Alcatel-Lucent 8950 AAA Computer Accessories User Manual


  Open as PDF
of 476
 
............................................................................................................................................................................................................................................................
Understanding and Creating Attribute SetsUsing the 8950 AAA Policy Assistant in Server
Management Tool
9-18
365-360-001R6.0
Issue 1, December 2008
............................................................................................................................................................................................................................................................
If a reply attribute differs from the nature of the user’s session, the NAS must resolve the
problem. For example, if the user connects using PPP and 8950 AAA returns a Framed-
Protocol attribute set to “SLIP” the NAS should drop the session.
With the 8950 AAA PolicyAssistant it is possible to define attribute sets that apply to all
users of a policy. This means that individual user profiles need only contain a user name
and password. All other attributes for authorization checks and provisioning rules can be
contained in an attribute set for the policy. This makes system management much easier
for the administrator.
Changing authorization checks and session provisioning can be accomplished by editing
the attribute set. This eliminates the need to edit numerous user profiles each time policy
changes.
Reply-Message Sends a message back to the NAS
to be displayed to the user. In
Windows networking this message
may be logged but is not directly
displayed to the user.
No No limit
Vendor-Specific Used for encoding proprietary
vendor specific attribute (VSA)
extensions to the RADIUS
protocol. See your NAS vendor's
documentation for a list of VSAs
they support.
No No limit
Session-Timeout The maximum allowed session
length (in seconds)
No 1
Idle-Timeout The maximum idle time allowed
for the session.
No 1
Port-Limit The total number of sessions that
can be linked together for creating
greater bandwidth (Typically used
with ISDN sessions.)
No 1
Table 9-2 List of Attributes allowed in an Access–Accept available as Reply
Attributes
Attribute Name Description Required Max
 previous next