Alcatel-Lucent 8950 AAA User Manual

Page 157

Understanding and Creating Attribute Sets

Using the 8950 AAA Policy Assistant in Server

Management Tool

............................................................................................................................................................................................................................................................
365-360-001R6.0

Issue 1, December 2008

9-17

The 8950 AAA server supports session provisioning by returning reply attributes to the
NAS upon a successful authentication. Reply attributes, stored in a attribute set, or
possibly a user profile, provide additional parameters the NAS needs to complete an
access request. By including appropriate reply attributes in a policy, a variety of
connection configurations can be applied. For example, a user can be assigned a specific
IP addresses, IP header compression can be turned on or off, or a time limit can be
assigned to the connection.

Table 9-2

lists attributes allowed in an Access-Accept that are

commonly used as reply attributes.

Time-Of-Day

Define allowed access times by
day-of-week and/or hour-of-day.

Time-Of-Day = Wk0800-

1700

Table 9-2 List of Attributes allowed in an Access–Accept available as Reply

Attributes

Attribute Name

Description

Required

Max

User-Name

Sets the User-Name for the
session. Use if the NAS should
send accounting for a name other
than the name used for
authentication

Service-Type

The type of protocol. Typically set
to “Framed-Protocol” for IP
networks.

Framed-Protocol

The framing protocol to be used,
typically PPP.

Framed-IP-Address

Assigns an IP Address for the
session

Framed-IP-Netmask

Assigns a Netmask for the session

Filter-Id

Sets an IP filter to use for the
session. The filter must have been
defined or be available to the
NAS.

No limit

Figure 9-9 Sample List of Verification Attributes

Attribute Name

Description of Use of this
Attribute as a Verification
Attribute

Example