Support User Manuals

Nortel Networks 42C4911 Switch User Manual

Open as PDF

of 260

Alteon OS Application Guide

72

 Chapter 2: Port-based Network Access Control 42C4911, January 2007

Supported RADIUS Attributes

The Alteon 802.1x Authenticator relies on external RADIUS servers for authentication

with EAP. Table 2 lists the RADIUS attributes that are supported as part of

RADIUS-EAP authentication based on the guidelines specified in Annex D of the 802.1x

standard and RFC 3580.

Table 2 Support for RADIUS Attributes

# Attribute Attribute Value A-R A-A A-C A-R

1 User-Name The value of the Type-Data field from the supplicant’s

EAP-Response/Identity message. If the Identity is

unknown (i.e. Type-Data field is zero bytes in length), this

attribute will have the same value as the Calling-Station-

Id.

10-10 0

4 NAS-IP-Address IP address of the authenticator used for Radius commu-

nication.

1000

5 NAS-Port Port number of the authenticator port to which the suppli-

cant is attached.

1000

24 State Server-specific value. This is sent unmodified back to the

server in an Access-Request that is in response to an

Access-Challenge.

0-1 0-1 0-1 0

30 Called-Station-ID The MAC address of the authenticator encoded as an

ASCII string in canonical format, e.g. 000D5622E3 9F.

1000

31 Calling-Station-ID The MAC address of the supplicant encoded as an ASCII

string in canonical format, e.g. 00034B436206.

1000

79 EAP-Message Encapsulated EAP packets from the supplicant to the

authentication server (Radius) and vice-versa. The

authenticator relays the decoded packet to both devices.

1+ 1+ 1+ 1+

80 Message-Authentica-

tor

Always present whenever an EAP-Message attribute is

also included. Used to integrity-protect a packet.

1111

87 NAS-Port-ID Name assigned to the authenticator port, e.g.

Server1_Port3

1000

Legend:

RADIUS Packet Types: A-R (Access-Request), A-A (Access-Accept), A-C (Access-Challenge), A-R (Access-Reject)

RADIUS Attribute Support:

0 This attribute MUST NOT be present in a packet.

0+ Zero or more instances of this attribute MAY be present in a packet.

0-1 Zero or one instance of this attribute MAY be present in a packet.

1 Exactly one instance of this attribute MUST be present in a packet.

1+ One or more of these attributes MUST be present.

previous next