Support User Manuals

HP (Hewlett-Packard) 445946-001 Switch User Manual

Open as PDF

of 198

Port-based Network Access and traffic control

50

Supported RADIUS attributes

The HP 10GbE switch 802.1x Authenticator relies on external RADIUS servers for authentication with

EAP. The following table lists the RADIUS attributes that are supported as part of RADIUS-EAP

authentication based on the guidelines specified in Annex D of the 802.1x standard and RFC 3580.

Table 9 EAP support for RADIUS attributes

# Attribute Attribute Value A-R A-A A-C A-R

1 User-Name The value of the Type-Data field from the

supplicant’s EAP-Response/Identity message.

If the Identity is unknown (i.e. Type-Data field

is zero bytes in length), this attribute will have

the same value as the Calling-Station-Id.

1 0-1 0 0

4 NAS-IP-Address IP address of the authenticator used for

RADIUS communication.

1 0 0 0

5 NAS-Port Port number of the authenticator port to which

the supplicant is attached.

1 0 0 0

24 State Server-specific value. This is sent unmodified

back to the server in an Access-Request that is

in response to an Access-Challenge.

0-1 0-1 0-1 0

30 Called-Station-ID The MAC address of the authenticator

encoded as an ASCII string in canonical

format, e.g. 000D5622E3 9F.

1 0 0 0

31 Calling-Station-ID The MAC address of the supplicant encoded

as an ASCII string in canonical format, e.g.

00034B436206.

1 0 0 0

79 EAP-Message Encapsulated EAP packets from the supplicant

to the authentication server (Radius) and vice-

versa. The authenticator relays the decoded

packet to both devices.

1+ 1+ 1+ 1+

80 Message-Authenticator Always present whenever an EAP-Message

attribute is also included. Used to integrity-

protect a packet.

1 1 1 1

87 NAS-Port-ID Name assigned to the authenticator port, e.g.

Server1_Port3

1 0 0 0

Legend:

RADIUS Packet Types: A-R (Access-Request), A-A (Access-Accept), A-C (Access-Challenge), A-R (Access-Reject)

RADIUS Attribute Support:

0—This attribute MUST NOT be present in a packet.

0+—Zero or more instances of this attribute MAY be present in a packet.

0-1—Zero or one instance of this attribute MAY be present in a packet.

1—Exactly one instance of this attribute MUST be present in a packet.

1+—One or more of these attributes MUST be present.

previous next