Extended radius attributes, Protocols and standards, Configuring radius – H3C Technologies H3C SecPath F1000-E User Manual

6

Extended RADIUS Attributes

The RADIUS protocol features excellent extensibility. Attribute 26 (Vender-Specific) defined by RFC 2865

allows a vender to define extended attributes to implement functions that the standard RADIUS protocol

does not provide.
A vendor can encapsulate multiple type-length-value (TLV) sub-attributes in RADIUS packets for extension

in applications. As shown in

Figure 4

, a sub-attribute that can be encapsulated in Attribute 26 consists

of the following four parts:

•

Vendor-ID (four bytes): Indicates the ID of the vendor. Its most significant byte is 0 and the other

three bytes contain a code complying with RFC 1700. The vendor ID of H3C is 2011.

•

Vendor-Type: Indicates the type of the sub-attribute.

•

Vendor-Length: Indicates the length of the sub-attribute.

•

Vendor-Data: Indicates the contents of the sub-attribute.

Figure 4 Segment of a RADIUS packet containing an extended attribute

Protocols and Standards

The protocols and standards related to RADIUS include:

•

RFC 2865: Remote Authentication Dial In User Service (RADIUS)

•

RFC 2866: RADIUS Accounting

•

RFC 2867: RADIUS Accounting Modifications for Tunnel Protocol Support

•

RFC 2868: RADIUS Attributes for Tunnel Protocol Support

•

RFC 2869: RADIUS Extensions

Configuring RADIUS

Configuration Task List

NOTE:
•

The RADIUS scheme configured through the Web interface is named system.

•

By default, there is no RADIUS scheme named system in the system. When you select any item under
User > RADIUS from the navigation tree to enter the page of the item, the system will automatically
create a scheme named system.

Table 3

lists the RADIUS configuration steps: