Alcatel-Lucent 8950 AAA User Manual

Page 158

............................................................................................................................................................................................................................................................

Understanding and Creating Attribute Sets

Using the 8950 AAA Policy Assistant in Server

Management Tool

9-18

365-360-001R6.0

Issue 1, December 2008

If a reply attribute differs from the nature of the user’s session, the NAS must resolve the
problem. For example, if the user connects using PPP and 8950 AAA returns a Framed-
Protocol attribute set to “SLIP” the NAS should drop the session.

With the 8950 AAA PolicyAssistant it is possible to define attribute sets that apply to all
users of a policy. This means that individual user profiles need only contain a user name
and password. All other attributes for authorization checks and provisioning rules can be
contained in an attribute set for the policy. This makes system management much easier
for the administrator.

Changing authorization checks and session provisioning can be accomplished by editing
the attribute set. This eliminates the need to edit numerous user profiles each time policy
changes.

Reply-Message

Sends a message back to the NAS
to be displayed to the user. In
Windows networking this message
may be logged but is not directly
displayed to the user.

No limit

Vendor-Specific

Used for encoding proprietary
vendor specific attribute (VSA)
extensions to the RADIUS
protocol. See your NAS vendor's
documentation for a list of VSAs
they support.

No limit

Session-Timeout

The maximum allowed session
length (in seconds)

Idle-Timeout

The maximum idle time allowed
for the session.

Port-Limit

The total number of sessions that
can be linked together for creating
greater bandwidth (Typically used
with ISDN sessions.)

Table 9-2 List of Attributes allowed in an Access–Accept available as Reply

Attributes

Attribute Name

Description

Required

Max