idnits 2.17.1 draft-ilgun-radius-accvsa-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. == It seems as if not all pages are separated by form feeds - found 0 form feeds but 48 pages Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** There are 3 instances of too long lines in the document, the longest one being 4 characters in excess of 72. == There are 1 instance of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. Miscellaneous warnings: ---------------------------------------------------------------------------- == Unrecognized Status in 'Category: Internet Draft', assuming Proposed Standard (Expected one of 'Standards Track', 'Full Standard', 'Draft Standard', 'Proposed Standard', 'Best Current Practice', 'Informational', 'Experimental', 'Informational', 'Historic'.) -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (20 October 1999) is 8956 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'GID94' is defined on line 2056, but no explicit reference was found in the text == Unused Reference: 'SIM98' is defined on line 2071, but no explicit reference was found in the text -- Possible downref: Non-RFC (?) normative reference: ref. 'EDA97a' -- Possible downref: Non-RFC (?) normative reference: ref. 'EDA97b' ** Downref: Normative reference to an Informational RFC: RFC 1877 (ref. 'COB95') -- Possible downref: Normative reference to a draft: ref. 'GID94' ** Obsolete normative reference: RFC 2138 (ref. 'RIG97a') (Obsoleted by RFC 2865) ** Obsolete normative reference: RFC 2139 (ref. 'RIG97b') (Obsoleted by RFC 2866) -- Possible downref: Normative reference to a draft: ref. 'SIM98' ** Downref: Normative reference to an Informational RFC: RFC 1934 (ref. 'SMI96') == Outdated reference: A later version (-16) exists of draft-ietf-pppext-l2tp-06 == Outdated reference: A later version (-08) exists of draft-ietf-radius-tunnel-auth-05 ** Downref: Normative reference to an Informational draft: draft-ietf-radius-tunnel-auth (ref. 'ZOR98') Summary: 12 errors (**), 0 flaws (~~), 7 warnings (==), 6 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Network Working Group Koral Ilgun 2 INTERNET-DRAFT Ericsson Datacom Access 3 Category: Internet Draft 4 Title: draft-ilgun-radius-accvsa-02.txt 5 Date: 20 October 1999 6 Expires: 20 April 2000 8 RADIUS Vendor Specific Attributes for Ericsson Datacom Access 10 Status of this Memo 12 This document is an Internet-Draft and is in full conformance with 13 all provisions of Section 10 of RFC2026. 15 Internet-Drafts are working documents of the Internet Engineering 16 Task Force (IETF), its areas, and its working groups. Note that 17 other groups may also distribute working documents as Internet- 18 Drafts. 20 Internet-Drafts are draft documents valid for a maximum of six months 21 and may be updated, replaced, or obsoleted by other documents at any 22 time. It is inappropriate to use Internet-Drafts as reference 23 material or to cite them other than as ``work in progress.'' 25 The list of current Internet-Drafts can be accessed at 26 http://www.ietf.org/ietf/lid-abstracts.txt 28 To view the list of Internet-Draft Shadow directories, see 29 http://www.ietf.org/shadow.html 31 The distribution of this memo is unlimited. It is filed as , and expires April 20, 2000. Please send 33 comments to the author. 35 Abstract 37 This document describes vendor specific attributes for carrying 38 authentication, authorization and accounting information between an 39 Ericsson Datacom Access Network Access Server (NAS) and an 40 Authentication/Accounting Server using the Remote Authentication Dial 41 In User Service (RADIUS) protocol described in RFC 2058 and RFC 2059. 43 Table of Contents 45 1. Introduction ........................................... 4 47 2. Ericsson Datacom Access Radius Authentication Attributes 4 48 2.1 Acc-Ccp-Option ..................................... 5 49 2.2 Acc-Ip-Gateway-Pri ................................. 6 50 2.3 Acc-Ip-Gateway-Sec ................................. 7 51 2.4 Acc-Route-Policy ................................... 8 52 2.5 Acc-ML-MLX-Admin-State ............................. 9 53 2.6 Acc-ML-Call-Threshold .............................. 10 54 2.7 Acc-ML-Clear-Threshold ............................. 11 55 2.8 Acc-ML-Damping-Factor .............................. 11 56 2.9 Acc-Tunnel-Secret ................................. 12 57 2.10 Acc-Service-Profile ................................ 13 58 2.11 Acc-Request-Type .................................. 14 59 2.12 Acc-Framed-Bridge .................................. 15 60 2.13 Acc-Dns-Server-Pri ................................. 16 61 2.14 Acc-Dns-Server-Sec ................................. 17 62 2.15 Acc-Nbns-Server-Pri ................................ 18 63 2.16 Acc-Nbns-Server-Sec ................................ 18 64 2.17 Acc-Ip-Compression ................................. 19 65 2.18 Acc-Ipx-Compression ................................ 20 66 2.19 Acc-Callback-Delay ................................. 21 67 2.20 Acc-Callback-Num-Valid ............................. 22 68 2.21 Acc-Callback-Mode .................................. 23 69 2.22 Acc-Callback-CBCP-Type ............................. 24 70 2.23 Acc-Dialout-Auth-Mode .............................. 24 71 2.24 Acc-Dialout-Auth-Password .......................... 25 72 2.25 Acc-Dialout-Auth-Username .......................... 26 73 2.26 Acc-Access-Community ............................... 27 74 2.27 Acc-Vpsm-Reject-Cause .............................. 27 75 2.28 Acc-Ace-Token ...................................... 28 76 2.29 Acc-Ace-Token-Ttl .................................. 29 77 2.30 Acc-Ip-Pool-Name ................................... 30 78 2.31 Acc-Igmp-Admin-State ............................... 31 79 2.32 Acc-Igmp-Version ................................... 32 81 3. Ericsson Datacom Access Radius Accounting Attributes ..... 32 82 3.1 Acc-Reason-Code .................................... 34 83 3.2 Acc-Input-Errors ................................... 36 84 3.3 Acc-Output-Errors .................................. 36 85 3.4 Acc-Access-Partition ............................... 37 86 3.5 Acc-Customer-Id .................................... 38 87 3.6 Acc-Clearing-Cause ................................. 38 88 3.7 Acc-Clearing-Location .............................. 40 89 3.8 Acc-Vpsm-Oversubscribed ............................ 41 90 3.9 Acc-Acct-On-Off-Reason ............................. 42 91 3.10 Acc-Tunnel-Port .................................... 43 92 3.11 Acc-Dial-Port-Index ................................ 44 93 3.12 Acc-Connect-Tx-Speed ............................... 44 94 3.13 Acc-Connect-Rx-Speed ............................... 45 95 3.14 Acc-Modem-Modulation-Type .......................... 46 96 3.15 Acc-Modem-Error-Protocol ........................... 46 98 4. Security Considerations .................................. 47 100 5. References ............................................... 47 102 6. Expiration Date .......................................... 48 104 7. Author's Address ......................................... 48 106 1. Introduction 108 The Remote Authentication Dial In User Service (RADIUS) protocol is 109 specified by the RADIUS Working Group of the Internet Engineering 110 Task Force (IETF). There are two specifications that make up the 111 RADIUS protocol suite: Authentication [RIG97a] and Accounting 112 [RIG97b]. These protocols aim to centralize authentication, 113 configuration, and accounting of dial-in services to an independent 114 server. 116 Ericsson Datacom Access has implemented RADIUS authentication and 117 accounting for its Network Access Server family of router products. 118 This document provides details of Ericsson Datacom Access's RADIUS 119 implementation, in particular the use of Vendor Specific Attributes 120 (VSAs). It is intended as a guide for using the RADIUS protocol for 121 Ericsson Datacom Access products. Ericsson Datacom Access's VSAs use 122 a vendor Id of 5. For more information on Ericsson Datacom Access's 123 RADIUS implementation, see the white paper [EDA97b]. 125 2. Ericsson Datacom Access Radius Authentication Attributes 127 The table below indicates how the authentication vendor-specific 128 attributes are used in the access request and response packets. 130 +---------------------------+----+-----+--------+--------+------+ 131 | Attribute Name | # | Req | Accept | Reject | Chal | 132 +---------------------------+----+-----+--------+--------+------+ 133 | Acc-Ccp-Option | 2 | | X | | | 134 | Acc-Ip-Gateway-Pri | 7 | | X | | | 135 | Acc-Ip-Gateway-Sec | 8 | | X | | | 136 | Acc-Route-Policy | 9 | | X | | | 137 | Acc-ML-MLX-Admin-State | 10 | | X | | | 138 | Acc-ML-Call-Threshold | 11 | | X | | | 139 | Acc-ML-Clear-Threshold | 12 | | X | | | 140 | Acc-ML-Damping-Factor | 13 | | X | | | 141 | Acc-Tunnel-Secret | 14 | | X | | | 142 | Acc-Service-Profile | 17 | | X | | | 143 | Acc-Request-Type | 18 | X | | | | 144 | Acc-Framed-Bridge | 19 | | X | | | 145 | Acc-Dns-Server-Pri | 23 | | X | | | 146 | Acc-Dns-Server-Sec | 24 | | X | | | 147 | Acc-Nbns-Server-Pri | 25 | | X | | | 148 | Acc-Nbns-Server-Sec | 26 | | X | | | 149 | Acc-Ip-Compression | 28 | | X | | | 150 | Acc-Ipx-Compression | 29 | | X | | | 151 | Acc-Callback-Delay | 34 | | X | | | 152 | Acc-Callback-Num-Valid | 35 | | X | | | 153 | Acc-Callback-Mode | 36 | | X | | | 154 | Acc-Callback-CBCP-Type | 37 | | X | | | 155 | Acc-Dialout-Auth-Mode | 38 | | X | | | 156 | Acc-Dialout-Auth-Password | 39 | | X | | | 157 | Acc-Dialout-Auth-UserName | 40 | | X | | | 158 | Acc-Access-Community | 42 | | X | | | 159 | Acc-Vpsm-Reject-Cause | 43 | | | X | | 160 | Acc-Ace-Token | 44 | X | | | X | 161 | Acc-Ace-Token-Ttl | 45 | | X | | | 162 | Acc-Ip-Pool-Name | 46 | | X | | | 163 | Acc-Igmp-Admin-State | 47 | | X | | | 164 | Acc-Igmp-Version | 48 | | X | | | 165 +---------------------------+----+-----+--------+--------+------+ 167 2.1 Acc-Ccp-Option 169 Description 171 This attribute indicates if PPP CCP [RAN96] compression 172 negotiation is to be attempted on the dial-in link. It may be used 173 in Access-Accept packets only. 175 A summary of the Acc-Ccp-Option Attribute format within the Ericsson 176 Datacom Access vendor- specific attribute is shown below. The fields 177 are transmitted left-to-right. 179 0 1 2 3 180 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 181 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 182 | Type | Length | Value 183 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 184 Value (cont) | 185 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 187 Type 189 2 for Acc-Ccp-Option 191 Length 193 6 195 Value 197 The value field is four octets. 199 1 Disabled 200 2 Enabled 202 2.2 Acc-Ip-Gateway-Pri 204 Description 206 This attribute defines the next hop IP address where the dial-in 207 user's data packets should be directed to. This address could be 208 a router that is directly attached to a VPN (Virtual Private 209 Network) customer's network or to a router that forwards the 210 packet to its final destination based on the Source IP Address. It 211 may be used in Access-Accept packets only. 213 A summary of the Acc-Ip-Gateway-Pri Attribute format within the 214 Ericsson Datacom Access vendor- specific attribute is shown below. 215 The fields are transmitted left-to-right. 217 0 1 2 3 218 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 219 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 220 | Type | Length | Address 221 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 222 Address (cont) | 223 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 225 Type 227 7 for Acc-Ip-Gateway-Pri 229 Length 231 6 233 Address 235 The Address field is a four octet IP Address. 237 2.3 Acc-Ip-Gateway-Sec 239 Description 241 Similar to Acc-Ip-Gateway-Pri described in Section 2.2, this 242 attribute defines the next hop IP address in case the Acc-Ip- 243 Gateway-Pri is unreachable. It may be used in Access-Accept 244 packets only. 246 A summary of the Acc-Ip-Gateway-Sec Attribute format within the 247 Ericsson Datacom Access vendor- specific attribute is shown below. 248 The fields are transmitted left-to-right. 250 0 1 2 3 251 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 252 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 253 | Type | Length | Address 254 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 255 Address (cont) | 256 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 258 Type 260 8 for Acc-Ip-Gateway-Sec 262 Length 264 6 266 Address 268 The Address field is a four octet IP Address. 270 2.4 Acc-Route-Policy 272 Description 274 This attribute indicates the route policy to be used with Access 275 Partitioning [EDA97a]. Access Partitioning gives carriers the 276 ability to partition dial-in resources and assign these partitions 277 to dial-in Virtual Private Networks. If the Acc-Route-Policy 278 attribute is set to Direct (2) two dial-in links belonging to the 279 same Access Partition can route directly to each other without 280 going through the IP home gateway. If this attribute is not 281 defined or set to Funnel (1), it means all packets received from 282 the dial-in user of this access partition will be forwarded to the 283 designated home gateway. It may be used in Access-Accept packets 284 only. 286 A summary of the Acc-Route-Policy Attribute format within the 287 Ericsson Datacom Access vendor- specific attribute is shown below. 288 The fields are transmitted left-to-right. 290 0 1 2 3 291 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 292 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 293 | Type | Length | Value 294 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 295 Value (cont) | 296 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 298 Type 300 9 for Acc-Route-Policy 302 Length 304 6 306 Value 307 The value field is four octets. 309 1 Funnel 310 2 Direct 312 2.5 Acc-ML-MLX-Admin-State 314 Description 316 If the standard Port-Limit attribute is configured for the dial-in 317 user on the RADIUS server, the Ericsson Datacom Access NAS 318 attempts to place the dial-in user in a multilink group. The 319 Port-Limit attribute defines the maximum number of members the 320 multilink group can have. All members of the multilink group must 321 have the same dial-in user name. When the first member of a 322 multilink group calls in, a multilink group is created on receipt 323 of the access-accept with the Port-Limit attribute configured. The 324 multilink group exists for as long as there is a call up in the 325 multilink group. When the last call in the multilink group is 326 cleared, the multilink group is deleted. When subsequent links in 327 the multilink group call in, they are added to the multilink 328 group. The multilink group uses the IETF standard PPP Multilink 329 protocol [SKL96]. The MLX (also known as MP+ [SMI96]) 330 administrative state, call threshold, clear threshold and damping 331 factor values of the multilink group can also be set using the 332 Ericsson Datacom Access VSAs described in 2.5, 2.6, 2.7 and 2.8 334 The Acc-ML-MLX-Admin-State attribute indicates if PPP MLX (RFC 335 1934) negotiation is to be attempted on the dial-in link. It may 336 be used in Access-Accept packets only. 338 A summary of the Acc-ML-MLX-Admin-State Attribute format within the 339 Ericsson Datacom Access vendor-specific attribute is shown below. The 340 fields are transmitted left-to-right. 342 0 1 2 3 343 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 344 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 345 | Type | Length | Value 346 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 347 Value (cont) | 348 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 350 Type 351 10 for Acc-ML-MLX-Admin-State 353 Length 355 6 357 Value 359 The value field is four octets. 361 1 Enabled 362 2 Disabled 364 2.6 Acc-ML-Call-Threshold 366 Description 368 This attribute indicates the call threshold value to be used with 369 the multilink group that is to be configured. It may be used in 370 Access-Accept packets only. See Section 2.5 for more information 371 about this attribute. 373 A summary of the Acc-ML-Call-Threshold Attribute format within the 374 Ericsson Datacom Access vendor-specific attribute is shown below. The 375 fields are transmitted left-to-right. 377 0 1 2 3 378 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 379 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 380 | Type | Length | Value 381 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 382 Value (cont) | 383 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 385 Type 387 11 for Acc-ML-Call-Threshold 389 Length 391 6 393 Value 395 The value field is four octets. The minimum value is 0 and 396 maximum value is 101. 398 2.7 Acc-ML-Clear-Threshold 400 Description 402 This attribute indicates the clear threshold value to be used with 403 the multilink group that is to be configured. It may be used in 404 Access-Accept packets only. 406 A summary of the Acc-ML-Clear-Threshold Attribute format within the 407 Ericsson Datacom Access vendor-specific attribute is shown below. The 408 fields are transmitted left-to-right. See Section 2.5 for more 409 information about this attribute. 411 0 1 2 3 412 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 413 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 414 | Type | Length | Value 415 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 416 Value (cont) | 417 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 419 Type 421 12 for Acc-ML-Clear-Threshold 423 Length 425 6 427 Value 429 The value field is four octets. The minimum value is 0 and 430 maximum value is 100. 432 2.8 Acc-ML-Damping-Factor 434 Description 436 This attribute indicates the damping factor value to be used with 437 the multilink group that is to be configured. It may be used in 438 Access-Accept packets only. See Section 2.5 for more information 439 about this attribute. 441 A summary of the Acc-ML-Damping-Factor Attribute format within the 442 Ericsson Datacom Access vendor-specific attribute is shown below. The 443 fields are transmitted left-to-right. 445 0 1 2 3 446 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 447 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 448 | Type | Length | Value 449 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 450 Value (cont) | 451 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 453 Type 455 13 for Acc-ML-Damping-Factor 457 Length 459 6 461 Value 463 The value field is four octets. The minimum value is 0 and 464 maximum value is 64. 466 2.9 Acc-Tunnel-Secret 468 Description 470 This attribute sets the shared secret to support the CHAP style 471 endpoint authentication used by L2TP [VAL97]. The purpose for this 472 attribute is same as Tunnel-Password [ZOR98], except that Acc- 473 Tunnel-Secret is sent in clear. Therefore, Acc-Tunnel-Secret 474 should only be used if the RADIUS server does not support salt 475 encryption. It may be used in Access-Accept packets only. 477 A summary of the Acc-Tunnel-Secret Attribute format within the 478 Ericsson Datacom Access vendor- specific attribute is shown below. 479 The fields are transmitted left-to-right. 481 0 1 2 482 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 483 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 484 | Type | Length | String... 485 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 486 Type 488 14 for Acc-Tunnel-Secret 490 Length 492 >= 3 494 String 496 The String field is one or more octets. It is the clear text 497 tunnel secret. 499 2.10 Acc-Service-Profile 501 Description 503 This attribute the service profile to be used on the dial-in link. 504 It may be used in Access-Accept packets only. 506 With the addition of Acc-Service-Profile VSA, RADIUS can identify 507 the Service Profile to be assigned to a dial-in user. This 508 attribute should only be present in an access accept message when 509 the NAS has queried RADIUS prior to answering the call. In this 510 case all RADIUS has is the called number. The service profile 511 identified by this VSA must exist on the NAS in its locally 512 configured Service Profile database. For the regular routing case 513 the service profile indicates that dial-in calls to be routed 514 based on the Destination IP Address received from a dial-in user. 515 This service is used primarily to provide carrier-based Internet 516 access. For the called number routing case, the service profile 517 forces IP dial-in calls to be specifically directed to a VPN 518 customer's network. A service profile may also indicate that 519 Layer 2 Tunneling should be performed for a given dial-in user. 521 A summary of the Acc-Service-Profile Attribute format within the 522 Ericsson Datacom Access vendor- specific attribute is shown below. 523 The fields are transmitted left-to-right. 525 0 1 2 526 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 527 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 528 | Type | Length | String... 529 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 531 Type 532 17 for Acc-Service-Profile 534 Length 536 >= 3 538 String 540 The String field is one or more octets. It is the name of the 541 service profile. 543 2.11 Acc-Request-Type 545 Description 547 This attribute indicates the type of the Access-Request or 548 Accounting-Request packet. It may be used in Access-Request and 549 Accounting-Request packets only. The attribute values from 1 to 4 550 are used in Access-Request packets, whereas 5 and 6 are used in 551 Accounting-Request packets. 553 An Ericsson Datacom Access NAS may send an Access-Request packet 554 to the RADIUS server before it answers the call. In this case the 555 User-Name attribute includes the Called Number and the Acc- 556 Request-Type attribute contains the value 1, i.e. Ring-Indication. 557 A special-purpose RADIUS server (or proxy) receiving this message 558 may accept or reject the call based on its policy, e.g. it may 559 reject the call if the quota assigned for this Called Number has 560 been exceeded. This is useful when an ISP or TELCO outsources 561 their dial-in ports to separate customers and partitions the 562 customers by differentiating them based on the number they call 563 in. Ericsson Datacom Access's VPSM server product is an example 564 for this type of operation. 566 A value of 2 in the Acc-Request-Type field indicates that the NAS 567 is attempting to authorize an outgoing call. A value of 3 568 indicates that the type of access request is for user 569 authentication, which is the default behavior for the RADIUS 570 authentication. A value of 4 indicates that a tunnel 571 authentication is requested by the LAC (L2TP Access Concentrator) 572 in response to a tunnel request from an LNS (L2TP Network Server). 574 This attribute may also be present in Accounting-Request packets. 575 A value of 5 indicates that the Accounting-Request is for a PPP 576 session, whereas a value of 6 indicates that the Accounting- 577 Request is for a tunnel session. The latter case also indicates 578 that this accounting information is being provided for a dial-in 579 session that is not authenticated at the LAC end of the tunnel, 580 but possibly authenticated at the LNS end. 582 A summary of the Acc-Request-Type Attribute format within the 583 Ericsson Datacom Access vendor- specific attribute is shown below. 584 The fields are transmitted left-to-right. 586 0 1 2 3 587 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 588 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 589 | Type | Length | Value 590 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 591 Value (cont) | 592 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 594 Type 596 18 for Acc-Request-Type 598 Length 600 6 602 Value 604 The value field is four octets. 606 1 Ring Indication 607 2 Dial Request 608 3 User Authentication 609 4 Tunnel Authentication 610 5 User Accounting 611 6 Tunnel Accounting 613 2.12 Acc-Framed-Bridge 615 Description 617 This attribute indicates if Transparent (Ethernet) Bridging should 618 be enabled on the dial-in link. It may be used in Access-Accept 619 packets only. 621 A summary of the Acc-Framed-Bridge Attribute format within the 622 Ericsson Datacom Access vendor-specific attribute is shown below. The 623 fields are transmitted left-to-right. 625 0 1 2 3 626 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 627 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 628 | Type | Length | Value 629 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 630 Value (cont) | 631 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 633 Type 635 19 for Acc-Framed-Bridge 637 Length 639 6 641 Value 643 The value field is four octets. 645 0 Disabled 646 1 Enabled 648 2.13 Acc-Dns-Server-Pri 650 Description 652 This attribute indicates the primary DNS (Domain Name System) 653 Server Address to be provided to the dial-in user during IPCP 654 negotiation. The IPCP protocol (RFC 1332) [MCG92] provides the 655 option of negotiating the IP addresses of the primary and 656 secondary DNS and NBNS (NetBIOS Name Server) servers. The support 657 for these options is specified by RFC 1877 [COB95]. The Acc-Dns- 658 Server-Pri attribute may be used in Access-Accept packets only. 660 A summary of the Acc-Dns-Server-Pri attribute format within the 661 Ericsson Datacom Access vendor-specific attribute is shown below. The 662 fields are transmitted left-to-right. 664 0 1 2 3 665 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 666 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 667 | Type | Length | Value 668 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 669 Value (cont) | 670 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 671 Type 673 23 for Acc-Dns-Server-Pri 675 Length 677 6 679 Value 681 The value field is four octets. 683 2.14 Acc-Dns-Server-Sec 685 Description 687 This attribute indicates the secondary DNS (Domain Name System) 688 Server Address to be provided to the dial-in user during IPCP 689 negotiation. The IPCP protocol (RFC 1332) [MCG92] provides the 690 option of negotiating the IP addresses of the primary and 691 secondary DNS and NBNS (NetBIOS Name Server) servers. The support 692 for these options is specified by RFC 1877 [COB95]. The Acc-Dns- 693 Server-Sec attribute may be used in Access-Accept packets only. 695 A summary of the Acc-Dns-Server-Sec attribute format within the 696 Ericsson Datacom Access vendor-specific attribute is shown below. The 697 fields are transmitted left-to-right. 699 0 1 2 3 700 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 701 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 702 | Type | Length | Value 703 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 704 Value (cont) | 705 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 707 Type 709 24 for Acc-Dns-Server-Sec 711 Length 713 6 715 Value 716 The value field is four octets. 718 2.15 Acc-Nbns-Server-Pri 720 Description 722 This attribute indicates the primary NBNS (NetBIOS Name Server) 723 Address to be provided to the dial-in user during IPCP 724 negotiation. The IPCP protocol (RFC 1332) [MCG92] provides the 725 option of negotiating the IP addresses of the primary and 726 secondary DNS (Domain Name System) and NBNS (NetBIOS Name Server) 727 servers. The support for these options is specified by RFC 1877 728 [COB95]. The Acc-Nbns-Server-Pri attribute may be used in 729 Access-Accept packets only. 731 A summary of the Acc-Nbns-Server-Pri attribute format within the 732 Ericsson Datacom Access vendor-specific attribute is shown below. The 733 fields are transmitted left-to-right. 735 0 1 2 3 736 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 737 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 738 | Type | Length | Value 739 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 740 Value (cont) | 741 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 743 Type 745 25 for Acc-Nbns-Server-Pri 747 Length 749 6 751 Value 753 The value field is four octets. 755 2.16 Acc-Nbns-Server-Sec 757 Description 759 This attribute indicates the secondary NBNS (NetBIOS Name Server) 760 Address to be provided to the dial-in user during IPCP 761 negotiation. The IPCP protocol (RFC 1332) [MCG92] provides the 762 option of negotiating the IP addresses of the primary and 763 secondary DNS (Domain Name System) and NBNS (NetBIOS Name Server) 764 servers. The support for these options is specified by RFC 1877 765 [COB95]. The Acc-Nbns-Server-Sec attribute may be used in 766 Access-Accept packets only. 768 A summary of the Acc-Nbns-Server-Sec attribute format within the 769 Ericsson Datacom Access vendor-specific attribute is shown below. The 770 fields are transmitted left-to-right. 772 0 1 2 3 773 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 774 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 775 | Type | Length | Value 776 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 777 Value (cont) | 778 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 780 Type 782 26 for Acc-Nbns-Server-Sec 784 Length 786 6 788 Value 790 The value field is four octets. 792 2.17 Acc-Ip-Compression 794 Description 796 This attribute indicates whether VJ Header Compression should be 797 enabled for the dial-in user's IP traffic. The Acc-Ip-Compression 798 attribute may be used in Access-Accept packets only. 800 A summary of the Acc-Ip-Compression attribute format within the 801 Ericsson Datacom Access vendor-specific attribute is shown below. The 802 fields are transmitted left-to-right. 804 0 1 2 3 805 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 806 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 807 | Type | Length | Value 808 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 809 Value (cont) | 810 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 812 Type 814 28 for Acc-Ip-Compression 816 Length 818 6 820 Value 822 The value field is four octets. 824 0 Disabled 825 1 Enabled 827 2.18 Acc-Ipx-Compression 829 Description 831 This attribute indicates whether Header Compression should be 832 enabled for the dial-in user's IPX traffic. The Acc-Ipx- 833 Compression attribute may be used in Access-Accept packets only. 835 A summary of the Acc-Ipx-Compression attribute format within the 836 Ericsson Datacom Access vendor-specific attribute is shown below. The 837 fields are transmitted left-to-right. 839 0 1 2 3 840 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 841 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 842 | Type | Length | Value 843 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 844 Value (cont) | 845 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 847 Type 848 29 for Acc-Ipx-Compression 850 Length 852 6 854 Value 856 The value field is four octets. 858 0 Disabled 859 1 Enabled 861 2.19 Acc-Callback-Delay 863 Description 865 This attribute specifies the delay time in seconds before the 866 remote side is called back. The Acc-Callback-Delay attribute may 867 be used in Access-Accept packets only. 869 A summary of the Acc-Callback-Delay attribute format within the 870 Ericsson Datacom Access vendor-specific attribute is shown below. The 871 fields are transmitted left-to-right. 873 0 1 2 3 874 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 875 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 876 | Type | Length | Value 877 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 878 Value (cont) | 879 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 881 Type 883 34 for Acc-Callback-Delay 885 Length 887 6 889 Value 891 The value field is four octets. 893 2.19 Acc-Callback-Num-Valid 895 Description 897 This attribute specifies the acceptable callback number for the 898 remote site to be called back. Each dial-in user may be 899 associated with zero or more valid number attributes. If this 900 attribute is not used then the callback will proceed as usual. 901 Also, if the Acc-Callback-Mode (see Section 2.21) is not one of 3 902 (User-Specified-E-164) and 6 (CBCP-Callback) then the valid number 903 filtering will not be performed. Otherwise, if this attribute is 904 returned in an Access-Reply message, then the callback number 905 negotiated from the callback phase will be compared to the numbers 906 in this attribute. Multiple instances (up to 16) of this 907 attribute can be returned in the same Access-Reply message. This 908 attribute contains a string (valid characters: representing a 909 number filter. 'x' and 'X' represent single character wildcards, 910 and '-' character is ignored during filtering. The matching 911 starts from the end of the string. The filter string specified in 912 this attribute must be at least the same length as the callback 913 number (excluding the '-' characters). If the negotiated callback 914 number is determined to be valid then callback will proceed, 915 otherwise no callback will be made. The Acc-Callback-Num-Valid 916 attribute may be used in Access-Accept packets only. 918 A summary of the Acc-Callback-Num-Valid attribute format within the 919 Ericsson Datacom Access vendor-specific attribute is shown below. The 920 fields are transmitted left-to-right. 922 0 1 2 923 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 924 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 925 | Type | Length | String... 926 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 928 Type 930 35 for Acc-Callback-Num-Valid 932 Length 934 >= 3 936 Value 937 The String field is one or more octets. 939 2.21 Acc-Callback-Mode 941 Description 943 This attribute indicates what type of callback should be performed 944 for the dial-in user. A value of 0 (User-Auth) indicates the 945 callback will depend on the user authentication. A value of 3 946 (User-Specified-E-164) indicates the callback will be done to the 947 user specified callback number. A value of 6 (CBCP-Callback) 948 indicates callback will be negotiated using CBCP. A value of 7 949 (CLI-Callback) indicates CLI (Calling Line Identifier) type 950 callback will be used. The Acc-Callback-Mode attribute may be 951 used in Access-Accept packets only. 953 A summary of the Acc-Callback-Mode attribute format within the 954 Ericsson Datacom Access vendor-specific attribute is shown below. The 955 fields are transmitted left-to-right. 957 0 1 2 3 958 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 959 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 960 | Type | Length | Value 961 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 962 Value (cont) | 963 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 965 Type 967 36 for Acc-Callback-Mode 969 Length 971 6 973 Value 975 The value field is four octets. 977 0 User-Auth 978 3 User-Specified-E-164 979 6 CBCP-Callback 980 7 CLI-Callback 982 2.22 Acc-Callback-CBCP-Type 984 Description 986 This attribute indicates the type of CBCP to be used for the 987 dial-in user. The Acc-Callback-CBCP-Type attribute may be used in 988 Access-Accept packets only. 990 A summary of the Acc-Callback-CBCP-Type attribute format within the 991 Ericsson Datacom Access vendor-specific attribute is shown below. The 992 fields are transmitted left-to-right. 994 0 1 2 3 995 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 996 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 997 | Type | Length | Value 998 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 999 Value (cont) | 1000 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1002 Type 1004 37 for Acc-Callback-CBCP-Type 1006 Length 1008 6 1010 Value 1012 The value field is four octets. 1014 CBCP-None 1 1015 CBCP-User-Specified 2 1016 CBCP-Pre-Specified 3 1018 2.23 Acc-Dialout-Auth-Mode 1020 Description 1022 This attribute indicates the type of authentication to be used for 1023 the dialout of the callback session. The Acc-Dialout-Auth-Mode 1024 attribute may be used in Access-Accept packets only. 1026 A summary of the Acc-Dialout-Auth-Mode attribute format within the 1027 Ericsson Datacom Access vendor-specific attribute is shown below. The 1028 fields are transmitted left-to-right. 1030 0 1 2 3 1031 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1032 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1033 | Type | Length | Value 1034 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1035 Value (cont) | 1036 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1038 Type 1040 38 for Acc-Dialout-Auth-Mode 1042 Length 1044 6 1046 Value 1048 The value field is four octets. 1050 PAP 1 1051 CHAP 2 1052 CHAP-PAP 3 1053 NONE 4 1055 2.24 Acc-Dialout-Auth-Password 1057 Description 1059 This attribute indicates the password to be used for the outgoing 1060 authentication of the callback. The Acc-Dialout-Auth-Password 1061 attribute may be used in Access-Accept packets only. 1063 A summary of the Acc-Dialout-Auth-Password attribute format within 1064 the Ericsson Datacom Access vendor-specific attribute is shown below. 1065 The fields are transmitted left-to-right. 1067 0 1 2 1068 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 1069 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1070 | Type | Length | String... 1071 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1073 Type 1075 36 for Acc-Dialout-Auth-Password 1077 Length 1079 >= 3 1081 Value 1083 The String field is one or more octets. 1085 2.25 Acc-Dialout-Auth-Username 1087 Description 1089 This attribute indicates the username to be used for the outgoing 1090 authentication of the callback. The Acc-Dialout-Auth-Username 1091 attribute may be used in Access-Accept packets only. 1093 A summary of the Acc-Dialout-Auth-Username attribute format within 1094 the Ericsson Datacom Access vendor-specific attribute is shown below. 1095 The fields are transmitted left-to-right. 1097 0 1 2 1098 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 1099 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1100 | Type | Length | String... 1101 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1103 Type 1105 37 for Acc-Dialout-Auth-Username 1107 Length 1109 >= 3 1111 Value 1113 The String field is one or more octets. 1115 2.26 Acc-Access-Community 1117 Description 1119 This attribute indicates SNMP community name for the RADIUS 1120 authenticated console login session. The Acc-Access-Community 1121 attribute may be used in Access-Accept packets only. 1123 A summary of the Acc-Access-Community attribute format within the 1124 Ericsson Datacom Access vendor-specific attribute is shown below. The 1125 fields are transmitted left-to-right. 1127 0 1 2 3 1128 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1129 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1130 | Type | Length | Value 1131 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1132 Value (cont) | 1133 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1135 Type 1137 42 for Acc-Access-Community 1139 Length 1141 6 1143 Value 1145 The value field is four octets. 1147 PUBLIC 1 1148 NETMAN 2 1150 2.27 Acc-Vpsm-Reject-Cause 1152 Description 1154 This attribute indicates the rejection reason by VPSM (Virtual 1155 Port Service Manager) sent in response to an Access Request. The 1156 Acc-Vpsm-Reject-Cause attribute may be used in Access-Reject 1157 packets only. 1159 A summary of the Acc-Vspm-Reject-Cause attribute format within the 1160 Ericsson Datacom Access vendor-specific attribute is shown below. The 1161 fields are transmitted left-to-right. 1163 0 1 2 3 1164 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1165 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1166 | Type | Length | Value 1167 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1168 Value (cont) | 1169 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1171 Type 1173 43 for Acc-Vpsm-Reject-Cause 1175 Length 1177 6 1179 Value 1181 The value field is four octets. 1183 No-Access-Partition 1 1184 Access-Partition-Disabled 2 1185 Partition-Portlimit-Exceeded 3 1186 License-Portlimit-Exceeded 4 1187 Home-Server-Down 5 1188 Rejected-By-Home-Server 6 1189 NAS-Administratively-Disabled 7 1191 2.28 Acc-Ace-Token 1193 Description 1195 This attribute is used to carry a user entered "passcode" for ACE 1196 authentication. Steel Belted Radius proxies this information to 1197 the ACE authentication server. The Acc-Ace-Token attribute may be 1198 used in Access-Challenge and Access-Request packets only. 1200 A summary of the Acc-Ace-Token attribute format within the Ericsson 1201 Datacom Access vendor-specific attribute is shown below. The fields 1202 are transmitted left-to-right. 1204 0 1 2 1205 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 1206 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1207 | Type | Length | String... 1208 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1210 Type 1212 44 for Acc-Ace-Token 1214 Length 1216 >= 3 1218 String 1220 The string field is one or more octets and carries the user 1221 entered passcode. 1223 2.29 Acc-Ace-Token-Ttl 1225 Description 1227 This attribute indicates the time to live (TTL) in seconds for an 1228 ACE token of a dial-in user. When the user is authenticated using 1229 Steel Belted Radius (with token caching) the server returns a 1230 configured TTL for that user. This allows the NAS to make an 1231 educated guess to when the cached token will expire in the RADIUS 1232 cache. If a value is not specified, the TTL is set to zero, which 1233 indicates that no caching will be used. The Acc-Ace-Token-Ttl 1234 attribute may be used in Access-Accept packets only. 1236 A summary of the Acc-Ace-Token-Ttl attribute format within the 1237 Ericsson Datacom Access vendor-specific attribute is shown below. The 1238 fields are transmitted left-to-right. 1240 0 1 2 3 1241 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1242 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1243 | Type | Length | Value 1244 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1245 Value (cont) | 1246 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1248 Type 1250 45 for Acc-Ace-Token-Ttl 1252 Length 1254 6 1256 Value 1258 The value field is four octets and it can be from 0 to 65535 (in 1259 seconds). 1261 2.30 Acc-Ip-Pool-Name 1263 Description 1265 This attribute The Acc-Ip-Pool-Name attribute contains a string 1266 identifying an IP address pool name to be used for assigning an IP 1267 address from a pool configured on the NAS with the same name. 1268 This attribute may only be used if the IP address attribute 1269 indicates an IP assigned by NAS (Framed-IP-Address = 1270 255.255.255.254). The Acc-Ip-Pool-Name may be used in Access- 1271 Accept packets only. 1273 A summary of the Acc-Ip-Pool-Name attribute format within the 1274 Ericsson Datacom Access vendor-specific attribute is shown below. The 1275 fields are transmitted left-to-right. 1277 0 1 2 1278 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 1279 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1280 | Type | Length | String... 1281 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1282 Type 1284 46 for Acc-Ip-Pool-Name 1286 Length 1288 >= 3 1290 String 1292 The string field is one or more octets, and should match the name 1293 of an IP address pool configured on the NAS. 1295 2.31 Acc-Igmp-Admin-State 1297 Description 1299 This attribute indicates the administrative state of IGMP for a 1300 dial-in user. The Acc-Igmp-Admin-State attribute may be used in 1301 Access-Accept packets only. 1303 A summary of the Acc-Igmp-Admin-State attribute format within the 1304 Ericsson Datacom Access vendor-specific attribute is shown below. The 1305 fields are transmitted left-to-right. 1307 0 1 2 3 1308 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1309 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1310 | Type | Length | Value 1311 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1312 Value (cont) | 1313 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1315 Type 1317 47 for Acc-Igmp-Admin-State 1319 Length 1321 6 1323 Value 1324 The value field is four octets. 1326 Enabled 1 1327 Disabled 2 1329 2.32 Acc-Igmp-Version 1331 Description 1333 This attribute indicates the version of IGMP that will be used by 1334 a dial-in user. The Acc-Igmp-Version attribute may be used in 1335 Access-Accept packets only. 1337 A summary of the Acc-Igmp-Version attribute format within the 1338 Ericsson Datacom Access vendor-specific attribute is shown below. The 1339 fields are transmitted left-to-right. 1341 0 1 2 3 1342 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1343 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1344 | Type | Length | Value 1345 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1346 Value (cont) | 1347 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1349 Type 1351 48 for Acc-Igmp-Version 1353 Length 1355 6 1357 Value 1359 The value field is four octets. 1361 V1 1 1362 V2 2 1364 3. Ericsson Datacom Access Radius Accounting Attributes 1366 The table below indicates how the accounting vendor-specific 1367 attributes are used in the accounting request packets. The attributes 1368 with (*) are accounting specific attributes. An X indicates in which 1369 type of Accounting-Request packet the attribute may be included. 1370 Note that any Accounting-Request packet may include a copy of all the 1371 configuration attributes. The attributes listed below with no (X) 1372 associated with them may be used in any Accounting-Request packet, 1373 though they are not Accounting specific attributes. 1375 +-------------------------------+--------+-------+------+---------+ 1376 | Attribute Name | Number | Start | Stop | Interim | 1377 +-------------------------------+--------+-------+------+---------+ 1378 | Acc-Reason-Code (*) | 1 | | X | | 1379 | Acc-Ccp-Option | 2 | | | | 1380 | Acc-Input-Errors (*) | 3 | | X | X | 1381 | Acc-Output-Errors (*) | 4 | | X | X | 1382 | Acc-Access-Partition (*) | 5 | X | X | X | 1383 | Acc-Customer-Id (*) | 6 | X | X | X | 1384 | Acc-Ip-Gateway-Pri | 7 | | | | 1385 | Acc-Ip-Gateway-Sec | 8 | | | | 1386 | Acc-Route-Policy | 9 | | | | 1387 | Acc-ML-MLX-Admin-State | 10 | | | | 1388 | Acc-ML-Call-Threshold | 11 | | | | 1389 | Acc-ML-Clear-Threshold | 12 | | | | 1390 | Acc-ML-Damping-Factor | 13 | | | | 1391 | Acc-Clearing-Cause (*) | 15 | | X | | 1392 | Acc-Clearing-Location (*) | 16 | | X | | 1393 | Acc-Service-Profile | 17 | X | X | X | 1394 | Acc-Request-Type | 18 | X | X | X | 1395 | Acc-Framed-Bridge | 19 | | | | 1396 | Acc-Vpsm-Oversubscribed (*) | 20 | X | X | | 1397 | Acc-Acct-On-Off-Reason (*) | 21 | | | | 1398 | Acc-Tunnel-Port (*) | 22 | X | X | X | 1399 | Acc-Dns-Server-Pri | 23 | | | | 1400 | Acc-Dns-Server-Sec | 24 | | | | 1401 | Acc-Nbns-Server-Pri | 25 | | | | 1402 | Acc-Nbns-Server-Sec | 26 | | | | 1403 | Acc-Dial-Port-Index (*) | 27 | X | X | X | 1404 | Acc-Ip-Compression | 28 | | | | 1405 | Acc-Ipx-Compression | 29 | | | | 1406 | Acc-Connect-Tx-Speed (*) | 30 | X | X | X | 1407 | Acc-Connect-Rx-Speed (*) | 31 | X | X | X | 1408 | Acc-Modem-Modulation-Type (*) | 32 | X | X | X | 1409 | Acc-Modem-Error-Protocol (*) | 33 | X | X | X | 1410 | Acc-Callback-Delay | 34 | | | | 1411 | Acc-Callback-Num-Valid | 35 | | | | 1412 | Acc-Callback-Mode | 36 | | | | 1413 | Acc-Callback-CBCP-Type | 37 | | | | 1414 | Acc-Dialout-Auth-Mode | 38 | | | | 1415 | Acc-Dialout-Auth-Password | 39 | | | | 1416 | Acc-Dialout-Auth-UserName | 40 | | | | 1417 | Acc-Access-Community | 42 | | | | 1418 | Acc-Vpsm-Reject-Cause | 43 | | | | 1419 | Acc-Ace-Token | 44 | | | | 1420 | Acc-Ace-Token-Ttl | 45 | | | | 1421 | Acc-Ip-Pool-Name | 46 | | | | 1422 | Acc-Igmp-Admin-State | 47 | | | | 1423 | Acc-Igmp-Version | 48 | | | | 1424 +-------------------------------+--------+-------+------+---------+ 1426 3.1 Acc-Reason-Code 1428 Description 1430 This attribute provides an extension to the standard Acct- 1431 Terminate-Cause attribute. It provides more detail on the 1432 termination reason for a call. 1434 A summary of the Acc-Reason-Code Attribute format within the Ericsson 1435 Datacom Access vendor- specific attribute is shown below. The fields 1436 are transmitted left-to-right. 1438 0 1 2 3 1439 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1440 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1441 | Type | Length | Value 1442 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1443 Value (cont) | 1444 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1446 Type 1448 1 for Acc-Reason-Code 1450 Length 1452 6 1454 Value 1456 The value field is four octets. 1458 0 no reason given/no failure 1459 1 resource shortage 1460 2 session already open 1461 3 too many RADIUS users 1462 4 no authentication server 1463 5 no authentication response 1464 6 no accounting server 1465 7 no accounting response 1466 8 access denied 1467 9 temporary buffer shortage 1468 10 protocol error 1469 11 invalid attribute 1470 12 invalid service type 1471 13 invalid framed protocol 1472 14 invalid attribute value 1473 15 invalid user information 1474 16 invalid IP address 1475 17 invalid integer syntax 1476 18 invalid NAS port 1477 19 requested by user 1478 20 network disconnect 1479 21 service interruption 1480 22 physical port error 1481 23 idle timeout 1482 24 session timeout 1483 25 administrative reset 1484 26 NAS reload or reset 1485 27 NAS error 1486 28 NAS request 1487 29 undefined reason given 1488 30 conflicting attributes 1489 31 port limit exceeded 1490 32 facility not available 1491 33 internal configuration error 1492 34 bad route specification 1493 35 Access Partition bind failure 1494 36 security violation 1495 37 request type conflict 1496 38 configuration disallowed 1497 39 missing attribute 1498 40 invalid request 1499 41 missing parameter 1500 42 invalid parameter 1501 43 call cleared with cause 1502 44 inopportune config request 1503 45 invalid config parameter 1504 46 missing config parameter 1505 47 incompatible service profile 1506 48 administrative reset 1507 49 administrative reload 1508 50 port unneeded 1509 51 port preempted 1510 52 port suspended 1511 53 service unavailable 1512 54 callback 1513 55 user error 1514 56 host request 1516 3.2 Acc-Input-Errors 1518 Description 1520 This attribute indicates the number of receive errors on the 1521 physical port the dial- in user was connected to. 1523 A summary of the Acc-Input-Errors Attribute format within the 1524 Ericsson Datacom Access vendor- specific attribute is shown below. 1525 The fields are transmitted left-to-right. 1527 0 1 2 3 1528 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1529 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1530 | Type | Length | Value 1531 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1532 Value (cont) | 1533 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1535 Type 1537 3 for Acc-Input-Errors 1539 Length 1541 6 1543 Value 1545 The value field is four octets. 1547 3.3 Acc-Output-Errors 1549 Description 1551 This attribute indicates the number of send errors on the physical 1552 port the dial-in user was connected to. 1554 A summary of the Acc-Output-Errors Attribute format within the 1555 Ericsson Datacom Access vendor- specific attribute is shown below. 1556 The fields are transmitted left-to-right. 1558 0 1 2 3 1559 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1560 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1561 | Type | Length | Value 1562 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1563 Value (cont) | 1564 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1566 Type 1568 4 for Acc-Output-Errors 1570 Length 1572 6 1574 Value 1576 The value field is four octets. 1578 3.4 Acc-Access-Partition 1580 Description 1582 This attribute specifies the name of the Access Partition the 1583 dial-in user is assigned to. Access Partitioning [EDA97a] gives 1584 carriers the ability to partition dial-in resources and assign 1585 these partitions to dial-in Virtual Private Networks. 1587 A summary of the Acc-Access-Partition Attribute format within the 1588 Ericsson Datacom Access vendor- specific attribute is shown below. 1589 The fields are transmitted left-to-right. 1591 0 1 2 1592 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 1593 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1594 | Type | Length | String... 1595 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1597 Type 1598 5 for Acc-Access-Partition 1600 Length 1602 >= 3 1604 String 1606 The String field is one or more octets. 1608 3.5 Acc-Customer-Id 1610 Description 1612 This attribute specifies the Id of the Customer the dial-in user 1613 is associated with. 1615 A summary of the Acc-Customer-Id Attribute format within the Ericsson 1616 Datacom Access vendor- specific attribute is shown below. The fields 1617 are transmitted left-to-right. 1619 0 1 2 1620 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 1621 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1622 | Type | Length | String... 1623 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1625 Type 1627 6 for Acc-Customer-Id 1629 Length 1631 >= 3 1633 Value 1635 The String field is one or more octets. 1637 3.6 Acc-Clearing-Cause 1639 Description 1641 This attribute provides an extension to the Acc-Reason-Code 1642 attribute. It provides more detail if Acc-Reason-Code indicates 1643 Call-Cleared-With-Cause (43). 1645 A summary of the Acc-Clearing-Cause Attribute format within the 1646 Ericsson Datacom Access vendor- specific attribute is shown below. 1647 The fields are transmitted left-to-right. 1649 0 1 2 3 1650 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1651 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1652 | Type | Length | Value 1653 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1654 Value (cont) | 1655 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1657 Type 1659 15 for Acc-Clearing-Cause 1661 Length 1663 6 1665 Value 1667 The value field is four octets. 1669 0 cause unspecified 1670 1 unassigned number 1671 2 no route to transit network 1672 3 no route to destination 1673 6 channel unacceptable 1674 7 call awarded being delivered 1675 16 normal clearing 1676 17 user busy 1677 18 no user responding 1678 19 user alerted no answer 1679 21 call rejected 1680 22 number changed 1681 26 non selected user clearing 1682 27 destination out of order 1683 28 invalid or incomplete number 1684 29 facility rejected 1685 30 response to status inquiry 1686 31 normal unspecified cause 1687 34 no circuit or channel available 1688 38 network out of order 1689 41 temporary failure 1690 42 switching equipment congestion 1691 43 access information discarded 1692 44 circuit or channel unavailable 1693 45 circuit or channel preempted 1694 47 resources unavailable 1695 49 quality of service unavailable 1696 50 facility not subscribed 1697 52 outgoing calls barred 1698 54 incoming calls barred 1699 57 bearer capability unauthorized 1700 58 bearer capability not available 1701 63 service not available 1702 65 bearer capability not implemented 1703 66 channel type not implemented 1704 69 facility not implemented 1705 70 restricted digital information only 1706 79 service not implemented 1707 81 invalid call reference 1708 82 identified channel does not exist 1709 83 call identity does not exist 1710 84 call identity in use 1711 85 no call suspended 1712 86 suspended call cleared 1713 88 incompatible destination 1714 91 invalid transit network selection 1715 95 invalid message 1716 96 mandatory information element missing 1717 97 message not implemented 1718 98 inopportune message 1719 99 information element not implemented 1720 100 invalid information element contents 1721 101 message incompatible with state 1722 102 recovery on timer expiration 1723 103 mandatory information element length error 1724 111 protocol error 1725 127 interworking 1727 3.7 Acc-Clearing-Location 1729 Description 1731 This attribute provides an extension to the Acc-Reason-Code 1732 attribute. It provides detail on where the call has been cleared. 1734 A summary of the Acc-Clearing-Location Attribute format within the 1735 Ericsson Datacom Access vendor-specific attribute is shown below. The 1736 fields are transmitted left-to-right. 1738 0 1 2 3 1739 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1740 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1741 | Type | Length | Value 1742 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1743 Value (cont) | 1744 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1746 Type 1748 16 for Acc-Clearing-Location 1750 Length 1752 6 1754 Value 1756 The value field is four octets 1758 0 local or remote user 1759 1 private network serving local user 1760 2 public network serving local user 1761 3 transit network 1762 4 private network serving remote user 1763 5 public network serving remote user 1764 6 international network 1765 10 beyond interworking point 1767 3.8 Acc-Vpsm-Oversubscribed 1769 Description 1771 This attribute is specific to Ericsson Datacom Access's VPSM 1772 (Virtual Port Service Manager) server software. VPSM runs as a 1773 proxy RADIUS server between an Ericsson Datacom Access NAS and a 1774 home RADIUS server. If the VPSM server detects that this 1775 connection caused the corresponding Access Partition quota to be 1776 exceeded, the Accounting-Start record for the connection will 1777 include the Acc-Vpsm-Oversubscribed attribute with a value of 2 1778 (True). 1780 A summary of the Acc-Vpsm-Oversubscribed Attribute format within the 1781 Ericsson Datacom Access vendor-specific attribute is shown below. The 1782 fields are transmitted left-to-right. 1784 0 1 2 3 1785 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1786 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1787 | Type | Length | Value 1788 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1789 Value (cont) | 1790 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1792 Type 1794 20 for Acc-Vpsm-Oversubscribed 1796 Length 1798 6 1800 Value 1802 The value field is four octets. 1804 1 False 1805 2 True 1807 3.9 Acc-Acct-On-Off-Reason 1809 Description 1811 This attribute provides a reason code for why the Accounting-On or 1812 Accounting- Off message is sent. 1814 A summary of the Acc-Acct-On-Off-Reason Attribute format within the 1815 Ericsson Datacom Access vendor-specific attribute is shown below. The 1816 fields are transmitted left-to-right. 1818 0 1 2 3 1819 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1820 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1821 | Type | Length | Value 1822 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1823 Value (cont) | 1824 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1826 Type 1828 21 for Acc-Acct-On-Off-Reason 1830 Length 1832 6 1834 Value 1836 The value field is four octets. 1838 0 NAS Reset 1839 1 NAS Reload 1840 2 Configuration Reset 1841 3 Configuration Reload 1842 4 Enabled 1843 5 Disabled 1845 3.10 Acc-Tunnel-Port 1847 Description 1849 This attribute indicates the index of the Tunnel Port the dial-in 1850 user is connected to. 1852 A summary of the Acc-Tunnel-Port attribute format within the Ericsson 1853 Datacom Access vendor-specific attribute is shown below. The fields 1854 are transmitted left-to-right. 1856 0 1 2 3 1857 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1858 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1859 | Type | Length | Value 1860 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1861 Value (cont) | 1862 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1864 Type 1866 22 for Acc-Tunnel-Port 1868 Length 1870 6 1872 Value 1874 The value field is four octets. 1876 3.11 Acc-Dial-Port-Index 1878 Description 1880 This attribute indicates the index of the Dial Port the dial-in 1881 user is connected to. 1883 A summary of the Acc-Dial-Port-Index attribute format within the 1884 Ericsson Datacom Access vendor-specific attribute is shown below. The 1885 fields are transmitted left-to-right. 1887 0 1 2 3 1888 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1889 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1890 | Type | Length | Value 1891 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1892 Value (cont) | 1893 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1895 Type 1897 27 for Acc-Dial-Port-Index 1899 Length 1901 6 1903 Value 1905 The value field is four octets. 1907 3.12 Acc-Connect-Tx-Speed 1909 Description 1911 This attribute indicates the transmit speed that is negotiated on 1912 the NAS port for this dial-in connection. If an LNS (L2TP Network 1913 Server) is generating this accounting record, then the value is 1914 passed to the LNS from a LAC (L2TP Access Concentrator). 1916 A summary of the Acc-Connect-Tx-Speed attribute format within the 1917 Ericsson Datacom Access vendor-specific attribute is shown below. The 1918 fields are transmitted left-to-right. 1920 0 1 2 3 1921 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1922 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1923 | Type | Length | Value 1924 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1925 Value (cont) | 1926 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1928 Type 1930 30 for Acc-Connect-Tx-Speed 1932 Length 1934 6 1936 Value 1938 The value field is four octets. 1940 3.13 Acc-Connect-Rx-Speed 1942 Description 1944 This attribute indicates the receive speed that is negotiated on 1945 the NAS port for this dial-in connection. If an LNS (L2TP Network 1946 Server) is generating this accounting record, then the value is 1947 passed to the LNS from a LAC (L2TP Access Concentrator). 1949 A summary of the Acc-Connect-Rx-Speed attribute format within the 1950 Ericsson Datacom Access vendor-specific attribute is shown below. The 1951 fields are transmitted left-to-right. 1953 0 1 2 3 1954 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1955 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1956 | Type | Length | Value 1957 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1958 Value (cont) | 1959 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1961 Type 1963 31 for Acc-Connect-Rx-Speed 1965 Length 1967 6 1969 Value 1971 The value field is four octets. 1973 3.14 Acc-Modem-Modulation-Type 1975 Description 1977 This attribute indicates the modem modulation type that is used on 1978 the NAS port for this dial-in connection. This attribute is only 1979 available if the dial-in NAS port is a modem port. 1981 A summary of the Acc-Modem-Modulation-Type attribute format within 1982 the Ericsson Datacom Access vendor-specific attribute is shown below. 1983 The fields are transmitted left-to-right. 1985 0 1 2 1986 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 1987 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1988 | Type | Length | String... 1989 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1991 Type 1993 32 for Acc-Modem-Modulation-Type 1995 Length 1997 >=3 1999 Value 2001 The value field is four octets. 2003 3.15 Acc-Modem-Error-Protocol 2005 Description 2007 This attribute indicates the modem error protocol that is used on 2008 the NAS port for this dial-in connection. This attribute is only 2009 available if the dial-in NAS port is a modem port. 2011 A summary of the Acc-Modem-Error-Protocol attribute format within the 2012 Ericsson Datacom Access vendor-specific attribute is shown below. The 2013 fields are transmitted left-to-right. 2015 0 1 2 2016 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 2017 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2018 | Type | Length | String... 2019 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2021 Type 2023 33 for Acc-Modem-Error-Protocol 2025 Length 2027 >=3 2029 Value 2031 The value field is four octets. 2033 4. Security Considerations 2035 Security issues regarding the RADIUS protocol are discussed in RFC 2036 2138 [RIG97a] and RFC 2139 [RIG97b]. The use of Acc-Tunnel-Secret 2037 attribute is insecure. The Tunnel-Password attribute, defined in 2038 [ZOR98], should be used whenever possible and Acc-Tunnel-Secret 2039 attribute should only be used if the RADIUS server does not support 2040 salt encryption. 2042 5. References 2044 [EDA97a] "Access Partitioning" White Paper, 2045 available via http://www.acc.com, 2046 Ericsson Datacom Access, August 1997 2048 [EDA97b] "RADIUS Implementation" White Paper, 2049 available via http://www.acc.com, 2050 Ericsson Datacom Access, January 1998 2052 [COB95] Cobb, S., PPP Internet Protocol Control Protocol 2053 Extensions for Name Server Addresses, 2054 RFC 1877, Microsoft, December 1995. 2056 [GID94] Gidwani, N., Proposal for Callback Control Protocol (CBCP), 2057 draft-ietf-pppext-callback-cp-02.txt, Microsoft, July 1994. 2059 [MCG92] McGregor, G., PPP Internet Control Protocol", 2060 RFC 1332, Merit, May 1992. 2062 [RAN96] Rand, D., The PPP Compression Control Protocol (CCP), 2063 RFC 1962, Novell, June 1996. 2065 [RIG97a] Rigney, C., Remote Authentication Dial In User Service 2066 (RADIUS), RFC 2138, Livingston, April 1997. 2068 [RIG97b] Rigney, C., et al, RADIUS Accounting, 2069 RFC 2139, Livingston, April 1997. 2071 [SIM98] Simpson, W., PPP LCP CallBack, 2072 draft-ietf-pppext-callback-ds-02.txt, Daydreamer, August 2073 1998. 2075 [SKL96] Sklower, K., et al, The PPP Multilink Protocol (MP), 2076 RFC 1990, UC Berkeley, August 1996. 2078 [SMI96] Smith, K., Ascend's Multilink Protocol Plus (MP+), 2079 Ascend, RFC 1934, August 1996. 2081 [VAL97] Valencia, et al., Layer Two Tunneling Protocol (L2TP), 2082 draft-ietf-pppext-l2tp-06.txt, June 1997. 2084 [ZOR98] Zorn, G., et al, RADIUS Attributes for Tunnel 2085 Protocol Support, draft-ietf-radius-tunnel-auth-05.txt, 2086 Microsoft-Ascend-Shiva, April 1998. 2088 6. Expiration Date 2090 This document expires June 1, 1999. 2092 7. Author's Address 2094 Koral Ilgun 2095 Ericsson Inc. 2096 Datacom Networks and IP Services 2097 Access Product Unit 2098 340 Storke Road 2099 Santa Barbara, CA 93117 2101 Phone: (805) 961-0279 2103 E-Mail: koral@acc.com