rfc3580.txt

radius服务器

                  Italy.

   [Arbaugh]      Arbaugh, W., Shankar, N. and J.Y.C. Wan, "Your 802.11
                  Wireless Network has No Clothes", Department of
                  Computer Science, University of Maryland, College
                  Park, March 2001.

   [Fluhrer]      Fluhrer, S., Mantin, I. and A. Shamir, "Weaknesses in
                  the Key Scheduling Algorithm of RC4", Eighth Annual
                  Workshop on Selected Areas in Cryptography, Toronto,
                  Canada, August 2001.

   [Stubbl]       Stubblefield, A., Ioannidis, J. and A. Rubin, "Using
                  the Fluhrer, Mantin and Shamir Attack to Break WEP",
                  2002 NDSS Conference.






Congdon, et al.              Informational                     [Page 24]

RFC 3580                   IEEE 802.1X RADIUS             September 2003


8.  Table of Attributes

   The following table provides a guide to which attributes MAY be sent
   and received as part of IEEE 802.1X authentication.  L3 denotes
   attributes that require layer 3 capabilities, and thus may not be
   supported by all Authenticators.  For each attribute, the reference
   provides the definitive information on usage.

   802.1X        #   Attribute
     X           1   User-Name [RFC2865]
                 2   User-Password [RFC2865]
                 3   CHAP-Password [RFC2865]
     X           4   NAS-IP-Address [RFC2865]
     X           5   NAS-Port [RFC2865]
     X           6   Service-Type [RFC2865]
                 7   Framed-Protocol [RFC2865]
     L3          8   Framed-IP-Address [RFC2865]
     L3          9   Framed-IP-Netmask [RFC2865]
     L3         10   Framed-Routing [RFC2865]
     X          11   Filter-Id [RFC2865]
     X          12   Framed-MTU [RFC2865]
                13   Framed-Compression [RFC2865]
     L3         14   Login-IP-Host [RFC2865]
     L3         15   Login-Service [RFC2865]
     L3         16   Login-TCP-Port [RFC2865]
                18   Reply-Message [RFC2865]
                19   Callback-Number [RFC2865]
                20   Callback-Id [RFC2865]
     L3         22   Framed-Route [RFC2865]
     L3         23   Framed-IPX-Network [RFC2865]
     X          24   State [RFC2865]
     X          25   Class [RFC2865]
     X          26   Vendor-Specific [RFC2865]
     X          27   Session-Timeout [RFC2865]
     X          28   Idle-Timeout [RFC2865]
     X          29   Termination-Action [RFC2865]
     X          30   Called-Station-Id [RFC2865]
     X          31   Calling-Station-Id [RFC2865]
     X          32   NAS-Identifier [RFC2865]
     X          33   Proxy-State [RFC2865]
                34   Login-LAT-Service [RFC2865]
                35   Login-LAT-Node [RFC2865]
                36   Login-LAT-Group [RFC2865]
   802.1X        #   Attribute







Congdon, et al.              Informational                     [Page 25]

RFC 3580                   IEEE 802.1X RADIUS             September 2003


   802.1X        #   Attribute
     L3         37   Framed-AppleTalk-Link [RFC2865]
     L3         38   Framed-AppleTalk-Network [RFC2865]
     L3         39   Framed-AppleTalk-Zone [RFC2865]
     X          40   Acct-Status-Type [RFC2866]
     X          41   Acct-Delay-Time [RFC2866]
     X          42   Acct-Input-Octets [RFC2866]
     X          43   Acct-Output-Octets [RFC2866]
     X          44   Acct-Session-Id [RFC2866]
     X          45   Acct-Authentic [RFC2866]
     X          46   Acct-Session-Time [RFC2866]
     X          47   Acct-Input-Packets [RFC2866]
     X          48   Acct-Output-Packets [RFC2866]
     X          49   Acct-Terminate-Cause [RFC2866]
     X          50   Acct-Multi-Session-Id [RFC2866]
     X          51   Acct-Link-Count [RFC2866]
     X          52   Acct-Input-Gigawords [RFC2869]
     X          53   Acct-Output-Gigawords [RFC2869]
     X          55   Event-Timestamp [RFC2869]
                60   CHAP-Challenge [RFC2865]
     X          61   NAS-Port-Type [RFC2865]
                62   Port-Limit [RFC2865]
                63   Login-LAT-Port [RFC2865]
     X          64   Tunnel-Type [RFC2868]
     X          65   Tunnel-Medium-Type [RFC2868]
     L3         66   Tunnel-Client-Endpoint [RFC2868]
     L3         67   Tunnel-Server-Endpoint [RFC2868]
     L3         68   Acct-Tunnel-Connection [RFC2867]
     L3         69   Tunnel-Password [RFC2868]
                70   ARAP-Password [RFC2869]
                71   ARAP-Features [RFC2869]
                72   ARAP-Zone-Access [RFC2869]
                73   ARAP-Security [RFC2869]
                74   ARAP-Security-Data [RFC2869]
                75   Password-Retry [RFC2869]
                76   Prompt [RFC2869]
     X          77   Connect-Info [RFC2869]
     X          78   Configuration-Token [RFC2869]
     X          79   EAP-Message [RFC3579]
     X          80   Message-Authenticator [RFC3579]
     X          81   Tunnel-Private-Group-ID [RFC2868]
     L3         82   Tunnel-Assignment-ID [RFC2868]
     X          83   Tunnel-Preference [RFC2868]
                84   ARAP-Challenge-Response [RFC2869]
   802.1X        #   Attribute






Congdon, et al.              Informational                     [Page 26]

RFC 3580                   IEEE 802.1X RADIUS             September 2003


   802.1X        #   Attribute
     X          85   Acct-Interim-Interval [RFC2869]
     X          86   Acct-Tunnel-Packets-Lost [RFC2867]
     X          87   NAS-Port-Id [RFC2869]
     L3         88   Framed-Pool [RFC2869]
     L3         90   Tunnel-Client-Auth-ID [RFC2868]
     L3         91   Tunnel-Server-Auth-ID [RFC2868]
     X          95   NAS-IPv6-Address [RFC3162]
                96   Framed-Interface-Id [RFC3162]
     L3         97   Framed-IPv6-Prefix [RFC3162]
     L3         98   Login-IPv6-Host [RFC3162]
     L3         99   Framed-IPv6-Route [RFC3162]
     L3        100   Framed-IPv6-Pool [RFC3162]
     X         101   Error-Cause [RFC3576]
   802.1X        #   Attribute

   Key
   ===
   X         = May be used with IEEE 802.1X authentication
   L3        = Implemented only by Authenticators with Layer 3
               capabilities






























Congdon, et al.              Informational                     [Page 27]

RFC 3580                   IEEE 802.1X RADIUS             September 2003


9.  Intellectual Property Statement

   The IETF takes no position regarding the validity or scope of any
   intellectual property or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; neither does it represent that it
   has made any effort to identify any such rights.  Information on the
   IETF's procedures with respect to rights in standards-track and
   standards- related documentation can be found in BCP-11.  Copies of
   claims of rights made available for publication and any assurances of
   licenses to be made available, or the result of an attempt made to
   obtain a general license or permission for the use of such
   proprietary rights by implementors or users of this specification can
   be obtained from the IETF Secretariat.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights which may cover technology that may be required to practice
   this standard.  Please address the information to the IETF Executive
   Director.

10.  Acknowledgments

   The authors would like to acknowledge Bob O'Hara of Airespace, David
   Halasz of Cisco, Tim Moore, Sachin Seth and Ashwin Palekar of
   Microsoft, Andrea Li, Albert Young and Dave Bagby of 3Com for
   contributions to this document.























Congdon, et al.              Informational                     [Page 28]

RFC 3580                   IEEE 802.1X RADIUS             September 2003


11.  Authors' Addresses

   Paul Congdon
   Hewlett Packard Company
   HP ProCurve Networking
   8000 Foothills Blvd, M/S 5662
   Roseville, CA  95747

   Phone: +1 916 785 5753
   Fax:   +1 916 785 8478
   EMail: paul_congdon@hp.com

   Bernard Aboba
   Microsoft Corporation
   One Microsoft Way
   Redmond, WA 98052

   Phone: +1 425 706 6605
   Fax:   +1 425 936 7329
   EMail: bernarda@microsoft.com

   Andrew Smith
   Trapeze Networks
   5753 W. Las Positas Blvd.
   Pleasanton, CA 94588-4084

   Fax: +1 415 345 1827
   EMail: ah_smith@acm.org

   John Roese
   Enterasys

   Phone: +1 603 337 1506
   EMail: jjr@enterasys.com

   Glen Zorn
   Cisco Systems, Inc.
   500 108th Avenue N.E., Suite 500
   Bellevue, WA 98004

   Phone: +1 425 438 8218
   Fax:   +1 425 438 1848
   EMail: gwz@cisco.com








Congdon, et al.              Informational                     [Page 29]

RFC 3580                   IEEE 802.1X RADIUS             September 2003


12.  Full Copyright Statement

   Copyright (C) The Internet Society (2003).  All Rights Reserved.

   This document and translations of it may be copied and furnished to
   others, and derivative works that comment on or otherwise explain it
   or assist in its implementation may be prepared, copied, published
   and distributed, in whole or in part, without restriction of any
   kind, provided that the above copyright notice and this paragraph are
   included on all such copies and derivative works.  However, this
   document itself may not be modified in any way, such as by removing
   the copyright notice or references to the Internet Society or other
   Internet organizations, except as needed for the purpose of
   developing Internet standards in which case the procedures for
   copyrights defined in the Internet Standards process must be
   followed, or as required to translate it into languages other than
   English.

   The limited permissions granted above are perpetual and will not be
   revoked by the Internet Society or its successors or assignees.

   T