RADIUS Attributes
Value
|
Attribute Name
|
Length
|
Description
|
|
1 |
User-Name |
>=3 |
The name of the user to be authenticated. It is only used in Access-Request packets. |
|
2 |
User-Password |
18 to 130 |
The encrypted password supplied by the user. |
|
3 |
CHAP password |
19 |
The response value provided by a PPP Challenge-Handshake Authentication Protocol (CHAP) user in response to the challenge. |
|
4 |
NAS-IP Address |
6 |
The IP address of the RADIUS client that the user is trying to log into. |
|
5 |
NAS-Port |
6 |
The serial port number the user is logging to. |
|
6 |
Service Type |
This Attribute indicates the type of service the user has requested, or the type of service to be provided. |
|
|
|
|
Login |
The user should be connected to a host. |
|
|
|
Framed |
A Framed Protocol should be started for the User, such as PPP or SLIP. |
|
|
|
Callback Login |
The user should be disconnected and called back, then connected to a host. |
|
|
|
Callback Framed |
The user should be
disconnected and called back, then a Framed Protocol should be started for
the User, such as PPP or SLIP. |
|
|
|
Outbound |
The user should be granted access to outgoing devices. |
|
|
|
Administrative |
The user should be granted access to the administrative interface to the NAS from which privileged commands can be executed. |
|
|
|
NAS Prompt |
The user should be provided a command prompt on the NAS from which non-privileged commands can be executed. |
|
7 |
Framed - Protocol |
What protocol to use? indicates the framing to be used for framed access. |
|
|
|
|
PPP |
Bring up a PPP link |
|
|
|
SLIP |
Bring up a SLIP link |
|
|
|
ARAP |
Bring up a AppleTalk Remote Access link |
|
8 |
Framed-IP-Address |
Indicates the address to be configured for the user. |
|
|
9 |
Framed-IP-Netmask |
Indicates the IP netmask to be configured for the user when the user is a router to a network. |
|
|
10 |
Framed-Routing |
Indicates the routing method for the user, when the user is a router to a network. |
|
|
|
|
None |
Do not broadcast RIP packets to this interface, nor listen for them |
|
|
|
Broadcast |
Broadcast RIP packets on this interface, but do not listen to them. |
|
|
|
Listen |
Listen for RIP packets, but do not send them. |
|
|
|
Broadcast - listen |
Broadcast RIP packets and listen for them on this interface. |
|
11 |
Filter-Id |
>=3 |
The name of the IP filter list for this user. |
|
12 |
Framed-MTU |
6 |
The Maximum Transmission Unit to be configured for the user, when it is not negotiated by some other means (such as PPP). |
|
13 |
Framed-Compressions |
>=3 |
A compression protocol to be used for the link. |
|
14 |
Login-IP-Host |
address |
The IP address of the host this user wants to log into. |
|
15 |
Login-Service |
The service which should be used to connect the user to the login host. |
|
|
|
|
Telnet |
User will telnet to the host |
|
|
|
Rlogin |
User will rlogin to the host |
|
16 |
Login-Port |
6 |
TCP port with which the user is to be connected, when the Login-Service Attribute is also present. |
|
18 |
Reply-Message |
>=3 |
Indicates text which MAY be displayed to the user. |
|
19 |
Callback-Number |
>=3 |
A dialing string to be used for callback. |
|
20 |
Callback-Id |
>=3 |
The name of a place to be called, to be interpreted by the NAS. |
|
22 |
Framed-Route |
>=3 |
A list of any network or host addresses which should be routed through this link's remote address. |
|
23 |
Framed-IPX-Network |
6 |
The IPX Network number to be configured for the user |
|
24 |
State |
>=3 |
This Attribute is available to be sent by the server to the client in an Access-Challenge and MUST be sent unmodified from the client to the server in the new Access-Request reply to that challenge, if any. This Attribute is available to be sent by the server to the client in an Access-Accept that also includes a Termination-Action Attribute with the value of RADIUS-Request. If the NAS performs the Termination-Action by sending |
|
25 |
Class |
>=3 |
This Attribute is available to be sent by the server to the client in an Access-Accept and should be sent unmodified by the client to the accounting server as part of the Accounting-Request packet if accounting is supported. |
|
26 |
Vendor-Specific |
>=7 |
This Attribute is available to allow vendors to support their own extended Attributes not suitable for general usage. It MUST not affect the operation of the RADIUS protocol. |
|
27 |
Session-Timeout |
6 |
Sets the maximum number of seconds of service to be provided to the user before termination of the session or prompt. |
|
28 |
Idle-Timeout |
6 |
The maximum number of consecutive seconds of idle connection allowed to the user before termination of the session or prompt. |
|
29 |
Termination-Action |
6 |
Indicates what action the NAS should take when the specified service is completed. |
|
30 |
Called-Station-Id |
>=3 |
Allows the NAS to send in the Access-Request packet the phone number that the user called, using Dialed Number Identification (DNIS) or similar technology |
|
31 |
Calling-Station-Id |
>=3 |
Allows the NAS to send in the Access-Request packet the phone number that the call came from, using Automatic Number Identification (ANI) or similar technology. |
|
32 |
NAS-Identifier |
>=3 |
A string identifying the NAS originating the Access-Request. |
