3Com 7757 Configuration Manual page 512

512 C 49: AAA & RADIUS & HWTACACS C
HAPTER ONFIGURATION
4 The Authenticator field (16 bytes) is used to verify the packet returned from the
RADIUS server; it is also used in the password hiding algorithm. There are two
kinds of authenticators: Request and Response.
5 The Attribute field contains special authentication, authorization, and accounting
information to provide the configuration details of a request or response packet.
This field is represented by a field triplet (Type, Length and Value):
The Type field (one byte) specifies the type of the attribute. Its value ranges
■
from 1 to 255. Table 396 lists the attributes that are commonly used in RADIUS
authentication and authorization.
The Length field (one byte) specifies the total length of the Attribute field in
■
bytes (including the Type, Length and Value fields).
The Value field (up to 253 bytes) contains the information about the attribute.
■
Its content and format are determined by the Type and Length fields.
Table 396 RADIUS attributes
Value of the
Type field Attribute type
1 User-Name
2 User-Password
3 CHAP-Password
4 NAS-IP-Address
5 NAS-Port
6 Service-Type
7 Framed-Protocol
8 Framed-IP-Address
9 Framed-IP-Netmask
10 Framed-Routing
11 Filter-ID
12 Framed-MTU
13 Framed-Compression
14 Login-IP-Host
15 Login-Service
16 Login-TCP-Port
17 (unassigned)
18 Reply-Message
19 Callback-Number
20 Callback-ID
21 (unassigned)
22 Framed-Route
The RADIUS protocol takes good scalability. Attribute 26 (Vender-Specific) defined
in this protocol allows a device vendor to extend RADIUS to implement functions
that are not defined in standard RADIUS.
Figure 130 depicts the structure of attribute 26. The Vendor-ID field representing
the code of the vendor occupies four bytes. The first byte is 0, and the other three
bytes are defined in RFC1700. Here, the vendor can encapsulate multiple
Value of the
Type field Attribute type
23 Framed-IPX-Network
24 State
25 Class
26 Vendor-Specific
27 Session-Timeout
28 Idle-Timeout
29 Termination-Action
30 Called-Station-Id
31 Calling-Station-Id
32 NAS-Identifier
33 Proxy-State
34 Login-LAT-Service
35 Login-LAT-Node
36 Login-LAT-Group
37 Framed-AppleTalk-Link
38 Framed-AppleTalk-Network
39 Framed-AppleTalk-Zone
40-59 (reserved for accounting)
60 CHAP-Challenge
61 NAS-Port-Type
62 Port-Limit
63 Login-LAT-Port