC 234 vendor- specific attribute is shown below. The fields are transmitted 235 left-to-right. 237 0 1 2 3 238 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 239 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 240 | Type | Length | Address 241 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 242 Address (cont) | 243 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 245 Type 247 8 for Acc-Ip-Gateway-Sec 249 Length 251 6 253 Address 255 The Address field is a four octet IP Address. 257 2.4 Acc-Route-Policy 258 Description 260 This attribute indicates the route policy to be used with Access 261 Partitioning [ACC97a]. Access Partitioning gives carriers the 262 ability to partition dial-in resources and assign these partitions 263 to dial-in Virtual Private Networks. If the Acc-Route-Policy 264 attribute is set to Direct (2) two dial-in links belonging to the 265 same Access Partition can route directly to each other without 266 going through the IP home gateway. If this attribute is not 267 defined or set to Funnel (1), it means all packets received from 268 the dial-in user of this access partition will be forwarded to the 269 designated home gateway. It may be used in Access-Accept packets 270 only. 272 A summary of the Acc-Route-Policy Attribute format within the ACC 273 vendor- specific attribute is shown below. The fields are transmitted 274 left-to-right. 276 0 1 2 3 277 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 278 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 279 | Type | Length | Value 280 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 281 Value (cont) | 282 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 284 Type 286 9 for Acc-Route-Policy 288 Length 290 6 292 Value 294 The value field is four octets. 296 1 Funnel 297 2 Direct 299 2.5 Acc-ML-MLX-Admin-State 301 Description 302 If the standard Port-Limit attribute is configured for the dial-in 303 user on the RADIUS server, the ACC NAS attempts to place the 304 dial-in user in a multilink group. The Port-Limit attribute 305 defines the maximum number of members the multilink group can 306 have. All members of the multilink group must have the same dial- 307 in user name. When the first member of a multilink group calls in, 308 a multilink group is created on receipt of the access-accept with 309 the Port-Limit attribute configured. The multilink group exists 310 for as long as there is a call up in the multilink group. When the 311 last call in the multilink group is cleared, the multilink group 312 is deleted. When subsequent links in the multilink group call in, 313 they are added to the multilink group. The multilink group uses 314 the IETF standard PPP Multilink protocol [SKL96]. The MLX (also 315 known as MP+ [SMI96]) administrative state, call threshold, clear 316 threshold and damping factor values of the multilink group can 317 also be set using the ACC VSAs described in 2.5, 2.6, 2.7 and 2.8 319 The Acc-ML-MLX-Admin-State attribute indicates if PPP MLX (RFC 320 1934) negotiation is to be attempted on the dial-in link. It may 321 be used in Access-Accept packets only. 323 A summary of the Acc-ML-MLX-Admin-State Attribute format within the 324 ACC vendor-specific attribute is shown below. The fields are 325 transmitted left-to-right. 327 0 1 2 3 328 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 329 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 330 | Type | Length | Value 331 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 332 Value (cont) | 333 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 335 Type 337 10 for Acc-ML-MLX-Admin-State 339 Length 341 6 343 Value 345 The value field is four octets. 347 1 Enabled 348 2 Disabled 350 2.6 Acc-ML-Call-Threshold 352 Description 354 This attribute indicates the call threshold value to be used with 355 the multilink group that is to be configured. It may be used in 356 Access-Accept packets only. See Section 2.5 for more information 357 about this attribute. 359 A summary of the Acc-ML-Call-Threshold Attribute format within the 360 ACC vendor-specific attribute is shown below. The fields are 361 transmitted left-to-right. 363 0 1 2 3 364 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 365 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 366 | Type | Length | Value 367 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 368 Value (cont) | 369 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 371 Type 373 11 for Acc-ML-Call-Threshold 375 Length 377 6 379 Value 381 The value field is four octets. The minimum value is 0 and 382 maximum value is 101. 384 2.7 Acc-ML-Clear-Threshold 386 Description 388 This attribute indicates the clear threshold value to be used with 389 the multilink group that is to be configured. It may be used in 390 Access-Accept packets only. 392 A summary of the Acc-ML-Clear-Threshold Attribute format within the 393 ACC vendor-specific attribute is shown below. The fields are 394 transmitted left-to-right. See Section 2.5 for more information 395 about this attribute. 397 0 1 2 3 398 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 399 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 400 | Type | Length | Value 401 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 402 Value (cont) | 403 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 405 Type 407 12 for Acc-ML-Clear-Threshold 409 Length 411 6 413 Value 415 The value field is four octets. The minimum value is 0 and 416 maximum value is 100. 418 2.8 Acc-ML-Damping-Factor 420 Description 422 This attribute indicates the damping factor value to be used with 423 the multilink group that is to be configured. It may be used in 424 Access-Accept packets only. See Section 2.5 for more information 425 about this attribute. 427 A summary of the Acc-ML-Damping-Factor Attribute format within the 428 ACC vendor-specific attribute is shown below. The fields are 429 transmitted left-to-right. 431 0 1 2 3 432 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 433 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 434 | Type | Length | Value 435 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 436 Value (cont) | 437 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 438 Type 440 13 for Acc-ML-Damping-Factor 442 Length 444 6 446 Value 448 The value field is four octets. The minimum value is 0 and 449 maximum value is 64. 451 2.9 Acc-Tunnel-Secret 453 Description 455 This attribute sets the shared secret to support the CHAP style 456 endpoint authentication used by L2TP [VAL97]. The purpose for this 457 attribute is same as Tunnel-Password [ZOR98], except that Acc- 458 Tunnel-Secret is sent in clear. Therefore, Acc-Tunnel-Secret 459 should only be used if the RADIUS server does not support salt 460 encryption. It may be used in Access-Accept packets only. 462 A summary of the Acc-Tunnel-Secret Attribute format within the ACC 463 vendor- specific attribute is shown below. The fields are transmitted 464 left-to-right. 466 0 1 2 467 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 468 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 469 | Type | Length | String... 470 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 472 Type 474 14 for Acc-Tunnel-Secret 476 Length 478 >= 3 480 String 482 The String field is one or more octets. It is the clear text 483 tunnel secret. 485 2.10 Acc-Service-Profile 487 Description 489 This attribute the service profile to be used on the dial-in link. 490 It may be used in Access-Accept packets only. 492 With the addition of Acc-Service-Profile VSA, RADIUS can identify 493 the Service Profile to be assigned to a dial-in user. This 494 attribute should only be present in an access accept message when 495 the NAS has queried RADIUS prior to answering the call. In this 496 case all RADIUS has is the called number. The service profile 497 identified by this VSA must exist on the NAS in its locally 498 configured Service Profile database. For the regular routing case 499 the service profile indicates that dial-in calls to be routed 500 based on the Destination IP Address received from a dial-in user. 501 This service is used primarily to provide carrier-based Internet 502 access. For the called number routing case, the service profile 503 forces IP dial-in calls to be specifically directed to a VPN 504 customer's network. A service profile may also indicate that 505 Layer 2 Tunneling should be performed for a given dial-in user. 507 A summary of the Acc-Service-Profile Attribute format within the ACC 508 vendor- specific attribute is shown below. The fields are transmitted 509 left-to-right. 511 0 1 2 512 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 513 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 514 | Type | Length | String... 515 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 517 Type 519 17 for Acc-Service-Profile 521 Length 523 >= 3 525 String 527 The String field is one or more octets. It is the name of the 528 service profile. 530 2.11 Acc-Request-Type 531 Description 533 This attribute indicates the type of the Access-Request or 534 Accounting-Request packet. It may be used in Access-Request and 535 Accounting-Request packets only. The attribute values from 1 to 4 536 are used in Access-Request packets, whereas 5 and 6 are used in 537 Accounting-Request packets. 539 An ACC NAS may send an Access-Request packet to the RADIUS server 540 before it answers the call. In this case the User-Name attribute 541 includes the Called Number and the Acc-Request-Type attribute 542 contains the value 1, i.e. Ring-Indication. A special-purpose 543 RADIUS server (or proxy) receiving this message may accept or 544 reject the call based on its policy, e.g. it may reject the call 545 if the quota assigned for this Called Number has been exceeded. 546 This is useful when an ISP or TELCO outsources their dial-in ports 547 to separate customers and partitions the customers by 548 differentiating them based on the number they call in. ACC's VPSM 549 server product is an example for this type of operation. 551 A value of 2 in the Acc-Request-Type field indicates that the NAS 552 is attempting to authorize an outgoing call. A value of 3 553 indicates that the type of access request is for user 554 authentication, which is the default behavior for the RADIUS 555 authentication. A value of 4 indicates that a tunnel 556 authentication is requested by the LAC (L2TP Access Concentrator) 557 in response to a tunnel request from an LNS (L2TP Network Server). 559 This attribute may also be present in Accounting-Request packets. 560 A value of 5 indicates that the Accounting-Request is for a PPP 561 session, whereas a value of 6 indicates that the Accounting- 562 Request is for a tunnel session. The latter case also indicates 563 that this accounting information is being provided for a dial-in 564 session that is not authenticated at the LAC end of the tunnel, 565 but possibly authenticated at the LNS end. 567 A summary of the Acc-Request-Type Attribute format within the ACC 568 vendor- specific attribute is shown below. The fields are transmitted 569 left-to-right. 571 0 1 2 3 572 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 573 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 574 | Type | Length | Value 575 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 576 Value (cont) | 577 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 578 Type 580 18 for Acc-Request-Type 582 Length 584 6 586 Value 588 The value field is four octets. 590 1 Ring Indication 591 2 Dial Request 592 3 User Authentication 593 4 Tunnel Authentication 594 5 User Accounting 595 6 Tunnel Accounting 597 2.12 Acc-Framed-Bridge 599 Description 601 This attribute indicates if Transparent (Ethernet) Bridging should 602 be enabled on the dial-in link. It may be used in Access-Accept 603 packets only. 605 A summary of the Acc-Framed-Bridge Attribute format within the ACC 606 vendor-specific attribute is shown below. The fields are transmitted 607 left-to-right. 609 0 1 2 3 610 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 611 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 612 | Type | Length | Value 613 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 614 Value (cont) | 615 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 617 Type 619 19 for Acc-Framed-Bridge 621 Length 623 6 625 Value 627 The value field is four octets. 629 0 Disabled 630 1 Enabled 632 2.13 Acc-Dns-Server-Pri 634 Description 636 This attribute indicates the primary DNS (Domain Name System) 637 Server Address to be provided to the dial-in user during IPCP 638 negotiation. The IPCP protocol (RFC 1332) [MCG92] provides the 639 option of negotiating the IP addresses of the primary and 640 secondary DNS and NBNS (NetBIOS Name Server) servers. The support 641 for these options is specified by RFC 1877 [COB95]. The Acc-Dns- 642 Server-Pri attribute may be used in Access-Accept packets only. 644 A summary of the Acc-Dns-Server-Pri attribute format within the ACC 645 vendor-specific attribute is shown below. The fields are transmitted 646 left-to-right. 648 0 1 2 3 649 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 650 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 651 | Type | Length | Value 652 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 653 Value (cont) | 654 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 656 Type 658 23 for Acc-Dns-Server-Pri 660 Length 662 6 664 Value 666 The value field is four octets. 668 2.14 Acc-Dns-Server-Sec 670 Description 671 This attribute indicates the secondary DNS (Domain Name System) 672 Server Address to be provided to the dial-in user during IPCP 673 negotiation. The IPCP protocol (RFC 1332) [MCG92] provides the 674 option of negotiating the IP addresses of the primary and 675 secondary DNS and NBNS (NetBIOS Name Server) servers. The support 676 for these options is specified by RFC 1877 [COB95]. The Acc-Dns- 677 Server-Sec attribute may be used in Access-Accept packets only. 679 A summary of the Acc-Dns-Server-Sec attribute format within the ACC 680 vendor-specific attribute is shown below. The fields are transmitted 681 left-to-right. 683 0 1 2 3 684 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 685 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 686 | Type | Length | Value 687 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 688 Value (cont) | 689 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 691 Type 693 24 for Acc-Dns-Server-Sec 695 Length 697 6 699 Value 701 The value field is four octets. 703 2.15 Acc-Nbns-Server-Pri 705 Description 707 This attribute indicates the primary NBNS (NetBIOS Name Server) 708 Address to be provided to the dial-in user during IPCP 709 negotiation. The IPCP protocol (RFC 1332) [MCG92] provides the 710 option of negotiating the IP addresses of the primary and 711 secondary DNS (Domain Name System) and NBNS (NetBIOS Name Server) 712 servers. The support for these options is specified by RFC 1877 713 [COB95]. The Acc-Nbns-Server-Pri attribute may be used in 714 Access-Accept packets only. 716 A summary of the Acc-Nbns-Server-Pri attribute format within the ACC 717 vendor-specific attribute is shown below. The fields are transmitted 718 left-to-right. 720 0 1 2 3 721 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 722 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 723 | Type | Length | Value 724 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 725 Value (cont) | 726 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 728 Type 730 25 for Acc-Nbns-Server-Pri 732 Length 734 6 736 Value 738 The value field is four octets. 740 2.16 Acc-Nbns-Server-Sec 742 Description 744 This attribute indicates the secondary NBNS (NetBIOS Name Server) 745 Address to be provided to the dial-in user during IPCP 746 negotiation. The IPCP protocol (RFC 1332) [MCG92] provides the 747 option of negotiating the IP addresses of the primary and 748 secondary DNS (Domain Name System) and NBNS (NetBIOS Name Server) 749 servers. The support for these options is specified by RFC 1877 750 [COB95]. The Acc-Nbns-Server-Sec attribute may be used in 751 Access-Accept packets only. 753 A summary of the Acc-Nbns-Server-Sec attribute format within the ACC 754 vendor-specific attribute is shown below. The fields are transmitted 755 left-to-right. 757 0 1 2 3 758 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 759 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 760 | Type | Length | Value 761 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 762 Value (cont) | 763 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 765 Type 767 26 for Acc-Nbns-Server-Sec 769 Length 771 6 773 Value 775 The value field is four octets. 777 2.17 Acc-Ip-Compression 779 Description 781 This attribute indicates whether VJ Header Compression should be 782 enabled for the dial-in user's IP traffic. The Acc-Ip-Compression 783 attribute may be used in Access-Accept packets only. 785 A summary of the Acc-Ip-Compression attribute format within the ACC 786 vendor-specific attribute is shown below. The fields are transmitted 787 left-to-right. 789 0 1 2 3 790 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 791 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 792 | Type | Length | Value 793 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 794 Value (cont) | 795 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 797 Type 799 28 for Acc-Ip-Compression 801 Length 803 6 805 Value 807 The value field is four octets. 809 0 Disabled 810 1 Enabled 812 2.18 Acc-Ipx-Compression 814 Description 816 This attribute indicates whether Header Compression should be 817 enabled for the dial-in user's IPX traffic. The Acc-Ipx- 818 Compression attribute may be used in Access-Accept packets only. 820 A summary of the Acc-Ipx-Compression attribute format within the ACC 821 vendor-specific attribute is shown below. The fields are transmitted 822 left-to-right. 824 0 1 2 3 825 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 826 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 827 | Type | Length | Value 828 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 829 Value (cont) | 830 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 832 Type 834 29 for Acc-Ipx-Compression 836 Length 838 6 840 Value 842 The value field is four octets. 844 0 Disabled 845 1 Enabled 847 2.19 Acc-Callback-Delay 849 Description 850 This attribute specifies the delay time in seconds before the 851 remote side is called back. The Acc-Callback-Delay attribute may 852 be used in Access-Accept packets only. 854 A summary of the Acc-Callback-Delay attribute format within the ACC 855 vendor-specific attribute is shown below. The fields are transmitted 856 left-to-right. 858 0 1 2 3 859 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 860 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 861 | Type | Length | Value 862 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 863 Value (cont) | 864 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 866 Type 868 34 for Acc-Callback-Delay 870 Length 872 6 874 Value 876 The value field is four octets. 878 2.19 Acc-Callback-Num-Valid 880 Description 882 This attribute specifies the acceptable callback number for the 883 remote site to be called back. Each dial-in user may be 884 associated with zero or more valid number attributes. If this 885 attribute is not used then the callback will proceed as usual. 886 Also, if the Acc-Callback-Mode (see Section 2.21) is not one of 3 887 (User-Specified-E-164) and 6 (CBCP-Callback) then the valid number 888 filtering will not be performed. Otherwise, if this attribute is 889 returned in an Access-Reply message, then the callback number 890 negotiated from the callback phase will be compared to the numbers 891 in this attribute. Multiple instances (up to 16) of this 892 attribute can be returned in the same Access-Reply message. This 893 attribute contains a string (valid characters: representing a 894 number filter. 'x' and 'X' represent single character wildcards, 895 and '-' character is ignored during filtering. The matching 896 starts from the end of the string. The filter string specified in 897 this attribute must be at least the same length as the callback 898 number (excluding the '-' characters). If the negotiated callback 899 number is determined to be valid then callback will proceed, 900 otherwise no callback will be made. The Acc-Callback-Num-Valid 901 attribute may be used in Access-Accept packets only. 903 A summary of the Acc-Callback-Num-Valid attribute format within the 904 ACC vendor-specific attribute is shown below. The fields are 905 transmitted left-to-right. 907 0 1 2 908 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 909 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 910 | Type | Length | String... 911 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 913 Type 915 35 for Acc-Callback-Num-Valid 917 Length 919 >= 3 921 Value 923 The String field is one or more octets. 925 2.21 Acc-Callback-Mode 927 Description 929 This attribute indicates what type of callback should be performed 930 for the dial-in user. A value of 0 (User-Auth) indicates the 931 callback will depend on the user authentication. A value of 3 932 (User-Specified-E-164) indicates the callback will be done to the 933 user specified callback number. A value of 6 (CBCP-Callback) 934 indicates callback will be negotiated using CBCP. A value of 7 935 (CLI-Callback) indicates CLI (Calling Line Identifier) type 936 callback will be used. The Acc-Callback-Mode attribute may be 937 used in Access-Accept packets only. 939 A summary of the Acc-Callback-Mode attribute format within the ACC 940 vendor-specific attribute is shown below. The fields are transmitted 941 left-to-right. 943 0 1 2 3 944 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 945 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 946 | Type | Length | Value 947 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 948 Value (cont) | 949 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 951 Type 953 36 for Acc-Callback-Mode 955 Length 957 6 959 Value 961 The value field is four octets. 963 0 User-Auth 964 3 User-Specified-E-164 965 6 CBCP-Callback 966 7 CLI-Callback 968 2.22 Acc-Callback-CBCP-Type 970 Description 972 This attribute indicates the type of CBCP to be used for the 973 dial-in user. The Acc-Callback-CBCP-Type attribute may be used in 974 Access-Accept packets only. 976 A summary of the Acc-Callback-CBCP-Type attribute format within the 977 ACC vendor-specific attribute is shown below. The fields are 978 transmitted left-to-right. 980 0 1 2 3 981 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 982 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 983 | Type | Length | Value 984 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 985 Value (cont) | 986 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 988 Type 990 37 for Acc-Callback-CBCP-Type 992 Length 994 6 996 Value 998 The value field is four octets. 1000 CBCP-None 1 1001 CBCP-User-Specified 2 1002 CBCP-Pre-Specified 3 1004 2.23 Acc-Dialout-Auth-Mode 1006 Description 1008 This attribute indicates the type of authentication to be used for 1009 the dialout of the callback session. The Acc-Dialout-Auth-Mode 1010 attribute may be used in Access-Accept packets only. 1012 A summary of the Acc-Dialout-Auth-Mode attribute format within the 1013 ACC vendor-specific attribute is shown below. The fields are 1014 transmitted left-to-right. 1016 0 1 2 3 1017 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1018 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1019 | Type | Length | Value 1020 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1021 Value (cont) | 1022 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1024 Type 1026 38 for Acc-Dialout-Auth-Mode 1028 Length 1030 6 1032 Value 1034 The value field is four octets. 1036 PAP 1 1037 CHAP 2 1038 CHAP-PAP 3 1039 NONE 4 1041 2.24 Acc-Dialout-Auth-Password 1043 Description 1045 This attribute indicates the password to be used for the outgoing 1046 authentication of the callback. The Acc-Dialout-Auth-Password 1047 attribute may be used in Access-Accept packets only. 1049 A summary of the Acc-Dialout-Auth-Password attribute format within 1050 the ACC vendor-specific attribute is shown below. The fields are 1051 transmitted left-to-right. 1053 0 1 2 1054 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 1055 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1056 | Type | Length | String... 1057 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1059 Type 1061 36 for Acc-Dialout-Auth-Password 1063 Length 1065 >= 3 1067 Value 1069 The String field is one or more octets. 1071 2.25 Acc-Dialout-Auth-Username 1072 Description 1074 This attribute indicates the username to be used for the outgoing 1075 authentication of the callback. The Acc-Dialout-Auth-Username 1076 attribute may be used in Access-Accept packets only. 1078 A summary of the Acc-Dialout-Auth-Username attribute format within 1079 the ACC vendor-specific attribute is shown below. The fields are 1080 transmitted left-to-right. 1082 0 1 2 1083 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 1084 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1085 | Type | Length | String... 1086 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1088 Type 1090 37 for Acc-Dialout-Auth-Username 1092 Length 1094 >= 3 1096 Value 1098 The String field is one or more octets. 1100 2.26 Acc-Access-Community 1102 Description 1104 This attribute indicates SNMP community name for the RADIUS 1105 authenticated console login session. The Acc-Access-Community 1106 attribute may be used in Access-Accept packets only. 1108 A summary of the Acc-Access-Community attribute format within the ACC 1109 vendor-specific attribute is shown below. The fields are transmitted 1110 left-to-right. 1112 0 1 2 3 1113 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1115 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1116 | Type | Length | Value 1117 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1118 Value (cont) | 1119 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1121 Type 1123 42 for Acc-Access-Community 1125 Length 1127 6 1129 Value 1131 The value field is four octets. 1133 PUBLIC 1 1134 NETMAN 2 1136 3. ACC's Radius Accounting Attributes 1138 The table below indicates how the accounting vendor-specific 1139 attributes are used in the accounting request packets. The attributes 1140 with (*) are accounting specific attributes. An X indicates in which 1141 type of Accounting-Request packet the attribute may be included. 1142 Note that any Accounting-Request packet may include a copy of all the 1143 configuration attributes. 1145 +-------------------------------+--------+-------+------+---------+ 1146 | Attribute Name | Number | Start | Stop | Interim | 1147 +-------------------------------+--------+-------+------+---------+ 1148 | Acc-Reason-Code (*) | 1 | | X | | 1149 | Acc-Ccp-Option | 2 | | | | 1150 | Acc-Input-Errors (*) | 3 | | X | X | 1151 | Acc-Output-Errors (*) | 4 | | X | X | 1152 | Acc-Access-Partition (*) | 5 | X | X | X | 1153 | Acc-Customer-Id (*) | 6 | X | X | X | 1154 | Acc-Ip-Gateway-Pri | 7 | | | | 1155 | Acc-Ip-Gateway-Sec | 8 | | | | 1156 | Acc-Route-Policy | 9 | | | | 1157 | Acc-ML-MLX-Admin-State | 10 | | | | 1158 | Acc-ML-Call-Threshold | 11 | | | | 1159 | Acc-ML-Clear-Threshold | 12 | | | | 1160 | Acc-ML-Damping-Factor | 13 | | | | 1161 | Acc-Clearing-Cause (*) | 15 | | X | | 1162 | Acc-Clearing-Location (*) | 16 | | X | | 1163 | Acc-Service-Profile | 17 | X | X | X | 1164 | Acc-Request-Type | 18 | X | X | X | 1165 | Acc-Framed-Bridge | 19 | | | | 1166 | Acc-Vpsm-Oversubscribed (*) | 20 | X | X | | 1167 | Acc-Acct-On-Off-Reason (*) | 21 | | | | 1168 | Acc-Tunnel-Port (*) | 22 | X | X | X | 1169 | Acc-Dns-Server-Pri | 23 | | | | 1170 | Acc-Dns-Server-Sec | 24 | | | | 1171 | Acc-Nbns-Server-Pri | 25 | | | | 1172 | Acc-Nbns-Server-Sec | 26 | | | | 1173 | Acc-Dial-Port-Index (*) | 27 | X | X | X | 1174 | Acc-Ip-Compression | 28 | | | | 1175 | Acc-Ipx-Compression | 29 | | | | 1176 | Acc-Connect-Tx-Speed (*) | 30 | X | X | X | 1177 | Acc-Connect-Rx-Speed (*) | 31 | X | X | X | 1178 | Acc-Modem-Modulation-Type (*) | 32 | X | X | X | 1179 | Acc-Modem-Error-Protocol (*) | 33 | X | X | X | 1180 | Acc-Callback-Delay | 34 | | | | 1181 | Acc-Callback-Num-Valid | 35 | | | | 1182 | Acc-Callback-Mode | 36 | | | | 1183 | Acc-Callback-CBCP-Type | 37 | | | | 1184 | Acc-Dialout-Auth-Mode | 38 | | | | 1185 | Acc-Dialout-Auth-Password | 39 | | | | 1186 | Acc-Dialout-Auth-UserName | 40 | | | | 1187 | Acc-Access-Community | 42 | | | | 1188 +-------------------------------+--------+-------+------+---------+ 1190 3.1 Acc-Reason-Code 1192 Description 1193 This attribute provides an extension to the standard Acct- 1194 Terminate-Cause attribute. It provides more detail on the 1195 termination reason for a call. 1197 A summary of the Acc-Reason-Code Attribute format within the ACC 1198 vendor- specific attribute is shown below. The fields are transmitted 1199 left-to-right. 1201 0 1 2 3 1202 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1203 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1204 | Type | Length | Value 1205 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1206 Value (cont) | 1207 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1209 Type 1211 1 for Acc-Reason-Code 1213 Length 1215 6 1217 Value 1219 The value field is four octets. 1221 0 no reason given/no failure 1222 1 resource shortage 1223 2 session already open 1224 3 too many RADIUS users 1225 4 no authentication server 1226 5 no authentication response 1227 6 no accounting server 1228 7 no accounting response 1229 8 access denied 1230 9 temporary buffer shortage 1231 10 protocol error 1232 11 invalid attribute 1233 12 invalid service type 1234 13 invalid framed protocol 1235 14 invalid attribute value 1236 15 invalid user information 1237 16 invalid IP address 1238 17 invalid integer syntax 1239 18 invalid NAS port 1240 19 requested by user 1241 20 network disconnect 1242 21 service interruption 1243 22 physical port error 1244 23 idle timeout 1245 24 session timeout 1246 25 administrative reset 1247 26 NAS reload or reset 1248 27 NAS error 1249 28 NAS request 1250 29 undefined reason given 1251 30 conflicting attributes 1252 31 port limit exceeded 1253 32 facility not available 1254 33 internal configuration error 1255 34 bad route specification 1256 35 Access Partition bind failure 1257 36 security violation 1258 37 request type conflict 1259 38 configuration disallowed 1260 39 missing attribute 1261 40 invalid request 1262 41 missing parameter 1263 42 invalid parameter 1264 43 call cleared with cause 1265 44 inopportune config request 1266 45 invalid config parameter 1267 46 missing config parameter 1268 47 incompatible service profile 1269 48 administrative reset 1270 49 administrative reload 1271 50 port unneeded 1272 51 port preempted 1273 52 port suspended 1274 53 service unavailable 1275 54 callback 1276 55 user error 1277 56 host request 1279 3.2 Acc-Input-Errors 1281 Description 1283 This attribute indicates the number of receive errors on the 1284 physical port the dial- in user was connected to. 1286 A summary of the Acc-Input-Errors Attribute format within the ACC 1287 vendor- specific attribute is shown below. The fields are transmitted 1288 left-to-right. 1290 0 1 2 3 1291 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1292 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1293 | Type | Length | Value 1294 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1295 Value (cont) | 1296 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1298 Type 1300 3 for Acc-Input-Errors 1302 Length 1304 6 1306 Value 1308 The value field is four octets. 1310 3.3 Acc-Output-Errors 1312 Description 1314 This attribute indicates the number of send errors on the physical 1315 port the dial-in user was connected to. 1317 A summary of the Acc-Output-Errors Attribute format within the ACC 1318 vendor- specific attribute is shown below. The fields are transmitted 1319 left-to-right. 1321 0 1 2 3 1322 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1323 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1324 | Type | Length | Value 1325 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1326 Value (cont) | 1327 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1329 Type 1330 4 for Acc-Output-Errors 1332 Length 1334 6 1336 Value 1338 The value field is four octets. 1340 3.4 Acc-Access-Partition 1342 Description 1344 This attribute specifies the name of the Access Partition the 1345 dial-in user is assigned to. Access Partitioning [ACC97a] gives 1346 carriers the ability to partition dial-in resources and assign 1347 these partitions to dial-in Virtual Private Networks. 1349 A summary of the Acc-Access-Partition Attribute format within the ACC 1350 vendor- specific attribute is shown below. The fields are transmitted 1351 left-to-right. 1353 0 1 2 1354 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 1355 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1356 | Type | Length | String... 1357 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1359 Type 1361 5 for Acc-Access-Partition 1363 Length 1365 >= 3 1367 String 1369 The String field is one or more octets. 1371 3.5 Acc-Customer-Id 1373 Description 1375 This attribute specifies the Id of the Customer the dial-in user 1376 is associated with. 1378 A summary of the Acc-Customer-Id Attribute format within the ACC 1379 vendor- specific attribute is shown below. The fields are transmitted 1380 left-to-right. 1382 0 1 2 1383 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 1384 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1385 | Type | Length | String... 1386 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1388 Type 1390 6 for Acc-Customer-Id 1392 Length 1394 >= 3 1396 Value 1398 The String field is one or more octets. 1400 3.6 Acc-Clearing-Cause 1402 Description 1404 This attribute provides an extension to the Acc-Reason-Code 1405 attribute. It provides more detail if Acc-Reason-Code indicates 1406 Call-Cleared-With-Cause (43). 1408 A summary of the Acc-Clearing-Cause Attribute format within the ACC 1409 vendor- specific attribute is shown below. The fields are transmitted 1410 left-to-right. 1412 0 1 2 3 1413 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1414 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1415 | Type | Length | Value 1416 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1417 Value (cont) | 1418 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1419 Type 1421 15 for Acc-Clearing-Cause 1423 Length 1425 6 1427 Value 1429 The value field is four octets. 1431 0 cause unspecified 1432 1 unassigned number 1433 2 no route to transit network 1434 3 no route to destination 1435 6 channel unacceptable 1436 7 call awarded being delivered 1437 16 normal clearing 1438 17 user busy 1439 18 no user responding 1440 19 user alerted no answer 1441 21 call rejected 1442 22 number changed 1443 26 non selected user clearing 1444 27 destination out of order 1445 28 invalid or incomplete number 1446 29 facility rejected 1447 30 response to status inquiry 1448 31 normal unspecified cause 1449 34 no circuit or channel available 1450 38 network out of order 1451 41 temporary failure 1452 42 switching equipment congestion 1453 43 access information discarded 1454 44 circuit or channel unavailable 1455 45 circuit or channel preempted 1456 47 resources unavailable 1457 49 quality of service unavailable 1458 50 facility not subscribed 1459 52 outgoing calls barred 1460 54 incoming calls barred 1461 57 bearer capability unauthorized 1462 58 bearer capability not available 1463 63 service not available 1464 65 bearer capability not implemented 1465 66 channel type not implemented 1466 69 facility not implemented 1467 70 restricted digital information only 1468 79 service not implemented 1469 81 invalid call reference 1470 82 identified channel does not exist 1471 83 call identity does not exist 1472 84 call identity in use 1473 85 no call suspended 1474 86 suspended call cleared 1475 88 incompatible destination 1476 91 invalid transit network selection 1477 95 invalid message 1478 96 mandatory information element missing 1479 97 message not implemented 1480 98 inopportune message 1481 99 information element not implemented 1482 100 invalid information element contents 1483 101 message incompatible with state 1484 102 recovery on timer expiration 1485 103 mandatory information element length error 1486 111 protocol error 1487 127 interworking 1489 3.7 Acc-Clearing-Location 1491 Description 1493 This attribute provides an extension to the Acc-Reason-Code 1494 attribute. It provides detail on where the call has been cleared. 1496 A summary of the Acc-Clearing-Location Attribute format within the 1497 ACC vendor-specific attribute is shown below. The fields are 1498 transmitted left-to-right. 1500 0 1 2 3 1501 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1502 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1503 | Type | Length | Value 1504 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1505 Value (cont) | 1506 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1508 Type 1510 16 for Acc-Clearing-Location 1512 Length 1513 6 1515 Value 1517 The value field is four octets 1519 0 local or remote user 1520 1 private network serving local user 1521 2 public network serving local user 1522 3 transit network 1523 4 private network serving remote user 1524 5 public network serving remote user 1525 6 international network 1526 10 beyond interworking point 1528 3.8 Acc-Vpsm-Oversubscribed 1530 Description 1532 This attribute is specific to ACC's VPSM (Virtual Port Service 1533 Manager) server software. VPSM runs as a proxy RADIUS server 1534 between an ACC NAS and a home RADIUS server. If the VPSM server 1535 detects that this connection caused the corresponding Access 1536 Partition quota to be exceeded, the Accounting-Start record for 1537 the connection will include the Acc-Vpsm-Oversubscribed attribute 1538 with a value of 2 (True). 1540 A summary of the Acc-Vpsm-Oversubscribed Attribute format within the 1541 ACC vendor-specific attribute is shown below. The fields are 1542 transmitted left-to-right. 1544 0 1 2 3 1545 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1546 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1547 | Type | Length | Value 1548 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1549 Value (cont) | 1550 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1552 Type 1554 20 for Acc-Vpsm-Oversubscribed 1556 Length 1558 6 1560 Value 1562 The value field is four octets. 1564 1 False 1565 2 True 1567 3.9 Acc-Acct-On-Off-Reason 1569 Description 1571 This attribute provides a reason code for why the Accounting-On or 1572 Accounting- Off message is sent. 1574 A summary of the Acc-Acct-On-Off-Reason Attribute format within the 1575 ACC vendor-specific attribute is shown below. The fields are 1576 transmitted left-to-right. 1578 0 1 2 3 1579 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1580 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1581 | Type | Length | Value 1582 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1583 Value (cont) | 1584 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1586 Type 1588 21 for Acc-Acct-On-Off-Reason 1590 Length 1592 6 1594 Value 1596 The value field is four octets. 1598 0 NAS Reset 1599 1 NAS Reload 1600 2 Configuration Reset 1601 3 Configuration Reload 1602 4 Enabled 1603 5 Disabled 1605 3.10 Acc-Tunnel-Port 1606 Description 1608 This attribute indicates the index of the Tunnel Port the dial-in 1609 user is connected to. 1611 A summary of the Acc-Tunnel-Port attribute format within the ACC 1612 vendor-specific attribute is shown below. The fields are transmitted 1613 left-to-right. 1615 0 1 2 3 1616 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1617 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1618 | Type | Length | Value 1619 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1620 Value (cont) | 1621 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1623 Type 1625 22 for Acc-Tunnel-Port 1627 Length 1629 6 1631 Value 1633 The value field is four octets. 1635 3.11 Acc-Dial-Port-Index 1637 Description 1639 This attribute indicates the index of the Dial Port the dial-in 1640 user is connected to. 1642 A summary of the Acc-Dial-Port-Index attribute format within the ACC 1643 vendor-specific attribute is shown below. The fields are transmitted 1644 left-to-right. 1646 0 1 2 3 1647 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1648 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1649 | Type | Length | Value 1650 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1651 Value (cont) | 1652 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1654 Type 1656 27 for Acc-Dial-Port-Index 1658 Length 1660 6 1662 Value 1664 The value field is four octets. 1666 3.12 Acc-Connect-Tx-Speed 1668 Description 1670 This attribute indicates the transmit speed that is negotiated on 1671 the NAS port for this dial-in connection. 1673 A summary of the Acc-Connect-Tx-Speed attribute format within the ACC 1674 vendor-specific attribute is shown below. The fields are transmitted 1675 left-to-right. 1677 0 1 2 3 1678 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1679 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1680 | Type | Length | Value 1681 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1682 Value (cont) | 1683 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1685 Type 1687 30 for Acc-Connect-Tx-Speed 1689 Length 1690 6 1692 Value 1694 The value field is four octets. 1696 3.13 Acc-Connect-Rx-Speed 1698 Description 1700 This attribute indicates the receive speed that is negotiated on 1701 the NAS port for this dial-in connection. 1703 A summary of the Acc-Connect-Rx-Speed attribute format within the ACC 1704 vendor-specific attribute is shown below. The fields are transmitted 1705 left-to-right. 1707 0 1 2 3 1708 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1709 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1710 | Type | Length | Value 1711 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1712 Value (cont) | 1713 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1715 Type 1717 31 for Acc-Connect-Rx-Speed 1719 Length 1721 6 1723 Value 1725 The value field is four octets. 1727 3.14 Acc-Modem-Modulation-Type 1729 Description 1731 This attribute indicates the modem modulation type that is used on 1732 the NAS port for this dial-in connection. 1734 A summary of the Acc-Modem-Modulation-Type attribute format within 1735 the ACC vendor-specific attribute is shown below. The fields are 1736 transmitted left-to-right. 1738 0 1 2 1739 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 1740 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1741 | Type | Length | String... 1742 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1744 Type 1746 32 for Acc-Modem-Modulation-Type 1748 Length 1750 >=3 1752 Value 1754 The value field is four octets. 1756 3.15 Acc-Modem-Error-Protocol 1758 Description 1760 This attribute indicates the modem error protocol that is used on 1761 the NAS port for this dial-in connection. 1763 A summary of the Acc-Modem-Error-Protocol attribute format within the 1764 ACC vendor-specific attribute is shown below. The fields are 1765 transmitted left-to-right. 1767 0 1 2 1768 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 1769 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1770 | Type | Length | String... 1771 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1773 Type 1775 33 for Acc-Modem-Error-Protocol 1777 Length 1779 >=3 1781 Value 1783 The value field is four octets. 1785 4. Security Considerations 1787 Security issues regarding the RADIUS protocol are discussed in RFC 1788 2138 [RIG97a] and RFC 2139 [RIG97b]. The use of Acc-Tunnel-Secret 1789 attribute is insecure. The Tunnel-Password attribute, defined in 1790 [ZOR98], should be used whenever possible and Acc-Tunnel-Secret 1791 attribute should only be used if the RADIUS server does not support 1792 salt encryption. 1794 5. References 1796 [ACC97a] "Access Partitioning" White Paper, 1797 http://www.acc.com/internet/whitepapers/ 1798 accesspartitioning.html, ACC, August 1997 1800 [ACC97b] "RADIUS Implementation" White Paper, 1801 http://www.acc.com/internet/whitepapers/ 1802 radiusimp.html, ACC, January 1998 1804 [COB95] Cobb, S., PPP Internet Protocol Control Protocol 1805 Extensions for Name Server Addresses, 1806 RFC 1877, Microsoft, December 1995. 1808 [GID94] Gidwani, N., Proposal for Callback Control Protocol (CBCP), 1809 draft-ietf-pppext-callback-cp-02.txt, Microsoft, July 1994. 1811 [MCG92] McGregor, G., PPP Internet Control Protocol", 1812 RFC 1332, Merit, May 1992. 1814 [RAN96] Rand, D., The PPP Compression Control Protocol (CCP), 1815 RFC 1962, Novell, June 1996. 1817 [RIG97a] Rigney, C., Remote Authentication Dial In User Service 1818 (RADIUS), RFC 2138, Livingston, April 1997. 1820 [RIG97b] Rigney, C., et al, RADIUS Accounting, 1821 RFC 2139, Livingston, April 1997. 1823 [SIM98] Simpson, W., PPP LCP CallBack, 1824 draft-ietf-pppext-callback-ds-02.txt, Daydreamer, August 1998. 1826 [SKL96] Sklower, K., et al, The PPP Multilink Protocol (MP), 1827 RFC 1990, UC Berkeley, August 1996. 1829 [SMI96] Smith, K., Ascend's Multilink Protocol Plus (MP+), 1830 Ascend, RFC 1934, August 1996. 1832 [VAL97] Valencia, et al., Layer Two Tunneling Protocol (L2TP), 1833 draft-ietf-pppext-l2tp-06.txt, June 1997. 1835 [ZOR98] Zorn, G., et al, RADIUS Attributes for Tunnel 1836 Protocol Support, draft-ietf-radius-tunnel-auth-05.txt, 1837 Microsoft-Ascend-Shiva, April 1998. 1839 6. Expiration Date 1841 This document expires June 18, 1999. 1843 7. Author's Address 1845 Koral Ilgun 1846 ACC/Ericsson Datacom Access 1847 340 Storke Road 1848 Santa Barbara, CA 93117 1850 Phone: (805) 961-0279 1852 EMail: koral@acc.com