June 30, 2006

Appendix A: SG-1Vendor-Specific Attributes

General:

Operation Mode: Access Request message

Service-Request message

Vendor-type: 13

Vendor-length = 2 + name length + (23 32)

Format:

adc-avpair = "user:auth-type=<pre-auth service-selection web-auth>",

Example:

adc-avpair = "user:auth-type=pre-auth",

user:action sub-attribute

The user:action sub-attribute defines the action that should be taken by the system.

The actions are:

a.Reject – Reject an authenticated peer or disconnect a connected peer.

b.echo – The system sends echo messages to the connected session. It disconnects the session after 33 seconds if it is not responding for the echo messages. In case the echo did not get any response during the session lifetime the system is not disconnecting the session and is setting the echo status to disable. The echo action is relevant only for native IP sessions and is being ignored in other session types.

c.macantispoof – The system is allowing only one IP address per MAC address. The MAC is the user MAC address as learned by the DHCP relay or by the proxy RADIUS. In case the call trigger is not DHCP or proxy RADIUS the system is setting the mac-anti-spoofing status to disable.

d.user_space_overwrite – The system should update the user space (and not the service space) with all attributes received when this sub-attribute appears. This action is relevant only for Service-Accept mes- sages (service authentication response) and is being ignored when received in session authentication respond. The action may be included once in access accept messages, and the system ignores all other instances.

e.user_space_overwrite_on_next_service – The system should update once the user space (and not the ser- vice space) with all next-service attributes when it is being invoked. The system then resets this sub- attribute. When the next-service parameters includes user:action=user_space_overwrite the system should ignore it. The action may be included once in access accept messages, and the system ignores all other instances. This sub-attribute is not working in hierarchy mode.

SG1-UM-8500-03

A-9

Page 167
Image 167
ADC user manual June 30 Appendix a SG-1Vendor-Specific Attributes General, Adc-avpair = userauth-type=pre-auth