Supported radius attributes – HP 445946-001 User Manual

Page 50

Advertising
background image

Port-based Network Access and traffic control

50

Supported RADIUS attributes

The HP 10GbE switch 802.1x Authenticator relies on external RADIUS servers for authentication with

EAP. The following table lists the RADIUS attributes that are supported as part of RADIUS-EAP

authentication based on the guidelines specified in Annex D of the 802.1x standard and RFC 3580.

Table 9

EAP support for RADIUS attributes

# Attribute

Attribute

Value

A-R A-A A-C A-R

1

User-Name

The value of the Type-Data field from the

supplicant’s EAP-Response/Identity message.

If the Identity is unknown (i.e. Type-Data field
is zero bytes in length), this attribute will have

the same value as the Calling-Station-Id.

1 0-1

0 0

4

NAS-IP-Address

IP address of the authenticator used for
RADIUS communication.

1 0 0 0

5

NAS-Port

Port number of the authenticator port to which
the supplicant is attached.

1 0 0 0

24

State

Server-specific value. This is sent unmodified
back to the server in an Access-Request that is

in response to an Access-Challenge.

0-1 0-1 0-1 0

30

Called-Station-ID

The MAC address of the authenticator
encoded as an ASCII string in canonical

format, e.g. 000D5622E3 9F.

1 0 0 0

31

Calling-Station-ID

The MAC address of the supplicant encoded
as an ASCII string in canonical format, e.g.

00034B436206.

1 0 0 0

79

EAP-Message

Encapsulated EAP packets from the supplicant

to the authentication server (Radius) and vice-
versa. The authenticator relays the decoded

packet to both devices.

1+ 1+ 1+ 1+

80

Message-Authenticator

Always present whenever an EAP-Message

attribute is also included. Used to integrity-
protect a packet.

1 1 1 1

87

NAS-Port-ID

Name assigned to the authenticator port, e.g.
Server1_Port3

1 0 0 0

Legend:

RADIUS Packet Types: A-R (Access-Request), A-A (Access-Accept), A-C (Access-Challenge), A-R (Access-Reject)
RADIUS Attribute Support:
0—This attribute MUST NOT be present in a packet.
0+—Zero or more instances of this attribute MAY be present in a packet.
0-1—Zero or one instance of this attribute MAY be present in a packet.
1—Exactly one instance of this attribute MUST be present in a packet.
1+—One or more of these attributes MUST be present.

Advertising
Popular Brands
Popular manuals