600Appendix B: Supported RADIUS Attributes

Table 39: 801.1X Attributes

 

 

Rcv in

Sent in

Sent in

 

Attribute

Type

Access

Access

Acct

Description and Values

 

 

Resp?

Reqst?

Reqst?

 

 

 

 

 

 

 

User-Name

1

No

Yes

Yes

String. Name of the user to be

 

 

 

 

 

authenticated. Used only in Request

 

 

 

 

 

packets.

 

 

 

 

 

 

User-Password

2

No

Yes

No

Password of the user to be authenticated,

 

 

 

 

 

unless a CHAP-Password is used.

 

 

 

 

 

 

CHAP-

3

No

Yes

No

Password of the user to be authenticated,

Password

 

 

 

 

unless a User-Password is used.

 

 

 

 

 

 

NAS-IP-

4

No

Yes

Yes

IP address sent by the WSS switch.

Address

 

 

 

 

 

 

 

 

 

 

 

Service-Type

5

No

Yes

Yes

Access type, which can be one of the

 

 

 

 

 

following:

 

 

 

 

 

2—Framed; for network user access

 

 

 

 

 

6—Administrative; for

 

 

 

 

 

administrative access to the WSS

 

 

 

 

 

switch, with authorization to access

 

 

 

 

 

the enabled (configuration) mode.

 

 

 

 

 

The user must enter the enable

 

 

 

 

 

command and the correct enable

 

 

 

 

 

password to access the enabled

 

 

 

 

 

mode.

 

 

 

 

 

7—NAS-Prompt; for administrative

 

 

 

 

 

access to the nonenabled mode only.

 

 

 

 

 

In this mode, the user can still enter

 

 

 

 

 

the enable command and the correct

 

 

 

 

 

enable password to access the

 

 

 

 

 

enabled mode.

 

 

 

 

 

For administrative sessions, the WSS

 

 

 

 

 

switch always sends 6 (Administrative).

 

 

 

 

 

The RADIUS server can reply with one

 

 

 

 

 

of the values listed above.

 

 

 

 

 

If the service-type is not set on the

 

 

 

 

 

RADIUS server, administrative users

 

 

 

 

 

receive NAS-Prompt access, and

 

 

 

 

 

network users receive Framed access.

 

 

 

 

 

 

Filter-Id

11

Yes

No

Optional

Name of an access control list (ACL) to

 

 

 

 

 

filter outbound or inbound traffic. Use

 

 

 

 

 

the form ACL name.in and ACL

 

 

 

 

 

name.out. (For details, see Chapter ,

 

 

 

 

 

“Configuring and Managing Security

 

 

 

 

 

ACLs,” on page 351.)

 

 

 

 

 

 

320657-A

Page 600
Image 600
Nortel Networks 2300 manual 801.1X Attributes