datatracker.ietf.org
Sign in
Version 5.4.0, 2014-04-22
Report a bug

RADIUS Attributes for Virtual LAN and Priority Support
RFC 4675

Document type: RFC - Proposed Standard (September 2006; Errata)
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Consensus: Unknown
Document shepherd: No shepherd assigned

IESG State: RFC 4675 (Proposed Standard)
Responsible AD: David Kessens
Send notices to: radext-chairs@tools.ietf.org

Network Working Group                                         P. Congdon
Request for Comments: 4675                                    M. Sanchez
Category: Standards Track                        Hewlett-Packard Company
                                                                B. Aboba
                                                   Microsoft Corporation
                                                          September 2006

         RADIUS Attributes for Virtual LAN and Priority Support

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2006).

Abstract

   This document proposes additional Remote Authentication Dial-In User
   Service (RADIUS) attributes for dynamic Virtual LAN assignment and
   prioritization, for use in provisioning of access to IEEE 802 local
   area networks.  These attributes are usable within either RADIUS or
   Diameter.

Congdon, et al.             Standards Track                     [Page 1]
RFC 4675              VLAN and Priority Attributes        September 2006

Table of Contents

   1. Introduction ....................................................3
      1.1. Terminology ................................................3
      1.2. Requirements Language ......................................3
      1.3. Attribute Interpretation ...................................3
   2. Attributes ......................................................4
      2.1. Egress-VLANID ..............................................4
      2.2. Ingress-Filters ............................................6
      2.3. Egress-VLAN-Name ...........................................7
      2.4. User-Priority-Table ........................................8
   3. Table of Attributes ............................................10
   4. Diameter Considerations ........................................10
   5. IANA Considerations ............................................11
   6. Security Considerations ........................................11
   7. References .....................................................12
      7.1. Normative References ......................................12
      7.2. Informative References ....................................13
   8. Acknowledgements ...............................................13

Congdon, et al.             Standards Track                     [Page 2]
RFC 4675              VLAN and Priority Attributes        September 2006

1.  Introduction

   This document describes Virtual LAN (VLAN) and re-prioritization
   attributes that may prove useful for provisioning of access to IEEE
   802 local area networks [IEEE-802] with the Remote Authentication
   Dial-In User Service (RADIUS) or Diameter.

   While [RFC3580] enables support for VLAN assignment based on the
   tunnel attributes defined in [RFC2868], it does not provide support
   for a more complete set of VLAN functionality as defined by
   [IEEE-802.1Q].  The attributes defined in this document provide
   support within RADIUS and Diameter analogous to the management
   variables supported in [IEEE-802.1Q] and MIB objects defined in
   [RFC4363].  In addition, this document enables support for a wider
   range of [IEEE-802.1X] configurations.

1.1.  Terminology

   This document uses the following terms:

   Network Access Server (NAS)
        A device that provides an access service for a user to a
        network.  Also known as a RADIUS client.

   RADIUS server
        A RADIUS authentication server is an entity that provides an
        authentication service to a NAS.

   RADIUS proxy
        A RADIUS proxy acts as an authentication server to the NAS, and
        a RADIUS client to the RADIUS server.

1.2.  Requirements Language

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

1.3.  Attribute Interpretation

   The attributes described in this document apply to a single instance
   of a NAS port, or more specifically an IEEE 802.1Q bridge port.
   [IEEE-802.1Q], [IEEE-802.1D], and [IEEE-802.1X] do not recognize
   finer management granularity than "per port".  In some cases, such as

[include full document text]