beautypg.com

Supported radius attributes, Supported radius attributes 44 – Blade ICE G8000 User Manual

Page 44

background image

RackSwitch G8000 Application Guide

44

„

Chapter 2: Port-based Network Access Control

BMD00041, November 2008

Supported RADIUS attributes

The G8000 802.1X Authenticator relies on external RADIUS servers for authentication
with EAP.

Table 2

lists the RADIUS attributes that are supported as part of

RADIUS-EAP authentication based on the guidelines specified in Annex D of the 802.1X
standard and RFC 3580.

Table 2 Support for RADIUS Attributes

#

Attribute

Attribute Value

A-R

A-A

A-C

A-R

1

User-Name

The value of the Type-Data field from the supplicant’s
EAP-Response/Identity message. If the Identity is
unknown (i.e. Type-Data field is zero bytes in length), this
attribute will have the same value as the Calling-Station-
Id.

1

0-1

0

0

4

NAS-IP-Address

IP address of the authenticator used for Radius commu-
nication.

1

0

0

0

5

NAS-Port

Port number of the authenticator port to which the suppli-
cant is attached.

1

0

0

0

24 State

Server-specific value. This is sent unmodified back to the
server in an Access-Request that is in response to an
Access-Challenge.

0-1

0-1

0-1

0

30 Called-Station-ID

The MAC address of the authenticator encoded as an
ASCII string in canonical format, e.g. 000D5622E3 9F.

1

0

0

0

31 Calling-Station-ID

The MAC address of the supplicant encoded as an ASCII
string in canonical format, e.g. 00034B436206.

1

0

0

0

79 EAP-Message

Encapsulated EAP packets from the supplicant to the
authentication server (Radius) and vice-versa. The
authenticator relays the decoded packet to both devices.

1+

1+

1+

1+

80 Message-Authentica-

tor

Always present whenever an EAP-Message attribute is
also included. Used to integrity-protect a packet.

1

1

1

1

87 NAS-Port-ID

Name assigned to the authenticator port, e.g.
Server1_Port3

1

0

0

0

Legend:
RADIUS Packet Types: A-R (Access-Request), A-A (Access-Accept), A-C (Access-Challenge), A-R (Access-Reject)
RADIUS Attribute Support:
0 This attribute MUST NOT be present in a packet.
0+ Zero or more instances of this attribute MAY be present in a packet.
0-1 Zero or one instance of this attribute MAY be present in a packet.
1 Exactly one instance of this attribute MUST be present in a packet.
1+ One or more of these attributes MUST be present.

See also other documents in the category Blade ICE Computer Accessories: