R3166-R3206-HP High-End Firewalls Access Control Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

121

122

123

124

125

126

127

128

129

130

123

No. Attribute Descri

tion

15 Login-Service Type of the service that the user uses for login.

18 Reply-Message

Text to be displayed to the user, which can be used by the server to indicate, for

example, the reason of the authentication failure.

26 Vendor-Specific

Vendor specific attribute. A packet can contain one or more such proprietary

attributes, each of which can contain one or more sub-attributes.

27 Session-Timeout

Maximum duration of service to be provided to the user before termination of the

session.

28 Idle-Timeout Maximum idle time permitted for the user before termination of the session.

31 Calling-Station-Id

Identification of the user that the NAS sends to the server. For the LAN access

service provided by an HP device, this attribute carries the MAC address of the

user in the format HHHH-HHHH-HHHH.

32 NAS-Identifier Identification that the NAS uses for indicating itself.

40 Acct-Status-Type

Type of the Accounting-Request packet. Possible values are as follows:

• 1—Start

• 2—Stop

• 3—Interium-Update

• 4—Reset-Charge

• 7—Accounting-On (Defined in 3GPP, the 3rd Generation Partnership Project)

• 8—Accounting-Off (Defined in 3GPP)

• 9 to 14—Reserved for tunnel accounting

• 15—Reserved for failed

45 Acct-Authentic

Authentication method used by the user. Possible values are as follows:

• 1—RADIUS

• 2—Local

• 3—Remote

60 CHAP-Challenge

CHAP challenge generated by the NAS for MD5 calculation during CHAP

authentication.

61 NAS-Port-Type

Type of the physical port of the NAS that is authenticating the user. Possible

values are as follows:

• 15 — E t h e r n e t

• 16—Any type of ADSL

• 17—Cable (with cable for cable TV)

• 201—VLAN

• 202—ATM

If the port is an ATM or Ethernet one and VLANs are implemented on it, the value

of this attribute is 201.

79 EAP-Message

Used for encapsulating EAP packets to allow the NAS to authenticate dial-in

users via EAP without having to understand the EAP protocol.

Message-Authentic

ator

Used for authentication and checking of authentication packets to prevent

spoofing Access-Requests. This attribute is used when RADIUS supports EAP

authentication.

87 NAS-Port-Id String for describing the port of the NAS that is authenticating the user.