3Com Switch 7750 Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

511

512

513

514

515

516

517

518

519

520

512 CHAPTER 49: AAA & RADIUS & HWTACACS CONFIGURATION

4 The Authenticator field (16 bytes) is used to verify the packet returned from the

RADIUS server; it is also used in the password hiding algorithm. There are two

kinds of authenticators: Request and Response.

5 The Attribute field contains special authentication, authorization, and accounting

information to provide the configuration details of a request or response packet.

This field is represented by a field triplet (Type, Length and Value):

■ The Type field (one byte) specifies the type of the attribute. Its value ranges

from 1 to 255. Table 396 lists the attributes that are commonly used in RADIUS

authentication and authorization.

■ The Length field (one byte) specifies the total length of the Attribute field in

bytes (including the Type, Length and Value fields).

■ The Value field (up to 253 bytes) contains the information about the attribute.

Its content and format are determined by the Type and Length fields.

The RADIUS protocol takes good scalability. Attribute 26 (Vender-Specific) defined

in this protocol allows a device vendor to extend RADIUS to implement functions

that are not defined in standard RADIUS.

Figure 130 depicts the structure of attribute 26. The Vendor-ID field representing

the code of the vendor occupies four bytes. The first byte is 0, and the other three

bytes are defined in RFC1700. Here, the vendor can encapsulate multiple

Table 396 RADIUS attributes

Value of the

Type field Attribute type

Value of the

Type field Attribute type

1 User-Name 23 Framed-IPX-Network

2 User-Password 24 State

3 CHAP-Password 25 Class

4 NAS-IP-Address 26 Vendor-Specific

5 NAS-Port 27 Session-Timeout

6 Service-Type 28 Idle-Timeout

7 Framed-Protocol 29 Termination-Action

8 Framed-IP-Address 30 Called-Station-Id

9 Framed-IP-Netmask 31 Calling-Station-Id

10 Framed-Routing 32 NAS-Identifier

11 Filter-ID 33 Proxy-State

12 Framed-MTU 34 Login-LAT-Service

13 Framed-Compression 35 Login-LAT-Node

14 Login-IP-Host 36 Login-LAT-Group

15 Login-Service 37 Framed-AppleTalk-Link

16 Login-TCP-Port 38 Framed-AppleTalk-Network

17 (unassigned) 39 Framed-AppleTalk-Zone

18 Reply-Message 40-59 (reserved for accounting)

19 Callback-Number 60 CHAP-Challenge

20 Callback-ID 61 NAS-Port-Type

21 (unassigned) 62 Port-Limit

22 Framed-Route 63 Login-LAT-Port