June 30, 2006 Appendix A: SG-1 Vendor-Specific Attributes
SG1-UM-8500-03 A-13
user:max-allowed-sessions sub-attribute
The user:max-allowed-sessions sub-attribute defines the maximum number of sessions allowed in a single blade
per username. When the system receives this attribute in the authentication process, it checks for the number of
concurrent sessions containing the authenticated user-name. If the number of sessions including the current
authenticated one, exceeds the number of allowed sessions the system rejects the new incoming session, causing
an immediate disconnection.
General:
Format:
adc-avpair = "user:max-allowed-sessions=<maximum number of sessions per blade>",
Example:
adc-avpair = "user:max-allowed-sessions=1",
user:class sub-attribute
The user:class sub-attribute contains the user class information, a string of maximum size of 256 characters. It is
available to be sent by the Radius server to the system in an Access-Accept or Service-Accept messages. The
system sends it unmodified to the Radius server as part of the Authentication and Accounting-Requests packets.
The user:class sub-attribute operates in hierarchy mode and supports both user and service levels. When received
in service authentication, it operates only in the service lifetime and being reset while service is changing. When
received in user authentication, it operates during the whole session lifetime.
General:
Format:
adc-avpair = "user:class=<user class data>",
Example:
adc-avpair = "user:class=belong to security group",
Operation Mode: Access-Accept message
Vendor-type: 20
Vendor-length = 2 + 4 + attribute-name length
Operation Mode: Access-Accept message
Service-Request message
Service-Accept message
Accounting on, off, start and stop messages, interim
Vendor-type: 21
Vendor-length = 2 + (1-256) + attribute-name
length