Appendix B Descriptions for commonly used standard RADIUS attributes
No. | Attribute | Description |
|---|---|---|
1 | User-Name | Name of the user to be authenticated. |
2 | User-Password | User password for PAP authentication, only present in Access-Request packets when PAP authentication is used. |
3 | CHAP-Password | Digest of the user password for CHAP authentication, only present in Access-Request packets when CHAP authentication is used. |
4 | NAS-IP-Address | IP address for the server to use to identify the client. Typically, a client is identified by the IP address of its access interface. This attribute is only present in Access-Request packets. |
5 | NAS-Port | Physical port of the NAS that the user accesses. |
6 | Service-Type | Type of service that the user has requested or type of service to be provided. |
7 | Framed-Protocol | Encapsulation protocol for framed access. |
8 | Framed-IP-Address | IP address assigned to the user. |
11 | Filter-ID | Name of the filter list. |
12 | Framed-MTU | MTU for the data link between the user and NAS. For example, this attribute can be used to define the maximum size of EAP packets allowed to be processed in 802.1X EAP authentication. |
14 | Login-IP-Host | IP address of the NAS interface that the user accesses. |
15 | Login-Service | Type of service that the user uses for login. |
18 | Reply-Message | Text to be displayed to the user, which can be used by the server to communicate information, for example, the cause of the authentication failure. |
26 | Vendor-Specific | Vendor-specific proprietary attribute. A packet can contain one or more proprietary attributes, each of which can contain one or more subattributes. |
27 | Session-Timeout | Maximum service duration for the user before termination of the session. |
28 | Idle-Timeout | Maximum idle time permitted for the user before termination of the session. |
31 | Calling-Station-Id | User identification that the NAS sends to the server. For the LAN access service provided by an HPE device, this attribute includes the MAC address of the user in the format HHHH-HHHH-HHHH. |
32 | NAS-Identifier | Identification that the NAS uses to identify itself to the RADIUS server. |
40 | Acct-Status-Type | Type of the Accounting-Request packet. Possible values include:
|
45 | Acct-Authentic | Authentication method used by the user. Possible values include:
|
60 | CHAP-Challenge | CHAP challenge generated by the NAS for MD5 calculation during CHAP authentication. |
61 | NAS-Port-Type | Type of the physical port of the NAS that is authenticating the user. Possible values include:
If the port is an ATM or Ethernet one and VLANs are implemented on it, the value of this attribute is 201. |
64 | Tunnel-Type | Tunneling protocols used. The value 13 represents VLAN. If the value is 13, the device interprets the Tunnel-Type, Tunnel-Medium-Type, and Tunnel-Private-Group-ID attributes as attributes to assign VLANs. |
65 | Tunnel-Medium-Type | Transport medium type to use for creating a tunnel. For VLAN assignment, the value must be 6 to indicate the 802 media plus Ethernet. |
79 | EAP-Message | Used to encapsulate EAP packets to allow RADIUS to support EAP authentication. |
80 | Message-Authenticator | Used for authentication and verification of authentication packets to prevent spoofing Access-Requests. This attribute is present when EAP authentication is used. |
81 | Tunnel-Private-Group-ID | Group ID for a tunnel session. To assign VLANs, the NAS conveys VLAN IDs by using this attribute. |
87 | NAS-Port-Id | String for describing the port of the NAS that is authenticating the user. |
168 | Framed-IPv6-Address | Server-assigned IPv6 address for the NAS to assign to the host. The address must be unique. |