Extended radius attributes, Protocols and standards – H3C Technologies H3C S5120 Series Switches User Manual
Page 413
1-7
No.
Attribute
No.
Attribute
42 Acct-Input-Octets
89 (unassigned)
43 Acct-Output-Octets
90 Tunnel-Client-Auth-id
44 Acct-Session-Id
91 Tunnel-Server-Auth-id
are defined by RFC 2865, RFC 2866, RFC 2867, and RFC 2868.
Extended RADIUS Attributes
The RADIUS protocol features excellent extensibility. Attribute 26 (Vender-Specific) defined by RFC
2865 allows a vender to define extended attributes to implement functions that the standard RADIUS
protocol does not provide.
A vendor can encapsulate multiple type-length-value (TLV) sub-attributes in RADIUS packets for
extension in applications. As shown in
, a sub-attribute that can be encapsulated in Attribute
26 consists of the following four parts:
z
Vendor-ID (four bytes): Indicates the ID of the vendor. Its most significant byte is 0 and the other
three bytes contain a code complying with RFC 1700. The vendor ID of H3C is 2011.
z
Vendor-Type: Indicates the type of the sub-attribute.
z
Vendor-Length: Indicates the length of the sub-attribute.
z
Vendor-Data: Indicates the contents of the sub-attribute.
Figure 1-5 Segment of a RADIUS packet containing an extended attribute
Protocols and Standards
The protocols and standards related to AAA and RADIUS include:
z
RFC 2865: Remote Authentication Dial In User Service (RADIUS)
z
RFC 2866: RADIUS Accounting
z
RFC 2867: RADIUS Accounting Modifications for Tunnel Protocol Support
z
RFC 2868: RADIUS Attributes for Tunnel Protocol Support
z
RFC 2869: RADIUS Extensions