Network Working Group Koral Ilgun INTERNET-DRAFT Ericsson Datacom Access Category: Internet Draft Title: draft-ilgun-radius-accvsa-02.txt Date: 20 October 1999 Expires: 20 April 2000 RADIUS Vendor Specific Attributes for Ericsson Datacom Access Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as ``work in progress.'' The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/lid-abstracts.txt To view the list of Internet-Draft Shadow directories, see http://www.ietf.org/shadow.html The distribution of this memo is unlimited. It is filed as , and expires April 20, 2000. Please send comments to the author. Abstract This document describes vendor specific attributes for carrying authentication, authorization and accounting information between an Ericsson Datacom Access Network Access Server (NAS) and an Authentication/Accounting Server using the Remote Authentication Dial In User Service (RADIUS) protocol described in RFC 2058 and RFC 2059. Ilgun [Page 1] Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999 Table of Contents 1. Introduction ........................................... 4 2. Ericsson Datacom Access Radius Authentication Attributes 4 2.1 Acc-Ccp-Option ..................................... 5 2.2 Acc-Ip-Gateway-Pri ................................. 6 2.3 Acc-Ip-Gateway-Sec ................................. 7 2.4 Acc-Route-Policy ................................... 8 2.5 Acc-ML-MLX-Admin-State ............................. 9 2.6 Acc-ML-Call-Threshold .............................. 10 2.7 Acc-ML-Clear-Threshold ............................. 11 2.8 Acc-ML-Damping-Factor .............................. 11 2.9 Acc-Tunnel-Secret ................................. 12 2.10 Acc-Service-Profile ................................ 13 2.11 Acc-Request-Type .................................. 14 2.12 Acc-Framed-Bridge .................................. 15 2.13 Acc-Dns-Server-Pri ................................. 16 2.14 Acc-Dns-Server-Sec ................................. 17 2.15 Acc-Nbns-Server-Pri ................................ 18 2.16 Acc-Nbns-Server-Sec ................................ 18 2.17 Acc-Ip-Compression ................................. 19 2.18 Acc-Ipx-Compression ................................ 20 2.19 Acc-Callback-Delay ................................. 21 2.20 Acc-Callback-Num-Valid ............................. 22 2.21 Acc-Callback-Mode .................................. 23 2.22 Acc-Callback-CBCP-Type ............................. 24 2.23 Acc-Dialout-Auth-Mode .............................. 24 2.24 Acc-Dialout-Auth-Password .......................... 25 2.25 Acc-Dialout-Auth-Username .......................... 26 2.26 Acc-Access-Community ............................... 27 2.27 Acc-Vpsm-Reject-Cause .............................. 27 2.28 Acc-Ace-Token ...................................... 28 2.29 Acc-Ace-Token-Ttl .................................. 29 2.30 Acc-Ip-Pool-Name ................................... 30 2.31 Acc-Igmp-Admin-State ............................... 31 2.32 Acc-Igmp-Version ................................... 32 3. Ericsson Datacom Access Radius Accounting Attributes ..... 32 3.1 Acc-Reason-Code .................................... 34 3.2 Acc-Input-Errors ................................... 36 3.3 Acc-Output-Errors .................................. 36 3.4 Acc-Access-Partition ............................... 37 3.5 Acc-Customer-Id .................................... 38 3.6 Acc-Clearing-Cause ................................. 38 3.7 Acc-Clearing-Location .............................. 40 3.8 Acc-Vpsm-Oversubscribed ............................ 41 3.9 Acc-Acct-On-Off-Reason ............................. 42 Ilgun [Page 2] Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999 3.10 Acc-Tunnel-Port .................................... 43 3.11 Acc-Dial-Port-Index ................................ 44 3.12 Acc-Connect-Tx-Speed ............................... 44 3.13 Acc-Connect-Rx-Speed ............................... 45 3.14 Acc-Modem-Modulation-Type .......................... 46 3.15 Acc-Modem-Error-Protocol ........................... 46 4. Security Considerations .................................. 47 5. References ............................................... 47 6. Expiration Date .......................................... 48 7. Author's Address ......................................... 48 Ilgun [Page 3] Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999 1. Introduction The Remote Authentication Dial In User Service (RADIUS) protocol is specified by the RADIUS Working Group of the Internet Engineering Task Force (IETF). There are two specifications that make up the RADIUS protocol suite: Authentication [RIG97a] and Accounting [RIG97b]. These protocols aim to centralize authentication, configuration, and accounting of dial-in services to an independent server. Ericsson Datacom Access has implemented RADIUS authentication and accounting for its Network Access Server family of router products. This document provides details of Ericsson Datacom Access's RADIUS implementation, in particular the use of Vendor Specific Attributes (VSAs). It is intended as a guide for using the RADIUS protocol for Ericsson Datacom Access products. Ericsson Datacom Access's VSAs use a vendor Id of 5. For more information on Ericsson Datacom Access's RADIUS implementation, see the white paper [EDA97b]. 2. Ericsson Datacom Access Radius Authentication Attributes The table below indicates how the authentication vendor-specific attributes are used in the access request and response packets. Ilgun [Page 4] Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999 +---------------------------+----+-----+--------+--------+------+ | Attribute Name | # | Req | Accept | Reject | Chal | +---------------------------+----+-----+--------+--------+------+ | Acc-Ccp-Option | 2 | | X | | | | Acc-Ip-Gateway-Pri | 7 | | X | | | | Acc-Ip-Gateway-Sec | 8 | | X | | | | Acc-Route-Policy | 9 | | X | | | | Acc-ML-MLX-Admin-State | 10 | | X | | | | Acc-ML-Call-Threshold | 11 | | X | | | | Acc-ML-Clear-Threshold | 12 | | X | | | | Acc-ML-Damping-Factor | 13 | | X | | | | Acc-Tunnel-Secret | 14 | | X | | | | Acc-Service-Profile | 17 | | X | | | | Acc-Request-Type | 18 | X | | | | | Acc-Framed-Bridge | 19 | | X | | | | Acc-Dns-Server-Pri | 23 | | X | | | | Acc-Dns-Server-Sec | 24 | | X | | | | Acc-Nbns-Server-Pri | 25 | | X | | | | Acc-Nbns-Server-Sec | 26 | | X | | | | Acc-Ip-Compression | 28 | | X | | | | Acc-Ipx-Compression | 29 | | X | | | | Acc-Callback-Delay | 34 | | X | | | | Acc-Callback-Num-Valid | 35 | | X | | | | Acc-Callback-Mode | 36 | | X | | | | Acc-Callback-CBCP-Type | 37 | | X | | | | Acc-Dialout-Auth-Mode | 38 | | X | | | | Acc-Dialout-Auth-Password | 39 | | X | | | | Acc-Dialout-Auth-UserName | 40 | | X | | | | Acc-Access-Community | 42 | | X | | | | Acc-Vpsm-Reject-Cause | 43 | | | X | | | Acc-Ace-Token | 44 | X | | | X | | Acc-Ace-Token-Ttl | 45 | | X | | | | Acc-Ip-Pool-Name | 46 | | X | | | | Acc-Igmp-Admin-State | 47 | | X | | | | Acc-Igmp-Version | 48 | | X | | | +---------------------------+----+-----+--------+--------+------+ 2.1 Acc-Ccp-Option Description This attribute indicates if PPP CCP [RAN96] compression negotiation is to be attempted on the dial-in link. It may be used in Access-Accept packets only. A summary of the Acc-Ccp-Option Attribute format within the Ericsson Datacom Access vendor- specific attribute is shown below. The fields Ilgun [Page 5] Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999 are transmitted left-to-right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Value +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value (cont) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type 2 for Acc-Ccp-Option Length 6 Value The value field is four octets. 1 Disabled 2 Enabled 2.2 Acc-Ip-Gateway-Pri Description This attribute defines the next hop IP address where the dial-in user's data packets should be directed to. This address could be a router that is directly attached to a VPN (Virtual Private Network) customer's network or to a router that forwards the packet to its final destination based on the Source IP Address. It may be used in Access-Accept packets only. A summary of the Acc-Ip-Gateway-Pri Attribute format within the Ericsson Datacom Access vendor- specific attribute is shown below. The fields are transmitted left-to-right. Ilgun [Page 6] Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Address +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Address (cont) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type 7 for Acc-Ip-Gateway-Pri Length 6 Address The Address field is a four octet IP Address. 2.3 Acc-Ip-Gateway-Sec Description Similar to Acc-Ip-Gateway-Pri described in Section 2.2, this attribute defines the next hop IP address in case the Acc-Ip- Gateway-Pri is unreachable. It may be used in Access-Accept packets only. A summary of the Acc-Ip-Gateway-Sec Attribute format within the Ericsson Datacom Access vendor- specific attribute is shown below. The fields are transmitted left-to-right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Address +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Address (cont) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type 8 for Acc-Ip-Gateway-Sec Ilgun [Page 7] Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999 Length 6 Address The Address field is a four octet IP Address. 2.4 Acc-Route-Policy Description This attribute indicates the route policy to be used with Access Partitioning [EDA97a]. Access Partitioning gives carriers the ability to partition dial-in resources and assign these partitions to dial-in Virtual Private Networks. If the Acc-Route-Policy attribute is set to Direct (2) two dial-in links belonging to the same Access Partition can route directly to each other without going through the IP home gateway. If this attribute is not defined or set to Funnel (1), it means all packets received from the dial-in user of this access partition will be forwarded to the designated home gateway. It may be used in Access-Accept packets only. A summary of the Acc-Route-Policy Attribute format within the Ericsson Datacom Access vendor- specific attribute is shown below. The fields are transmitted left-to-right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Value +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value (cont) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type 9 for Acc-Route-Policy Length 6 Value Ilgun [Page 8] Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999 The value field is four octets. 1 Funnel 2 Direct 2.5 Acc-ML-MLX-Admin-State Description If the standard Port-Limit attribute is configured for the dial-in user on the RADIUS server, the Ericsson Datacom Access NAS attempts to place the dial-in user in a multilink group. The Port-Limit attribute defines the maximum number of members the multilink group can have. All members of the multilink group must have the same dial-in user name. When the first member of a multilink group calls in, a multilink group is created on receipt of the access-accept with the Port-Limit attribute configured. The multilink group exists for as long as there is a call up in the multilink group. When the last call in the multilink group is cleared, the multilink group is deleted. When subsequent links in the multilink group call in, they are added to the multilink group. The multilink group uses the IETF standard PPP Multilink protocol [SKL96]. The MLX (also known as MP+ [SMI96]) administrative state, call threshold, clear threshold and damping factor values of the multilink group can also be set using the Ericsson Datacom Access VSAs described in 2.5, 2.6, 2.7 and 2.8 The Acc-ML-MLX-Admin-State attribute indicates if PPP MLX (RFC 1934) negotiation is to be attempted on the dial-in link. It may be used in Access-Accept packets only. A summary of the Acc-ML-MLX-Admin-State Attribute format within the Ericsson Datacom Access vendor-specific attribute is shown below. The fields are transmitted left-to-right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Value +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value (cont) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type Ilgun [Page 9] Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999 10 for Acc-ML-MLX-Admin-State Length 6 Value The value field is four octets. 1 Enabled 2 Disabled 2.6 Acc-ML-Call-Threshold Description This attribute indicates the call threshold value to be used with the multilink group that is to be configured. It may be used in Access-Accept packets only. See Section 2.5 for more information about this attribute. A summary of the Acc-ML-Call-Threshold Attribute format within the Ericsson Datacom Access vendor-specific attribute is shown below. The fields are transmitted left-to-right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Value +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value (cont) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type 11 for Acc-ML-Call-Threshold Length 6 Value The value field is four octets. The minimum value is 0 and Ilgun [Page 10] Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999 maximum value is 101. 2.7 Acc-ML-Clear-Threshold Description This attribute indicates the clear threshold value to be used with the multilink group that is to be configured. It may be used in Access-Accept packets only. A summary of the Acc-ML-Clear-Threshold Attribute format within the Ericsson Datacom Access vendor-specific attribute is shown below. The fields are transmitted left-to-right. See Section 2.5 for more information about this attribute. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Value +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value (cont) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type 12 for Acc-ML-Clear-Threshold Length 6 Value The value field is four octets. The minimum value is 0 and maximum value is 100. 2.8 Acc-ML-Damping-Factor Description This attribute indicates the damping factor value to be used with the multilink group that is to be configured. It may be used in Access-Accept packets only. See Section 2.5 for more information about this attribute. Ilgun [Page 11] Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999 A summary of the Acc-ML-Damping-Factor Attribute format within the Ericsson Datacom Access vendor-specific attribute is shown below. The fields are transmitted left-to-right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Value +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value (cont) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type 13 for Acc-ML-Damping-Factor Length 6 Value The value field is four octets. The minimum value is 0 and maximum value is 64. 2.9 Acc-Tunnel-Secret Description This attribute sets the shared secret to support the CHAP style endpoint authentication used by L2TP [VAL97]. The purpose for this attribute is same as Tunnel-Password [ZOR98], except that Acc- Tunnel-Secret is sent in clear. Therefore, Acc-Tunnel-Secret should only be used if the RADIUS server does not support salt encryption. It may be used in Access-Accept packets only. A summary of the Acc-Tunnel-Secret Attribute format within the Ericsson Datacom Access vendor- specific attribute is shown below. The fields are transmitted left-to-right. 0 1 2 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | String... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Ilgun [Page 12] Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999 Type 14 for Acc-Tunnel-Secret Length >= 3 String The String field is one or more octets. It is the clear text tunnel secret. 2.10 Acc-Service-Profile Description This attribute the service profile to be used on the dial-in link. It may be used in Access-Accept packets only. With the addition of Acc-Service-Profile VSA, RADIUS can identify the Service Profile to be assigned to a dial-in user. This attribute should only be present in an access accept message when the NAS has queried RADIUS prior to answering the call. In this case all RADIUS has is the called number. The service profile identified by this VSA must exist on the NAS in its locally configured Service Profile database. For the regular routing case the service profile indicates that dial-in calls to be routed based on the Destination IP Address received from a dial-in user. This service is used primarily to provide carrier-based Internet access. For the called number routing case, the service profile forces IP dial-in calls to be specifically directed to a VPN customer's network. A service profile may also indicate that Layer 2 Tunneling should be performed for a given dial-in user. A summary of the Acc-Service-Profile Attribute format within the Ericsson Datacom Access vendor- specific attribute is shown below. The fields are transmitted left-to-right. 0 1 2 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | String... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type Ilgun [Page 13] Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999 17 for Acc-Service-Profile Length >= 3 String The String field is one or more octets. It is the name of the service profile. 2.11 Acc-Request-Type Description This attribute indicates the type of the Access-Request or Accounting-Request packet. It may be used in Access-Request and Accounting-Request packets only. The attribute values from 1 to 4 are used in Access-Request packets, whereas 5 and 6 are used in Accounting-Request packets. An Ericsson Datacom Access NAS may send an Access-Request packet to the RADIUS server before it answers the call. In this case the User-Name attribute includes the Called Number and the Acc- Request-Type attribute contains the value 1, i.e. Ring-Indication. A special-purpose RADIUS server (or proxy) receiving this message may accept or reject the call based on its policy, e.g. it may reject the call if the quota assigned for this Called Number has been exceeded. This is useful when an ISP or TELCO outsources their dial-in ports to separate customers and partitions the customers by differentiating them based on the number they call in. Ericsson Datacom Access's VPSM server product is an example for this type of operation. A value of 2 in the Acc-Request-Type field indicates that the NAS is attempting to authorize an outgoing call. A value of 3 indicates that the type of access request is for user authentication, which is the default behavior for the RADIUS authentication. A value of 4 indicates that a tunnel authentication is requested by the LAC (L2TP Access Concentrator) in response to a tunnel request from an LNS (L2TP Network Server). This attribute may also be present in Accounting-Request packets. A value of 5 indicates that the Accounting-Request is for a PPP session, whereas a value of 6 indicates that the Accounting- Request is for a tunnel session. The latter case also indicates that this accounting information is being provided for a dial-in session that is not authenticated at the LAC end of the tunnel, Ilgun [Page 14] Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999 but possibly authenticated at the LNS end. A summary of the Acc-Request-Type Attribute format within the Ericsson Datacom Access vendor- specific attribute is shown below. The fields are transmitted left-to-right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Value +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value (cont) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type 18 for Acc-Request-Type Length 6 Value The value field is four octets. 1 Ring Indication 2 Dial Request 3 User Authentication 4 Tunnel Authentication 5 User Accounting 6 Tunnel Accounting 2.12 Acc-Framed-Bridge Description This attribute indicates if Transparent (Ethernet) Bridging should be enabled on the dial-in link. It may be used in Access-Accept packets only. A summary of the Acc-Framed-Bridge Attribute format within the Ericsson Datacom Access vendor-specific attribute is shown below. The fields are transmitted left-to-right. Ilgun [Page 15] Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Value +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value (cont) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type 19 for Acc-Framed-Bridge Length 6 Value The value field is four octets. 0 Disabled 1 Enabled 2.13 Acc-Dns-Server-Pri Description This attribute indicates the primary DNS (Domain Name System) Server Address to be provided to the dial-in user during IPCP negotiation. The IPCP protocol (RFC 1332) [MCG92] provides the option of negotiating the IP addresses of the primary and secondary DNS and NBNS (NetBIOS Name Server) servers. The support for these options is specified by RFC 1877 [COB95]. The Acc-Dns- Server-Pri attribute may be used in Access-Accept packets only. A summary of the Acc-Dns-Server-Pri attribute format within the Ericsson Datacom Access vendor-specific attribute is shown below. The fields are transmitted left-to-right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Value +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value (cont) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Ilgun [Page 16] Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999 Type 23 for Acc-Dns-Server-Pri Length 6 Value The value field is four octets. 2.14 Acc-Dns-Server-Sec Description This attribute indicates the secondary DNS (Domain Name System) Server Address to be provided to the dial-in user during IPCP negotiation. The IPCP protocol (RFC 1332) [MCG92] provides the option of negotiating the IP addresses of the primary and secondary DNS and NBNS (NetBIOS Name Server) servers. The support for these options is specified by RFC 1877 [COB95]. The Acc-Dns- Server-Sec attribute may be used in Access-Accept packets only. A summary of the Acc-Dns-Server-Sec attribute format within the Ericsson Datacom Access vendor-specific attribute is shown below. The fields are transmitted left-to-right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Value +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value (cont) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type 24 for Acc-Dns-Server-Sec Length 6 Value Ilgun [Page 17] Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999 The value field is four octets. 2.15 Acc-Nbns-Server-Pri Description This attribute indicates the primary NBNS (NetBIOS Name Server) Address to be provided to the dial-in user during IPCP negotiation. The IPCP protocol (RFC 1332) [MCG92] provides the option of negotiating the IP addresses of the primary and secondary DNS (Domain Name System) and NBNS (NetBIOS Name Server) servers. The support for these options is specified by RFC 1877 [COB95]. The Acc-Nbns-Server-Pri attribute may be used in Access-Accept packets only. A summary of the Acc-Nbns-Server-Pri attribute format within the Ericsson Datacom Access vendor-specific attribute is shown below. The fields are transmitted left-to-right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Value +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value (cont) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type 25 for Acc-Nbns-Server-Pri Length 6 Value The value field is four octets. 2.16 Acc-Nbns-Server-Sec Description This attribute indicates the secondary NBNS (NetBIOS Name Server) Address to be provided to the dial-in user during IPCP Ilgun [Page 18] Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999 negotiation. The IPCP protocol (RFC 1332) [MCG92] provides the option of negotiating the IP addresses of the primary and secondary DNS (Domain Name System) and NBNS (NetBIOS Name Server) servers. The support for these options is specified by RFC 1877 [COB95]. The Acc-Nbns-Server-Sec attribute may be used in Access-Accept packets only. A summary of the Acc-Nbns-Server-Sec attribute format within the Ericsson Datacom Access vendor-specific attribute is shown below. The fields are transmitted left-to-right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Value +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value (cont) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type 26 for Acc-Nbns-Server-Sec Length 6 Value The value field is four octets. 2.17 Acc-Ip-Compression Description This attribute indicates whether VJ Header Compression should be enabled for the dial-in user's IP traffic. The Acc-Ip-Compression attribute may be used in Access-Accept packets only. A summary of the Acc-Ip-Compression attribute format within the Ericsson Datacom Access vendor-specific attribute is shown below. The fields are transmitted left-to-right. Ilgun [Page 19] Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Value +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value (cont) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type 28 for Acc-Ip-Compression Length 6 Value The value field is four octets. 0 Disabled 1 Enabled 2.18 Acc-Ipx-Compression Description This attribute indicates whether Header Compression should be enabled for the dial-in user's IPX traffic. The Acc-Ipx- Compression attribute may be used in Access-Accept packets only. A summary of the Acc-Ipx-Compression attribute format within the Ericsson Datacom Access vendor-specific attribute is shown below. The fields are transmitted left-to-right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Value +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value (cont) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type Ilgun [Page 20] Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999 29 for Acc-Ipx-Compression Length 6 Value The value field is four octets. 0 Disabled 1 Enabled 2.19 Acc-Callback-Delay Description This attribute specifies the delay time in seconds before the remote side is called back. The Acc-Callback-Delay attribute may be used in Access-Accept packets only. A summary of the Acc-Callback-Delay attribute format within the Ericsson Datacom Access vendor-specific attribute is shown below. The fields are transmitted left-to-right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Value +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value (cont) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type 34 for Acc-Callback-Delay Length 6 Value The value field is four octets. Ilgun [Page 21] Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999 2.19 Acc-Callback-Num-Valid Description This attribute specifies the acceptable callback number for the remote site to be called back. Each dial-in user may be associated with zero or more valid number attributes. If this attribute is not used then the callback will proceed as usual. Also, if the Acc-Callback-Mode (see Section 2.21) is not one of 3 (User-Specified-E-164) and 6 (CBCP-Callback) then the valid number filtering will not be performed. Otherwise, if this attribute is returned in an Access-Reply message, then the callback number negotiated from the callback phase will be compared to the numbers in this attribute. Multiple instances (up to 16) of this attribute can be returned in the same Access-Reply message. This attribute contains a string (valid characters: representing a number filter. 'x' and 'X' represent single character wildcards, and '-' character is ignored during filtering. The matching starts from the end of the string. The filter string specified in this attribute must be at least the same length as the callback number (excluding the '-' characters). If the negotiated callback number is determined to be valid then callback will proceed, otherwise no callback will be made. The Acc-Callback-Num-Valid attribute may be used in Access-Accept packets only. A summary of the Acc-Callback-Num-Valid attribute format within the Ericsson Datacom Access vendor-specific attribute is shown below. The fields are transmitted left-to-right. 0 1 2 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | String... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type 35 for Acc-Callback-Num-Valid Length >= 3 Value Ilgun [Page 22] Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999 The String field is one or more octets. 2.21 Acc-Callback-Mode Description This attribute indicates what type of callback should be performed for the dial-in user. A value of 0 (User-Auth) indicates the callback will depend on the user authentication. A value of 3 (User-Specified-E-164) indicates the callback will be done to the user specified callback number. A value of 6 (CBCP-Callback) indicates callback will be negotiated using CBCP. A value of 7 (CLI-Callback) indicates CLI (Calling Line Identifier) type callback will be used. The Acc-Callback-Mode attribute may be used in Access-Accept packets only. A summary of the Acc-Callback-Mode attribute format within the Ericsson Datacom Access vendor-specific attribute is shown below. The fields are transmitted left-to-right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Value +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value (cont) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type 36 for Acc-Callback-Mode Length 6 Value The value field is four octets. 0 User-Auth 3 User-Specified-E-164 6 CBCP-Callback 7 CLI-Callback Ilgun [Page 23] Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999 2.22 Acc-Callback-CBCP-Type Description This attribute indicates the type of CBCP to be used for the dial-in user. The Acc-Callback-CBCP-Type attribute may be used in Access-Accept packets only. A summary of the Acc-Callback-CBCP-Type attribute format within the Ericsson Datacom Access vendor-specific attribute is shown below. The fields are transmitted left-to-right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Value +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value (cont) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type 37 for Acc-Callback-CBCP-Type Length 6 Value The value field is four octets. CBCP-None 1 CBCP-User-Specified 2 CBCP-Pre-Specified 3 2.23 Acc-Dialout-Auth-Mode Description This attribute indicates the type of authentication to be used for the dialout of the callback session. The Acc-Dialout-Auth-Mode attribute may be used in Access-Accept packets only. Ilgun [Page 24] Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999 A summary of the Acc-Dialout-Auth-Mode attribute format within the Ericsson Datacom Access vendor-specific attribute is shown below. The fields are transmitted left-to-right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Value +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value (cont) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type 38 for Acc-Dialout-Auth-Mode Length 6 Value The value field is four octets. PAP 1 CHAP 2 CHAP-PAP 3 NONE 4 2.24 Acc-Dialout-Auth-Password Description This attribute indicates the password to be used for the outgoing authentication of the callback. The Acc-Dialout-Auth-Password attribute may be used in Access-Accept packets only. A summary of the Acc-Dialout-Auth-Password attribute format within the Ericsson Datacom Access vendor-specific attribute is shown below. The fields are transmitted left-to-right. Ilgun [Page 25] Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999 0 1 2 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | String... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type 36 for Acc-Dialout-Auth-Password Length >= 3 Value The String field is one or more octets. 2.25 Acc-Dialout-Auth-Username Description This attribute indicates the username to be used for the outgoing authentication of the callback. The Acc-Dialout-Auth-Username attribute may be used in Access-Accept packets only. A summary of the Acc-Dialout-Auth-Username attribute format within the Ericsson Datacom Access vendor-specific attribute is shown below. The fields are transmitted left-to-right. 0 1 2 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | String... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type 37 for Acc-Dialout-Auth-Username Length >= 3 Ilgun [Page 26] Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999 Value The String field is one or more octets. 2.26 Acc-Access-Community Description This attribute indicates SNMP community name for the RADIUS authenticated console login session. The Acc-Access-Community attribute may be used in Access-Accept packets only. A summary of the Acc-Access-Community attribute format within the Ericsson Datacom Access vendor-specific attribute is shown below. The fields are transmitted left-to-right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Value +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value (cont) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type 42 for Acc-Access-Community Length 6 Value The value field is four octets. PUBLIC 1 NETMAN 2 2.27 Acc-Vpsm-Reject-Cause Description This attribute indicates the rejection reason by VPSM (Virtual Ilgun [Page 27] Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999 Port Service Manager) sent in response to an Access Request. The Acc-Vpsm-Reject-Cause attribute may be used in Access-Reject packets only. A summary of the Acc-Vspm-Reject-Cause attribute format within the Ericsson Datacom Access vendor-specific attribute is shown below. The fields are transmitted left-to-right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Value +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value (cont) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type 43 for Acc-Vpsm-Reject-Cause Length 6 Value The value field is four octets. No-Access-Partition 1 Access-Partition-Disabled 2 Partition-Portlimit-Exceeded 3 License-Portlimit-Exceeded 4 Home-Server-Down 5 Rejected-By-Home-Server 6 NAS-Administratively-Disabled 7 2.28 Acc-Ace-Token Description This attribute is used to carry a user entered "passcode" for ACE authentication. Steel Belted Radius proxies this information to the ACE authentication server. The Acc-Ace-Token attribute may be used in Access-Challenge and Access-Request packets only. Ilgun [Page 28] Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999 A summary of the Acc-Ace-Token attribute format within the Ericsson Datacom Access vendor-specific attribute is shown below. The fields are transmitted left-to-right. 0 1 2 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | String... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type 44 for Acc-Ace-Token Length >= 3 String The string field is one or more octets and carries the user entered passcode. 2.29 Acc-Ace-Token-Ttl Description This attribute indicates the time to live (TTL) in seconds for an ACE token of a dial-in user. When the user is authenticated using Steel Belted Radius (with token caching) the server returns a configured TTL for that user. This allows the NAS to make an educated guess to when the cached token will expire in the RADIUS cache. If a value is not specified, the TTL is set to zero, which indicates that no caching will be used. The Acc-Ace-Token-Ttl attribute may be used in Access-Accept packets only. A summary of the Acc-Ace-Token-Ttl attribute format within the Ericsson Datacom Access vendor-specific attribute is shown below. The fields are transmitted left-to-right. Ilgun [Page 29] Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Value +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value (cont) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type 45 for Acc-Ace-Token-Ttl Length 6 Value The value field is four octets and it can be from 0 to 65535 (in seconds). 2.30 Acc-Ip-Pool-Name Description This attribute The Acc-Ip-Pool-Name attribute contains a string identifying an IP address pool name to be used for assigning an IP address from a pool configured on the NAS with the same name. This attribute may only be used if the IP address attribute indicates an IP assigned by NAS (Framed-IP-Address = 255.255.255.254). The Acc-Ip-Pool-Name may be used in Access- Accept packets only. A summary of the Acc-Ip-Pool-Name attribute format within the Ericsson Datacom Access vendor-specific attribute is shown below. The fields are transmitted left-to-right. 0 1 2 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | String... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Ilgun [Page 30] Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999 Type 46 for Acc-Ip-Pool-Name Length >= 3 String The string field is one or more octets, and should match the name of an IP address pool configured on the NAS. 2.31 Acc-Igmp-Admin-State Description This attribute indicates the administrative state of IGMP for a dial-in user. The Acc-Igmp-Admin-State attribute may be used in Access-Accept packets only. A summary of the Acc-Igmp-Admin-State attribute format within the Ericsson Datacom Access vendor-specific attribute is shown below. The fields are transmitted left-to-right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Value +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value (cont) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type 47 for Acc-Igmp-Admin-State Length 6 Value Ilgun [Page 31] Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999 The value field is four octets. Enabled 1 Disabled 2 2.32 Acc-Igmp-Version Description This attribute indicates the version of IGMP that will be used by a dial-in user. The Acc-Igmp-Version attribute may be used in Access-Accept packets only. A summary of the Acc-Igmp-Version attribute format within the Ericsson Datacom Access vendor-specific attribute is shown below. The fields are transmitted left-to-right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Value +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value (cont) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type 48 for Acc-Igmp-Version Length 6 Value The value field is four octets. V1 1 V2 2 3. Ericsson Datacom Access Radius Accounting Attributes The table below indicates how the accounting vendor-specific attributes are used in the accounting request packets. The attributes Ilgun [Page 32] Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999 with (*) are accounting specific attributes. An X indicates in which type of Accounting-Request packet the attribute may be included. Note that any Accounting-Request packet may include a copy of all the configuration attributes. The attributes listed below with no (X) associated with them may be used in any Accounting-Request packet, though they are not Accounting specific attributes. +-------------------------------+--------+-------+------+---------+ | Attribute Name | Number | Start | Stop | Interim | +-------------------------------+--------+-------+------+---------+ | Acc-Reason-Code (*) | 1 | | X | | | Acc-Ccp-Option | 2 | | | | | Acc-Input-Errors (*) | 3 | | X | X | | Acc-Output-Errors (*) | 4 | | X | X | | Acc-Access-Partition (*) | 5 | X | X | X | | Acc-Customer-Id (*) | 6 | X | X | X | | Acc-Ip-Gateway-Pri | 7 | | | | | Acc-Ip-Gateway-Sec | 8 | | | | | Acc-Route-Policy | 9 | | | | | Acc-ML-MLX-Admin-State | 10 | | | | | Acc-ML-Call-Threshold | 11 | | | | | Acc-ML-Clear-Threshold | 12 | | | | | Acc-ML-Damping-Factor | 13 | | | | | Acc-Clearing-Cause (*) | 15 | | X | | | Acc-Clearing-Location (*) | 16 | | X | | | Acc-Service-Profile | 17 | X | X | X | | Acc-Request-Type | 18 | X | X | X | | Acc-Framed-Bridge | 19 | | | | | Acc-Vpsm-Oversubscribed (*) | 20 | X | X | | | Acc-Acct-On-Off-Reason (*) | 21 | | | | | Acc-Tunnel-Port (*) | 22 | X | X | X | | Acc-Dns-Server-Pri | 23 | | | | | Acc-Dns-Server-Sec | 24 | | | | | Acc-Nbns-Server-Pri | 25 | | | | | Acc-Nbns-Server-Sec | 26 | | | | | Acc-Dial-Port-Index (*) | 27 | X | X | X | | Acc-Ip-Compression | 28 | | | | | Acc-Ipx-Compression | 29 | | | | | Acc-Connect-Tx-Speed (*) | 30 | X | X | X | | Acc-Connect-Rx-Speed (*) | 31 | X | X | X | | Acc-Modem-Modulation-Type (*) | 32 | X | X | X | | Acc-Modem-Error-Protocol (*) | 33 | X | X | X | | Acc-Callback-Delay | 34 | | | | | Acc-Callback-Num-Valid | 35 | | | | | Acc-Callback-Mode | 36 | | | | | Acc-Callback-CBCP-Type | 37 | | | | | Acc-Dialout-Auth-Mode | 38 | | | | | Acc-Dialout-Auth-Password | 39 | | | | Ilgun [Page 33] Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999 | Acc-Dialout-Auth-UserName | 40 | | | | | Acc-Access-Community | 42 | | | | | Acc-Vpsm-Reject-Cause | 43 | | | | | Acc-Ace-Token | 44 | | | | | Acc-Ace-Token-Ttl | 45 | | | | | Acc-Ip-Pool-Name | 46 | | | | | Acc-Igmp-Admin-State | 47 | | | | | Acc-Igmp-Version | 48 | | | | +-------------------------------+--------+-------+------+---------+ 3.1 Acc-Reason-Code Description This attribute provides an extension to the standard Acct- Terminate-Cause attribute. It provides more detail on the termination reason for a call. A summary of the Acc-Reason-Code Attribute format within the Ericsson Datacom Access vendor- specific attribute is shown below. The fields are transmitted left-to-right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Value +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value (cont) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type 1 for Acc-Reason-Code Length 6 Value The value field is four octets. 0 no reason given/no failure 1 resource shortage 2 session already open 3 too many RADIUS users Ilgun [Page 34] Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999 4 no authentication server 5 no authentication response 6 no accounting server 7 no accounting response 8 access denied 9 temporary buffer shortage 10 protocol error 11 invalid attribute 12 invalid service type 13 invalid framed protocol 14 invalid attribute value 15 invalid user information 16 invalid IP address 17 invalid integer syntax 18 invalid NAS port 19 requested by user 20 network disconnect 21 service interruption 22 physical port error 23 idle timeout 24 session timeout 25 administrative reset 26 NAS reload or reset 27 NAS error 28 NAS request 29 undefined reason given 30 conflicting attributes 31 port limit exceeded 32 facility not available 33 internal configuration error 34 bad route specification 35 Access Partition bind failure 36 security violation 37 request type conflict 38 configuration disallowed 39 missing attribute 40 invalid request 41 missing parameter 42 invalid parameter 43 call cleared with cause 44 inopportune config request 45 invalid config parameter 46 missing config parameter 47 incompatible service profile 48 administrative reset 49 administrative reload 50 port unneeded 51 port preempted Ilgun [Page 35] Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999 52 port suspended 53 service unavailable 54 callback 55 user error 56 host request 3.2 Acc-Input-Errors Description This attribute indicates the number of receive errors on the physical port the dial- in user was connected to. A summary of the Acc-Input-Errors Attribute format within the Ericsson Datacom Access vendor- specific attribute is shown below. The fields are transmitted left-to-right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Value +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value (cont) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type 3 for Acc-Input-Errors Length 6 Value The value field is four octets. 3.3 Acc-Output-Errors Description This attribute indicates the number of send errors on the physical port the dial-in user was connected to. Ilgun [Page 36] Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999 A summary of the Acc-Output-Errors Attribute format within the Ericsson Datacom Access vendor- specific attribute is shown below. The fields are transmitted left-to-right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Value +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value (cont) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type 4 for Acc-Output-Errors Length 6 Value The value field is four octets. 3.4 Acc-Access-Partition Description This attribute specifies the name of the Access Partition the dial-in user is assigned to. Access Partitioning [EDA97a] gives carriers the ability to partition dial-in resources and assign these partitions to dial-in Virtual Private Networks. A summary of the Acc-Access-Partition Attribute format within the Ericsson Datacom Access vendor- specific attribute is shown below. The fields are transmitted left-to-right. 0 1 2 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | String... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type Ilgun [Page 37] Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999 5 for Acc-Access-Partition Length >= 3 String The String field is one or more octets. 3.5 Acc-Customer-Id Description This attribute specifies the Id of the Customer the dial-in user is associated with. A summary of the Acc-Customer-Id Attribute format within the Ericsson Datacom Access vendor- specific attribute is shown below. The fields are transmitted left-to-right. 0 1 2 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | String... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type 6 for Acc-Customer-Id Length >= 3 Value The String field is one or more octets. 3.6 Acc-Clearing-Cause Description This attribute provides an extension to the Acc-Reason-Code attribute. It provides more detail if Acc-Reason-Code indicates Call-Cleared-With-Cause (43). Ilgun [Page 38] Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999 A summary of the Acc-Clearing-Cause Attribute format within the Ericsson Datacom Access vendor- specific attribute is shown below. The fields are transmitted left-to-right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Value +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value (cont) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type 15 for Acc-Clearing-Cause Length 6 Value The value field is four octets. 0 cause unspecified 1 unassigned number 2 no route to transit network 3 no route to destination 6 channel unacceptable 7 call awarded being delivered 16 normal clearing 17 user busy 18 no user responding 19 user alerted no answer 21 call rejected 22 number changed 26 non selected user clearing 27 destination out of order 28 invalid or incomplete number 29 facility rejected 30 response to status inquiry 31 normal unspecified cause 34 no circuit or channel available 38 network out of order 41 temporary failure 42 switching equipment congestion Ilgun [Page 39] Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999 43 access information discarded 44 circuit or channel unavailable 45 circuit or channel preempted 47 resources unavailable 49 quality of service unavailable 50 facility not subscribed 52 outgoing calls barred 54 incoming calls barred 57 bearer capability unauthorized 58 bearer capability not available 63 service not available 65 bearer capability not implemented 66 channel type not implemented 69 facility not implemented 70 restricted digital information only 79 service not implemented 81 invalid call reference 82 identified channel does not exist 83 call identity does not exist 84 call identity in use 85 no call suspended 86 suspended call cleared 88 incompatible destination 91 invalid transit network selection 95 invalid message 96 mandatory information element missing 97 message not implemented 98 inopportune message 99 information element not implemented 100 invalid information element contents 101 message incompatible with state 102 recovery on timer expiration 103 mandatory information element length error 111 protocol error 127 interworking 3.7 Acc-Clearing-Location Description This attribute provides an extension to the Acc-Reason-Code attribute. It provides detail on where the call has been cleared. A summary of the Acc-Clearing-Location Attribute format within the Ericsson Datacom Access vendor-specific attribute is shown below. The fields are transmitted left-to-right. Ilgun [Page 40] Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Value +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value (cont) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type 16 for Acc-Clearing-Location Length 6 Value The value field is four octets 0 local or remote user 1 private network serving local user 2 public network serving local user 3 transit network 4 private network serving remote user 5 public network serving remote user 6 international network 10 beyond interworking point 3.8 Acc-Vpsm-Oversubscribed Description This attribute is specific to Ericsson Datacom Access's VPSM (Virtual Port Service Manager) server software. VPSM runs as a proxy RADIUS server between an Ericsson Datacom Access NAS and a home RADIUS server. If the VPSM server detects that this connection caused the corresponding Access Partition quota to be exceeded, the Accounting-Start record for the connection will include the Acc-Vpsm-Oversubscribed attribute with a value of 2 (True). A summary of the Acc-Vpsm-Oversubscribed Attribute format within the Ericsson Datacom Access vendor-specific attribute is shown below. The fields are transmitted left-to-right. Ilgun [Page 41] Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Value +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value (cont) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type 20 for Acc-Vpsm-Oversubscribed Length 6 Value The value field is four octets. 1 False 2 True 3.9 Acc-Acct-On-Off-Reason Description This attribute provides a reason code for why the Accounting-On or Accounting- Off message is sent. A summary of the Acc-Acct-On-Off-Reason Attribute format within the Ericsson Datacom Access vendor-specific attribute is shown below. The fields are transmitted left-to-right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Value +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value (cont) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type 21 for Acc-Acct-On-Off-Reason Ilgun [Page 42] Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999 Length 6 Value The value field is four octets. 0 NAS Reset 1 NAS Reload 2 Configuration Reset 3 Configuration Reload 4 Enabled 5 Disabled 3.10 Acc-Tunnel-Port Description This attribute indicates the index of the Tunnel Port the dial-in user is connected to. A summary of the Acc-Tunnel-Port attribute format within the Ericsson Datacom Access vendor-specific attribute is shown below. The fields are transmitted left-to-right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Value +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value (cont) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type 22 for Acc-Tunnel-Port Length 6 Value The value field is four octets. Ilgun [Page 43] Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999 3.11 Acc-Dial-Port-Index Description This attribute indicates the index of the Dial Port the dial-in user is connected to. A summary of the Acc-Dial-Port-Index attribute format within the Ericsson Datacom Access vendor-specific attribute is shown below. The fields are transmitted left-to-right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Value +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value (cont) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type 27 for Acc-Dial-Port-Index Length 6 Value The value field is four octets. 3.12 Acc-Connect-Tx-Speed Description This attribute indicates the transmit speed that is negotiated on the NAS port for this dial-in connection. If an LNS (L2TP Network Server) is generating this accounting record, then the value is passed to the LNS from a LAC (L2TP Access Concentrator). A summary of the Acc-Connect-Tx-Speed attribute format within the Ericsson Datacom Access vendor-specific attribute is shown below. The fields are transmitted left-to-right. Ilgun [Page 44] Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Value +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value (cont) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type 30 for Acc-Connect-Tx-Speed Length 6 Value The value field is four octets. 3.13 Acc-Connect-Rx-Speed Description This attribute indicates the receive speed that is negotiated on the NAS port for this dial-in connection. If an LNS (L2TP Network Server) is generating this accounting record, then the value is passed to the LNS from a LAC (L2TP Access Concentrator). A summary of the Acc-Connect-Rx-Speed attribute format within the Ericsson Datacom Access vendor-specific attribute is shown below. The fields are transmitted left-to-right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Value +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value (cont) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type 31 for Acc-Connect-Rx-Speed Ilgun [Page 45] Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999 Length 6 Value The value field is four octets. 3.14 Acc-Modem-Modulation-Type Description This attribute indicates the modem modulation type that is used on the NAS port for this dial-in connection. This attribute is only available if the dial-in NAS port is a modem port. A summary of the Acc-Modem-Modulation-Type attribute format within the Ericsson Datacom Access vendor-specific attribute is shown below. The fields are transmitted left-to-right. 0 1 2 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | String... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type 32 for Acc-Modem-Modulation-Type Length >=3 Value The value field is four octets. 3.15 Acc-Modem-Error-Protocol Description This attribute indicates the modem error protocol that is used on the NAS port for this dial-in connection. This attribute is only available if the dial-in NAS port is a modem port. Ilgun [Page 46] Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999 A summary of the Acc-Modem-Error-Protocol attribute format within the Ericsson Datacom Access vendor-specific attribute is shown below. The fields are transmitted left-to-right. 0 1 2 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | String... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type 33 for Acc-Modem-Error-Protocol Length >=3 Value The value field is four octets. 4. Security Considerations Security issues regarding the RADIUS protocol are discussed in RFC 2138 [RIG97a] and RFC 2139 [RIG97b]. The use of Acc-Tunnel-Secret attribute is insecure. The Tunnel-Password attribute, defined in [ZOR98], should be used whenever possible and Acc-Tunnel-Secret attribute should only be used if the RADIUS server does not support salt encryption. 5. References [EDA97a] "Access Partitioning" White Paper, available via http://www.acc.com, Ericsson Datacom Access, August 1997 [EDA97b] "RADIUS Implementation" White Paper, available via http://www.acc.com, Ericsson Datacom Access, January 1998 [COB95] Cobb, S., PPP Internet Protocol Control Protocol Extensions for Name Server Addresses, RFC 1877, Microsoft, December 1995. [GID94] Gidwani, N., Proposal for Callback Control Protocol (CBCP), draft-ietf-pppext-callback-cp-02.txt, Microsoft, July 1994. Ilgun [Page 47] Internet Draft RADIUS VSAs for Ericsson Datacom Access 20 October 1999 [MCG92] McGregor, G., PPP Internet Control Protocol", RFC 1332, Merit, May 1992. [RAN96] Rand, D., The PPP Compression Control Protocol (CCP), RFC 1962, Novell, June 1996. [RIG97a] Rigney, C., Remote Authentication Dial In User Service (RADIUS), RFC 2138, Livingston, April 1997. [RIG97b] Rigney, C., et al, RADIUS Accounting, RFC 2139, Livingston, April 1997. [SIM98] Simpson, W., PPP LCP CallBack, draft-ietf-pppext-callback-ds-02.txt, Daydreamer, August 1998. [SKL96] Sklower, K., et al, The PPP Multilink Protocol (MP), RFC 1990, UC Berkeley, August 1996. [SMI96] Smith, K., Ascend's Multilink Protocol Plus (MP+), Ascend, RFC 1934, August 1996. [VAL97] Valencia, et al., Layer Two Tunneling Protocol (L2TP), draft-ietf-pppext-l2tp-06.txt, June 1997. [ZOR98] Zorn, G., et al, RADIUS Attributes for Tunnel Protocol Support, draft-ietf-radius-tunnel-auth-05.txt, Microsoft-Ascend-Shiva, April 1998. 6. Expiration Date This document expires June 1, 1999. 7. Author's Address Koral Ilgun Ericsson Inc. Datacom Networks and IP Services Access Product Unit 340 Storke Road Santa Barbara, CA 93117 Phone: (805) 961-0279 E-Mail: koral@acc.com Ilgun [Page 48]