Support User Manuals

Alcatel-Lucent 8950 AAA Computer Accessories User Manual

Open as PDF

of 476

Understanding and Creating Attribute SetsUsing the 8950 AAA Policy Assistant in Server

Management Tool

............................................................................................................................................................................................................................................................

365-360-001R6.0

Issue 1, December 2008

9-17

............................................................................................................................................................................................................................................................

The 8950 AAA server supports session provisioning by returning reply attributes to the

NAS upon a successful authentication. Reply attributes, stored in a attribute set, or

possibly a user profile, provide additional parameters the NAS needs to complete an

access request. By including appropriate reply attributes in a policy, a variety of

connection configurations can be applied. For example, a user can be assigned a specific

IP addresses, IP header compression can be turned on or off, or a time limit can be

assigned to the connection. Table 9-2 lists attributes allowed in an Access-Accept that are

commonly used as reply attributes.

Time-Of-Day Define allowed access times by

day-of-week and/or hour-of-day.

Time-Of-Day = Wk0800-

1700

Table 9-2 List of Attributes allowed in an Access–Accept available as Reply

Attributes

Attribute Name Description Required Max

User-Name Sets the User-Name for the

session. Use if the NAS should

send accounting for a name other

than the name used for

authentication

No 1

Service-Type The type of protocol. Typically set

to “Framed-Protocol” for IP

networks.

No 1

Framed-Protocol The framing protocol to be used,

typically PPP.

No 1

Framed-IP-Address Assigns an IP Address for the

session

No 1

Framed-IP-Netmask Assigns a Netmask for the session No 1

Filter-Id Sets an IP filter to use for the

session. The filter must have been

defined or be available to the

NAS.

No No limit

Figure 9-9 Sample List of Verification Attributes

Attribute Name

Description of Use of this

Attribute as a Verification

Attribute Example

previous next