H3C Technologies H3C S3100 Series Switches User Manual

Page 411

Advertising
background image

1-6

5) The Authenticator field (16 bytes) is used to authenticate the response from the RADIUS server;

and is used in the password hiding algorithm. There are two kinds of authenticators: Request

Authenticator and Response Authenticator.

6) The Attributes field contains specific authentication/authorization/accounting information to provide

the configuration details of a request or response message. This field contains a list of field triplet

(Type, Length and Value):

z

The Type field (one byte) specifies the type of an attribute. Its value ranges from 1 to 255.

Table 1-2

lists the attributes that are commonly used in RADIUS authentication/authorization.

z

The Length field (one byte) specifies the total length of the attribute in bytes (including the Type,

Length and Value fields).

z

The Value field (up to 253 bytes) contains the information of the attribute. Its format is determined

by the Type and Length fields.

Table 1-2 RADIUS attributes

Type field value

Attribute type

Type field

value

Attribute type

1 User-Name 23

Framed-IPX-Network

2 User-Password

24

State

3 CHAP-Password

25

Class

4 NAS-IP-Address

26

Vendor-Specific

5 NAS-Port 27

Session-Timeout

6 Service-Type

28

Idle-Timeout

7 Framed-Protocol

29

Termination-Action

8 Framed-IP-Address

30

Called-Station-Id

9 Framed-IP-Netmask

31 Calling-Station-Id

10 Framed-Routing

32

NAS-Identifier

11 Filter-ID

33

Proxy-State

12 Framed-MTU

34

Login-LAT-Service

13 Framed-Compression

35

Login-LAT-Node

14 Login-IP-Host

36

Login-LAT-Group

15 Login-Service

37

Framed-AppleTalk-Link

16 Login-TCP-Port

38

Framed-AppleTalk-Network

17 (unassigned) 39

Framed-AppleTalk-Zone

18 Reply-Message

40-59

(reserved

for

accounting)

19 Callback-Number

60

CHAP-Challenge

20 Callback-ID 61

NAS-Port-Type

21 (unassigned) 62

Port-Limit

22 Framed-Route

63

Login-LAT-Port

The RADIUS protocol has good scalability. Attribute 26 (Vender-Specific) defined in this protocol allows

a device vendor to extend RADIUS to implement functions that are not defined in standard RADIUS.

Advertising
Popular Brands
Popular manuals