242 CHAPTER 20: AAA OVERVIEW
3 The Length field (two bytes) specifies the total length of the message (including
the Code, Identifier, Length, Authenticator and Attributes fields). The bytes
beyond the length are regarded as padding and are ignored upon reception. If a
received message is shorter than what the Length field indicates, it is discarded.
4 The Authenticator field (16 bytes) is used to authenticate the response from the
RADIUS server; and is used in the password hiding algorithm. There are two kinds
of authenticators: Request Authenticator and Response Authenticator.
5 The Attributes field contains specific authentication/authorization/accounting
information to provide the configuration details of a request or response message.
This field contains a list of field triplet (Type, Length and Value):
■ The Type field (one byte) specifies the type of an attribute. Its value ranges from
1 to 255.
Table 179 lists the attributes that are commonly used in RADIUS
authentication/authorization.
■ The Length field (one byte) specifies the total length of the attribute in bytes
(including the Type, Length and Value fields).
■ The Value field (up to 253 bytes) contains the information of the attribute. Its
format is determined by the Type and Length fields.
The RADIUS protocol has good scalability. Attribute 26 (Vender-Specific) defined in
this protocol allows a device vendor to extend RADIUS to implement functions
that are not defined in standard RADIUS.
Tabl e 179 RADIUS attributes
Type field
value
Attribute type Type field value Attribute type
1 User-Name 23 Framed-IPX-Network
2 User-Password 24 State
3 CHAP-Password 25 Class
4 NAS-IP-Address 26 Vendor-Specific
5 NAS-Port 27 Session-Timeout
6 Service-Type 28 Idle-Timeout
7 Framed-Protocol 29 Termination-Action
8 Framed-IP-Address 30 Called-Station-Id
9 Framed-IP-Netmask 31 Calling-Station-Id
10 Framed-Routing 32 NAS-Identifier
11 Filter-ID 33 Proxy-State
12 Framed-MTU 34 Login-LAT-Service
13 Framed-Compression 35 Login-LAT-Node
14 Login-IP-Host 36 Login-LAT-Group
15 Login-Service 37 Framed-AppleTalk-Link
16 Login-TCP-Port 38 Framed-AppleTalk-Network
17 (unassigned) 39 Framed-AppleTalk-Zone
18 Reply-Message 40-59 (reserved for accounting)
19 Callback-Number 60 CHAP-Challenge
20 Callback-ID 61 NAS-Port-Type
21 (unassigned) 62 Port-Limit
22 Framed-Route 63 Login-LAT-Port
To Next Page
Loading...
