[Search] [txt|pdf|bibtex] [Tracker] [Email] [Diff1] [Diff2] [Nits]

Versions: 00 01 02                                                      
Network Working Group                                       Koral Ilgun
INTERNET-DRAFT                                  Ericsson Datacom Access
Category: Internet Draft
Title: draft-ilgun-radius-accvsa-02.txt
Date: 20 October 1999
Expires: 20 April 2000

     RADIUS Vendor Specific Attributes for Ericsson Datacom Access

Status of this Memo

   This document is an Internet-Draft and is in full conformance with
   all provisions of Section 10 of RFC2026.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as ``work in progress.''

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/lid-abstracts.txt

   To view the list of Internet-Draft Shadow directories, see
   http://www.ietf.org/shadow.html

   The distribution of this memo is unlimited.  It is filed as <draft-
   ilgun-radius-accvsa-02.txt>, and expires April 20, 2000. Please send
   comments to the author.

Abstract

   This document describes vendor specific attributes for carrying
   authentication, authorization and accounting information between an
   Ericsson Datacom Access Network Access Server (NAS) and an
   Authentication/Accounting Server using the Remote Authentication Dial
   In User Service (RADIUS) protocol described in RFC 2058 and RFC 2059.

Ilgun                                                           [Page 1]


Internet Draft  RADIUS VSAs for Ericsson Datacom Access  20 October 1999

                             Table of Contents

      1.    Introduction ...........................................  4

      2.    Ericsson Datacom Access Radius Authentication Attributes  4
         2.1    Acc-Ccp-Option .....................................  5
         2.2    Acc-Ip-Gateway-Pri .................................  6
         2.3    Acc-Ip-Gateway-Sec .................................  7
         2.4    Acc-Route-Policy ...................................  8
         2.5    Acc-ML-MLX-Admin-State .............................  9
         2.6    Acc-ML-Call-Threshold .............................. 10
         2.7    Acc-ML-Clear-Threshold ............................. 11
         2.8    Acc-ML-Damping-Factor .............................. 11
         2.9    Acc-Tunnel-Secret  ................................. 12
         2.10   Acc-Service-Profile ................................ 13
         2.11   Acc-Request-Type  .................................. 14
         2.12   Acc-Framed-Bridge .................................. 15
         2.13   Acc-Dns-Server-Pri ................................. 16
         2.14   Acc-Dns-Server-Sec ................................. 17
         2.15   Acc-Nbns-Server-Pri ................................ 18
         2.16   Acc-Nbns-Server-Sec ................................ 18
         2.17   Acc-Ip-Compression ................................. 19
         2.18   Acc-Ipx-Compression ................................ 20
         2.19   Acc-Callback-Delay ................................. 21
         2.20   Acc-Callback-Num-Valid ............................. 22
         2.21   Acc-Callback-Mode .................................. 23
         2.22   Acc-Callback-CBCP-Type ............................. 24
         2.23   Acc-Dialout-Auth-Mode .............................. 24
         2.24   Acc-Dialout-Auth-Password .......................... 25
         2.25   Acc-Dialout-Auth-Username .......................... 26
         2.26   Acc-Access-Community ............................... 27
         2.27   Acc-Vpsm-Reject-Cause .............................. 27
         2.28   Acc-Ace-Token ...................................... 28
         2.29   Acc-Ace-Token-Ttl .................................. 29
         2.30   Acc-Ip-Pool-Name ................................... 30
         2.31   Acc-Igmp-Admin-State ............................... 31
         2.32   Acc-Igmp-Version ................................... 32

       3. Ericsson Datacom Access Radius Accounting Attributes ..... 32
         3.1    Acc-Reason-Code .................................... 34
         3.2    Acc-Input-Errors ................................... 36
         3.3    Acc-Output-Errors .................................. 36
         3.4    Acc-Access-Partition ............................... 37
         3.5    Acc-Customer-Id .................................... 38
         3.6    Acc-Clearing-Cause ................................. 38
         3.7    Acc-Clearing-Location .............................. 40
         3.8    Acc-Vpsm-Oversubscribed ............................ 41
         3.9    Acc-Acct-On-Off-Reason ............................. 42

Ilgun                                                           [Page 2]


Internet Draft  RADIUS VSAs for Ericsson Datacom Access  20 October 1999

         3.10   Acc-Tunnel-Port .................................... 43
         3.11   Acc-Dial-Port-Index ................................ 44
         3.12   Acc-Connect-Tx-Speed ............................... 44
         3.13   Acc-Connect-Rx-Speed ............................... 45
         3.14   Acc-Modem-Modulation-Type .......................... 46
         3.15   Acc-Modem-Error-Protocol ........................... 46

       4. Security Considerations .................................. 47

       5. References ............................................... 47

       6. Expiration Date .......................................... 48

       7. Author's Address ......................................... 48

Ilgun                                                           [Page 3]


Internet Draft  RADIUS VSAs for Ericsson Datacom Access  20 October 1999

1. Introduction

   The Remote Authentication Dial In User Service (RADIUS) protocol is
   specified by the RADIUS Working Group of the Internet Engineering
   Task Force (IETF). There are two specifications that make up the
   RADIUS protocol suite: Authentication [RIG97a] and Accounting
   [RIG97b].  These protocols aim to centralize authentication,
   configuration, and accounting of dial-in services to an independent
   server.

   Ericsson Datacom Access has implemented RADIUS authentication and
   accounting for its Network Access Server family of router products.
   This document provides details of Ericsson Datacom Access's RADIUS
   implementation, in particular the use of Vendor Specific Attributes
   (VSAs).  It is intended as a guide for using the RADIUS protocol for
   Ericsson Datacom Access products.  Ericsson Datacom Access's VSAs use
   a vendor Id of 5.  For more information on Ericsson Datacom Access's
   RADIUS implementation, see the white paper [EDA97b].

2. Ericsson Datacom Access Radius Authentication Attributes

   The table below indicates how the authentication vendor-specific
   attributes are used in the access request and response packets.

Ilgun                                                           [Page 4]


Internet Draft  RADIUS VSAs for Ericsson Datacom Access  20 October 1999

      +---------------------------+----+-----+--------+--------+------+
      | Attribute Name            |  # | Req | Accept | Reject | Chal |
      +---------------------------+----+-----+--------+--------+------+
      | Acc-Ccp-Option            |  2 |     |   X    |        |      |
      | Acc-Ip-Gateway-Pri        |  7 |     |   X    |        |      |
      | Acc-Ip-Gateway-Sec        |  8 |     |   X    |        |      |
      | Acc-Route-Policy          |  9 |     |   X    |        |      |
      | Acc-ML-MLX-Admin-State    | 10 |     |   X    |        |      |
      | Acc-ML-Call-Threshold     | 11 |     |   X    |        |      |
      | Acc-ML-Clear-Threshold    | 12 |     |   X    |        |      |
      | Acc-ML-Damping-Factor     | 13 |     |   X    |        |      |
      | Acc-Tunnel-Secret         | 14 |     |   X    |        |      |
      | Acc-Service-Profile       | 17 |     |   X    |        |      |
      | Acc-Request-Type          | 18 |  X  |        |        |      |
      | Acc-Framed-Bridge         | 19 |     |   X    |        |      |
      | Acc-Dns-Server-Pri        | 23 |     |   X    |        |      |
      | Acc-Dns-Server-Sec        | 24 |     |   X    |        |      |
      | Acc-Nbns-Server-Pri       | 25 |     |   X    |        |      |
      | Acc-Nbns-Server-Sec       | 26 |     |   X    |        |      |
      | Acc-Ip-Compression        | 28 |     |   X    |        |      |
      | Acc-Ipx-Compression       | 29 |     |   X    |        |      |
      | Acc-Callback-Delay        | 34 |     |   X    |        |      |
      | Acc-Callback-Num-Valid    | 35 |     |   X    |        |      |
      | Acc-Callback-Mode         | 36 |     |   X    |        |      |
      | Acc-Callback-CBCP-Type    | 37 |     |   X    |        |      |
      | Acc-Dialout-Auth-Mode     | 38 |     |   X    |        |      |
      | Acc-Dialout-Auth-Password | 39 |     |   X    |        |      |
      | Acc-Dialout-Auth-UserName | 40 |     |   X    |        |      |
      | Acc-Access-Community      | 42 |     |   X    |        |      |
      | Acc-Vpsm-Reject-Cause     | 43 |     |        |   X    |      |
      | Acc-Ace-Token             | 44 |  X  |        |        |  X   |
      | Acc-Ace-Token-Ttl         | 45 |     |   X    |        |      |
      | Acc-Ip-Pool-Name          | 46 |     |   X    |        |      |
      | Acc-Igmp-Admin-State      | 47 |     |   X    |        |      |
      | Acc-Igmp-Version          | 48 |     |   X    |        |      |
      +---------------------------+----+-----+--------+--------+------+

2.1 Acc-Ccp-Option

   Description

      This attribute indicates if PPP CCP [RAN96] compression
      negotiation is to be attempted on the dial-in link. It may be used
      in Access-Accept packets only.

   A summary of the Acc-Ccp-Option Attribute format within the Ericsson
   Datacom Access vendor- specific attribute is shown below. The fields

Ilgun                                                           [Page 5]


Internet Draft  RADIUS VSAs for Ericsson Datacom Access  20 October 1999

   are transmitted left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      2 for Acc-Ccp-Option

   Length

      6

   Value

      The value field is four octets.

          1    Disabled
          2    Enabled

2.2 Acc-Ip-Gateway-Pri

   Description

      This attribute defines the next hop IP address where the dial-in
      user's data packets should be directed to.  This address could be
      a router that is directly attached to a VPN (Virtual Private
      Network) customer's network or to a router that forwards the
      packet to its final destination based on the Source IP Address. It
      may be used in Access-Accept packets only.

   A summary of the Acc-Ip-Gateway-Pri Attribute format within the
   Ericsson Datacom Access vendor- specific attribute is shown below.
   The fields are transmitted left-to-right.

Ilgun                                                           [Page 6]


Internet Draft  RADIUS VSAs for Ericsson Datacom Access  20 October 1999

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Address
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
            Address (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      7 for Acc-Ip-Gateway-Pri

   Length

      6

   Address

      The Address field is a four octet IP Address.

2.3 Acc-Ip-Gateway-Sec

   Description

      Similar to Acc-Ip-Gateway-Pri described in Section 2.2, this
      attribute defines the next hop IP address in case the Acc-Ip-
      Gateway-Pri is unreachable.  It may be used in Access-Accept
      packets only.

   A summary of the Acc-Ip-Gateway-Sec Attribute format within the
   Ericsson Datacom Access vendor- specific attribute is shown below.
   The fields are transmitted left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Address
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
            Address (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      8 for Acc-Ip-Gateway-Sec

Ilgun                                                           [Page 7]


Internet Draft  RADIUS VSAs for Ericsson Datacom Access  20 October 1999

   Length

      6

   Address

      The Address field is a four octet IP Address.

2.4 Acc-Route-Policy

   Description

      This attribute indicates the route policy to be used with Access
      Partitioning [EDA97a].  Access Partitioning gives carriers the
      ability to partition dial-in resources and assign these partitions
      to dial-in Virtual Private Networks.  If the Acc-Route-Policy
      attribute is set to Direct (2) two dial-in links belonging to the
      same Access Partition can route directly to each other without
      going through the IP home gateway.  If this attribute is not
      defined or set to Funnel (1), it means all packets received from
      the dial-in user of this access partition will be forwarded to the
      designated home gateway.  It may be used in Access-Accept packets
      only.

   A summary of the Acc-Route-Policy Attribute format within the
   Ericsson Datacom Access vendor- specific attribute is shown below.
   The fields are transmitted left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      9 for Acc-Route-Policy

   Length

      6

   Value

Ilgun                                                           [Page 8]


Internet Draft  RADIUS VSAs for Ericsson Datacom Access  20 October 1999

      The value field is four octets.

          1    Funnel
          2    Direct

2.5 Acc-ML-MLX-Admin-State

   Description

      If the standard Port-Limit attribute is configured for the dial-in
      user on the RADIUS server, the Ericsson Datacom Access NAS
      attempts to place the dial-in user in a multilink group. The
      Port-Limit attribute defines the maximum number of members the
      multilink group can have. All members of the multilink group must
      have the same dial-in user name. When the first member of a
      multilink group calls in, a multilink group is created on receipt
      of the access-accept with the Port-Limit attribute configured. The
      multilink group exists for as long as there is a call up in the
      multilink group. When the last call in the multilink group is
      cleared, the multilink group is deleted. When subsequent links in
      the multilink group call in, they are added to the multilink
      group. The multilink group uses the IETF standard PPP Multilink
      protocol [SKL96].  The MLX (also known as MP+ [SMI96])
      administrative state, call threshold, clear threshold and damping
      factor values of the multilink group can also be set using the
      Ericsson Datacom Access VSAs described in 2.5, 2.6, 2.7 and 2.8

      The Acc-ML-MLX-Admin-State attribute indicates if PPP MLX (RFC
      1934) negotiation is to be attempted on the dial-in link. It may
      be used in Access-Accept packets only.

   A summary of the Acc-ML-MLX-Admin-State Attribute format within the
   Ericsson Datacom Access vendor-specific attribute is shown below. The
   fields are transmitted left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

Ilgun                                                           [Page 9]


Internet Draft  RADIUS VSAs for Ericsson Datacom Access  20 October 1999

      10 for Acc-ML-MLX-Admin-State

   Length

      6

   Value

      The value field is four octets.

          1    Enabled
          2    Disabled

2.6 Acc-ML-Call-Threshold

   Description

      This attribute indicates the call threshold value to be used with
      the multilink group that is to be configured.  It may be used in
      Access-Accept packets only.  See Section 2.5 for more information
      about this attribute.

   A summary of the Acc-ML-Call-Threshold Attribute format within the
   Ericsson Datacom Access vendor-specific attribute is shown below. The
   fields are transmitted left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      11 for Acc-ML-Call-Threshold

   Length

      6

   Value

      The value field is four octets.  The minimum value is 0 and

Ilgun                                                          [Page 10]


Internet Draft  RADIUS VSAs for Ericsson Datacom Access  20 October 1999

      maximum value is 101.

2.7 Acc-ML-Clear-Threshold

   Description

      This attribute indicates the clear threshold value to be used with
      the multilink group that is to be configured.  It may be used in
      Access-Accept packets only.

   A summary of the Acc-ML-Clear-Threshold Attribute format within the
   Ericsson Datacom Access vendor-specific attribute is shown below. The
   fields are transmitted left-to-right.  See Section 2.5 for more
   information about this attribute.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      12 for Acc-ML-Clear-Threshold

   Length

      6

   Value

      The value field is four octets.  The minimum value is 0 and
      maximum value is 100.

2.8 Acc-ML-Damping-Factor

   Description

      This attribute indicates the damping factor value to be used with
      the multilink group that is to be configured.  It may be used in
      Access-Accept packets only.  See Section 2.5 for more information
      about this attribute.

Ilgun                                                          [Page 11]


Internet Draft  RADIUS VSAs for Ericsson Datacom Access  20 October 1999

   A summary of the Acc-ML-Damping-Factor Attribute format within the
   Ericsson Datacom Access vendor-specific attribute is shown below. The
   fields are transmitted left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      13 for Acc-ML-Damping-Factor

   Length

      6

   Value

      The value field is four octets.  The minimum value is 0 and
      maximum value is 64.

2.9 Acc-Tunnel-Secret

   Description

      This attribute sets the shared secret to support the CHAP style
      endpoint authentication used by L2TP [VAL97]. The purpose for this
      attribute is same as Tunnel-Password [ZOR98], except that Acc-
      Tunnel-Secret is sent in clear.  Therefore, Acc-Tunnel-Secret
      should only be used if the RADIUS server does not support salt
      encryption.  It may be used in Access-Accept packets only.

   A summary of the Acc-Tunnel-Secret Attribute format within the
   Ericsson Datacom Access vendor- specific attribute is shown below.
   The fields are transmitted left-to-right.

    0                   1                   2
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |     String...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Ilgun                                                          [Page 12]


Internet Draft  RADIUS VSAs for Ericsson Datacom Access  20 October 1999

   Type

      14 for Acc-Tunnel-Secret

   Length

      >= 3

   String

      The String field is one or more octets.  It is the clear text
      tunnel secret.

2.10 Acc-Service-Profile

   Description

      This attribute the service profile to be used on the dial-in link.
      It may be used in Access-Accept packets only.

      With the addition of Acc-Service-Profile VSA, RADIUS can identify
      the Service Profile to be assigned to a dial-in user.  This
      attribute should only be present in an access accept message when
      the NAS has queried RADIUS prior to answering the call.  In this
      case all RADIUS has is the called number.  The service profile
      identified by this VSA must exist on the NAS in its locally
      configured Service Profile database.  For the regular routing case
      the service profile indicates that dial-in calls to be routed
      based on the Destination IP Address received from a dial-in user.
      This service is used primarily to provide carrier-based Internet
      access.  For the called number routing case, the service profile
      forces IP dial-in calls to be specifically directed to a VPN
      customer's network.  A service profile may also indicate that
      Layer 2 Tunneling should be performed for a given dial-in user.

   A summary of the Acc-Service-Profile Attribute format within the
   Ericsson Datacom Access vendor- specific attribute is shown below.
   The fields are transmitted left-to-right.

    0                   1                   2
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |     String...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

Ilgun                                                          [Page 13]


Internet Draft  RADIUS VSAs for Ericsson Datacom Access  20 October 1999

      17 for Acc-Service-Profile

   Length

      >= 3

   String

      The String field is one or more octets.  It is the name of the
      service profile.

2.11 Acc-Request-Type

   Description

      This attribute indicates the type of the Access-Request or
      Accounting-Request packet. It may be used in Access-Request and
      Accounting-Request packets only.  The attribute values from 1 to 4
      are used in Access-Request packets, whereas 5 and 6 are used in
      Accounting-Request packets.

      An Ericsson Datacom Access NAS may send an Access-Request packet
      to the RADIUS server before it answers the call.  In this case the
      User-Name attribute includes the Called Number and the Acc-
      Request-Type attribute contains the value 1, i.e. Ring-Indication.
      A special-purpose RADIUS server (or proxy) receiving this message
      may accept or reject the call based on its policy, e.g. it may
      reject the call if the quota assigned for this Called Number has
      been exceeded.  This is useful when an ISP or TELCO outsources
      their dial-in ports to separate customers and partitions the
      customers by differentiating them based on the number they call
      in.  Ericsson Datacom Access's VPSM server product is an example
      for this type of operation.

      A value of 2 in the Acc-Request-Type field indicates that the NAS
      is attempting to authorize an outgoing call.  A value of 3
      indicates that the type of access request is for user
      authentication, which is the default behavior for the RADIUS
      authentication.  A value of 4 indicates that a tunnel
      authentication is requested by the LAC (L2TP Access Concentrator)
      in response to a tunnel request from an LNS (L2TP Network Server).

      This attribute may also be present in Accounting-Request packets.
      A value of 5 indicates that the Accounting-Request is for a PPP
      session, whereas a value of 6 indicates that the Accounting-
      Request is for a tunnel session.  The latter case also indicates
      that this accounting information is being provided for a dial-in
      session that is not authenticated at the LAC end of the tunnel,

Ilgun                                                          [Page 14]


Internet Draft  RADIUS VSAs for Ericsson Datacom Access  20 October 1999

      but possibly authenticated at the LNS end.

   A summary of the Acc-Request-Type Attribute format within the
   Ericsson Datacom Access vendor- specific attribute is shown below.
   The fields are transmitted left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      18 for Acc-Request-Type

   Length

      6

   Value

      The value field is four octets.

          1    Ring Indication
          2    Dial Request
          3    User Authentication
          4    Tunnel Authentication
          5    User Accounting
          6    Tunnel Accounting

2.12 Acc-Framed-Bridge

   Description

      This attribute indicates if Transparent (Ethernet) Bridging should
      be enabled on the dial-in link. It may be used in Access-Accept
      packets only.

   A summary of the Acc-Framed-Bridge Attribute format within the
   Ericsson Datacom Access vendor-specific attribute is shown below. The
   fields are transmitted left-to-right.

Ilgun                                                          [Page 15]


Internet Draft  RADIUS VSAs for Ericsson Datacom Access  20 October 1999

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      19 for Acc-Framed-Bridge

   Length

      6

   Value

      The value field is four octets.

          0    Disabled
          1    Enabled

2.13 Acc-Dns-Server-Pri

   Description

      This attribute indicates the primary DNS (Domain Name System)
      Server Address to be provided to the dial-in user during IPCP
      negotiation.  The IPCP protocol (RFC 1332) [MCG92] provides the
      option of negotiating the IP addresses of the primary and
      secondary DNS and NBNS (NetBIOS Name Server) servers.  The support
      for these options is specified by RFC 1877 [COB95].  The Acc-Dns-
      Server-Pri attribute may be used in Access-Accept packets only.

   A summary of the Acc-Dns-Server-Pri attribute format within the
   Ericsson Datacom Access vendor-specific attribute is shown below. The
   fields are transmitted left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Ilgun                                                          [Page 16]


Internet Draft  RADIUS VSAs for Ericsson Datacom Access  20 October 1999

   Type

      23 for Acc-Dns-Server-Pri

   Length

      6

   Value

      The value field is four octets.

2.14 Acc-Dns-Server-Sec

   Description

      This attribute indicates the secondary DNS (Domain Name System)
      Server Address to be provided to the dial-in user during IPCP
      negotiation.  The IPCP protocol (RFC 1332) [MCG92] provides the
      option of negotiating the IP addresses of the primary and
      secondary DNS and NBNS (NetBIOS Name Server) servers.  The support
      for these options is specified by RFC 1877 [COB95].  The Acc-Dns-
      Server-Sec attribute may be used in Access-Accept packets only.

   A summary of the Acc-Dns-Server-Sec attribute format within the
   Ericsson Datacom Access vendor-specific attribute is shown below. The
   fields are transmitted left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      24 for Acc-Dns-Server-Sec

   Length

      6

   Value

Ilgun                                                          [Page 17]


Internet Draft  RADIUS VSAs for Ericsson Datacom Access  20 October 1999

      The value field is four octets.

2.15 Acc-Nbns-Server-Pri

   Description

      This attribute indicates the primary NBNS (NetBIOS Name Server)
      Address to be provided to the dial-in user during IPCP
      negotiation.  The IPCP protocol (RFC 1332) [MCG92] provides the
      option of negotiating the IP addresses of the primary and
      secondary DNS (Domain Name System) and NBNS (NetBIOS Name Server)
      servers.  The support for these options is specified by RFC 1877
      [COB95].  The Acc-Nbns-Server-Pri attribute may be used in
      Access-Accept packets only.

   A summary of the  Acc-Nbns-Server-Pri attribute format within the
   Ericsson Datacom Access vendor-specific attribute is shown below. The
   fields are transmitted left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      25 for Acc-Nbns-Server-Pri

   Length

      6

   Value

      The value field is four octets.

2.16 Acc-Nbns-Server-Sec

   Description

      This attribute indicates the secondary NBNS (NetBIOS Name Server)
      Address to be provided to the dial-in user during IPCP

Ilgun                                                          [Page 18]


Internet Draft  RADIUS VSAs for Ericsson Datacom Access  20 October 1999

      negotiation.  The IPCP protocol (RFC 1332) [MCG92] provides the
      option of negotiating the IP addresses of the primary and
      secondary DNS (Domain Name System) and NBNS (NetBIOS Name Server)
      servers.  The support for these options is specified by RFC 1877
      [COB95].  The Acc-Nbns-Server-Sec attribute may be used in
      Access-Accept packets only.

   A summary of the Acc-Nbns-Server-Sec attribute format within the
   Ericsson Datacom Access vendor-specific attribute is shown below. The
   fields are transmitted left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      26 for Acc-Nbns-Server-Sec

   Length

      6

   Value

      The value field is four octets.

2.17 Acc-Ip-Compression

   Description

      This attribute indicates whether VJ Header Compression should be
      enabled for the dial-in user's IP traffic. The Acc-Ip-Compression
      attribute may be used in Access-Accept packets only.

   A summary of the Acc-Ip-Compression attribute format within the
   Ericsson Datacom Access vendor-specific attribute is shown below. The
   fields are transmitted left-to-right.

Ilgun                                                          [Page 19]


Internet Draft  RADIUS VSAs for Ericsson Datacom Access  20 October 1999

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      28 for Acc-Ip-Compression

   Length

      6

   Value

      The value field is four octets.

          0    Disabled
          1    Enabled

2.18 Acc-Ipx-Compression

   Description

      This attribute indicates whether Header Compression should be
      enabled for the dial-in user's IPX traffic. The Acc-Ipx-
      Compression attribute may be used in Access-Accept packets only.

   A summary of the Acc-Ipx-Compression attribute format within the
   Ericsson Datacom Access vendor-specific attribute is shown below. The
   fields are transmitted left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

Ilgun                                                          [Page 20]


Internet Draft  RADIUS VSAs for Ericsson Datacom Access  20 October 1999

      29 for Acc-Ipx-Compression

   Length

      6

   Value

      The value field is four octets.

          0    Disabled
          1    Enabled

2.19 Acc-Callback-Delay

   Description

      This attribute specifies the delay time in seconds before the
      remote side is called back. The Acc-Callback-Delay attribute may
      be used in Access-Accept packets only.

   A summary of the Acc-Callback-Delay attribute format within the
   Ericsson Datacom Access vendor-specific attribute is shown below. The
   fields are transmitted left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      34 for Acc-Callback-Delay

   Length

      6

   Value

      The value field is four octets.

Ilgun                                                          [Page 21]


Internet Draft  RADIUS VSAs for Ericsson Datacom Access  20 October 1999

2.19 Acc-Callback-Num-Valid

   Description

      This attribute specifies the acceptable callback number for the
      remote site to be called back.  Each dial-in user may be
      associated with zero or more valid number attributes.  If this
      attribute is not used then the callback will proceed as usual.
      Also, if the Acc-Callback-Mode (see Section 2.21) is not one of 3
      (User-Specified-E-164) and 6 (CBCP-Callback) then the valid number
      filtering will not be performed.  Otherwise, if this attribute is
      returned in an Access-Reply message, then the callback number
      negotiated from the callback phase will be compared to the numbers
      in this attribute.  Multiple instances (up to 16) of this
      attribute can be returned in the same Access-Reply message.  This
      attribute contains a string (valid characters: representing a
      number filter.  'x' and 'X' represent single character wildcards,
      and '-' character is ignored during filtering.  The matching
      starts from the end of the string. The filter string specified in
      this attribute must be at least the same length as the callback
      number (excluding the '-' characters).  If the negotiated callback
      number is determined to be valid then callback will proceed,
      otherwise no callback will be made. The Acc-Callback-Num-Valid
      attribute may be used in Access-Accept packets only.

   A summary of the Acc-Callback-Num-Valid attribute format within the
   Ericsson Datacom Access vendor-specific attribute is shown below. The
   fields are transmitted left-to-right.

    0                   1                   2
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |     String...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      35 for Acc-Callback-Num-Valid

   Length

      >= 3

   Value

Ilgun                                                          [Page 22]


Internet Draft  RADIUS VSAs for Ericsson Datacom Access  20 October 1999

      The String field is one or more octets.

2.21 Acc-Callback-Mode

   Description

      This attribute indicates what type of callback should be performed
      for the dial-in user.  A value of 0 (User-Auth) indicates the
      callback will depend on the user authentication.  A value of 3
      (User-Specified-E-164) indicates the callback will be done to the
      user specified callback number.  A value of 6 (CBCP-Callback)
      indicates callback will be negotiated using CBCP.  A value of 7
      (CLI-Callback) indicates CLI (Calling Line Identifier) type
      callback will be used.  The Acc-Callback-Mode attribute may be
      used in Access-Accept packets only.

   A summary of the Acc-Callback-Mode attribute format within the
   Ericsson Datacom Access vendor-specific attribute is shown below. The
   fields are transmitted left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      36 for Acc-Callback-Mode

   Length

      6

   Value

      The value field is four octets.

          0    User-Auth
          3    User-Specified-E-164
          6    CBCP-Callback
          7    CLI-Callback

Ilgun                                                          [Page 23]


Internet Draft  RADIUS VSAs for Ericsson Datacom Access  20 October 1999

2.22 Acc-Callback-CBCP-Type

   Description

      This attribute indicates the type of CBCP to be used for the
      dial-in user.  The Acc-Callback-CBCP-Type attribute may be used in
      Access-Accept packets only.

   A summary of the Acc-Callback-CBCP-Type attribute format within the
   Ericsson Datacom Access vendor-specific attribute is shown below. The
   fields are transmitted left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      37 for Acc-Callback-CBCP-Type

   Length

      6

   Value

      The value field is four octets.

          CBCP-None                 1
          CBCP-User-Specified       2
          CBCP-Pre-Specified        3

2.23 Acc-Dialout-Auth-Mode

   Description

      This attribute indicates the type of authentication to be used for
      the dialout of the callback session.  The Acc-Dialout-Auth-Mode
      attribute may be used in Access-Accept packets only.

Ilgun                                                          [Page 24]


Internet Draft  RADIUS VSAs for Ericsson Datacom Access  20 October 1999

   A summary of the Acc-Dialout-Auth-Mode attribute format within the
   Ericsson Datacom Access vendor-specific attribute is shown below. The
   fields are transmitted left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      38 for Acc-Dialout-Auth-Mode

   Length

      6

   Value

      The value field is four octets.

          PAP       1
          CHAP      2
          CHAP-PAP  3
          NONE      4

2.24 Acc-Dialout-Auth-Password

   Description

      This attribute indicates the password to be used for the outgoing
      authentication of the callback.  The Acc-Dialout-Auth-Password
      attribute may be used in Access-Accept packets only.

   A summary of the Acc-Dialout-Auth-Password attribute format within
   the Ericsson Datacom Access vendor-specific attribute is shown below.
   The fields are transmitted left-to-right.

Ilgun                                                          [Page 25]


Internet Draft  RADIUS VSAs for Ericsson Datacom Access  20 October 1999

    0                   1                   2
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |     String...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      36 for Acc-Dialout-Auth-Password

   Length

      >= 3

   Value

      The String field is one or more octets.

2.25 Acc-Dialout-Auth-Username

   Description

      This attribute indicates the username to be used for the outgoing
      authentication of the callback.  The Acc-Dialout-Auth-Username
      attribute may be used in Access-Accept packets only.

   A summary of the Acc-Dialout-Auth-Username attribute format within
   the Ericsson Datacom Access vendor-specific attribute is shown below.
   The fields are transmitted left-to-right.

    0                   1                   2
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |     String...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      37 for Acc-Dialout-Auth-Username

   Length

      >= 3

Ilgun                                                          [Page 26]


Internet Draft  RADIUS VSAs for Ericsson Datacom Access  20 October 1999

   Value

      The String field is one or more octets.

2.26 Acc-Access-Community

   Description

      This attribute indicates SNMP community name for the RADIUS
      authenticated console login session.  The Acc-Access-Community
      attribute may be used in Access-Accept packets only.

   A summary of the Acc-Access-Community attribute format within the
   Ericsson Datacom Access vendor-specific attribute is shown below. The
   fields are transmitted left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      42 for Acc-Access-Community

   Length

      6

   Value

      The value field is four octets.

          PUBLIC  1
          NETMAN  2

2.27 Acc-Vpsm-Reject-Cause

   Description

      This attribute indicates the rejection reason by VPSM (Virtual

Ilgun                                                          [Page 27]


Internet Draft  RADIUS VSAs for Ericsson Datacom Access  20 October 1999

      Port Service Manager) sent in response to an Access Request.  The
      Acc-Vpsm-Reject-Cause attribute may be used in Access-Reject
      packets only.

   A summary of the Acc-Vspm-Reject-Cause attribute format within the
   Ericsson Datacom Access vendor-specific attribute is shown below. The
   fields are transmitted left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      43 for Acc-Vpsm-Reject-Cause

   Length

      6

   Value

      The value field is four octets.

          No-Access-Partition             1
          Access-Partition-Disabled       2
          Partition-Portlimit-Exceeded    3
          License-Portlimit-Exceeded      4
          Home-Server-Down                5
          Rejected-By-Home-Server         6
          NAS-Administratively-Disabled   7

2.28 Acc-Ace-Token

   Description

      This attribute is used to carry a user entered "passcode" for ACE
      authentication.  Steel Belted Radius proxies this information to
      the ACE authentication server.  The Acc-Ace-Token attribute may be
      used in Access-Challenge and Access-Request packets only.

Ilgun                                                          [Page 28]


Internet Draft  RADIUS VSAs for Ericsson Datacom Access  20 October 1999

   A summary of the Acc-Ace-Token attribute format within the Ericsson
   Datacom Access vendor-specific attribute is shown below. The fields
   are transmitted left-to-right.

    0                   1                   2
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |     String...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      44 for Acc-Ace-Token

   Length

      >= 3

   String

      The string field is one or more octets and carries the user
      entered passcode.

2.29 Acc-Ace-Token-Ttl

   Description

      This attribute indicates the time to live (TTL) in seconds for an
      ACE token of a dial-in user.  When the user is authenticated using
      Steel Belted Radius (with token caching) the server returns a
      configured TTL for that user.  This allows the NAS to make an
      educated guess to when the cached token will expire in the RADIUS
      cache.  If a value is not specified, the TTL is set to zero, which
      indicates that no caching will be used.  The Acc-Ace-Token-Ttl
      attribute may be used in Access-Accept packets only.

   A summary of the Acc-Ace-Token-Ttl attribute format within the
   Ericsson Datacom Access vendor-specific attribute is shown below. The
   fields are transmitted left-to-right.

Ilgun                                                          [Page 29]


Internet Draft  RADIUS VSAs for Ericsson Datacom Access  20 October 1999

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      45 for Acc-Ace-Token-Ttl

   Length

      6

   Value

      The value field is four octets and it can be from 0 to 65535 (in
      seconds).

2.30 Acc-Ip-Pool-Name

   Description

      This attribute The Acc-Ip-Pool-Name attribute contains a string
      identifying an IP address pool name to be used for assigning an IP
      address from a pool configured on the NAS with the same name.
      This attribute may only be used if the IP address attribute
      indicates an IP assigned by NAS (Framed-IP-Address =
      255.255.255.254).  The Acc-Ip-Pool-Name may be used in Access-
      Accept packets only.

   A summary of the Acc-Ip-Pool-Name attribute format within the
   Ericsson Datacom Access vendor-specific attribute is shown below. The
   fields are transmitted left-to-right.

    0                   1                   2
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |     String...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Ilgun                                                          [Page 30]


Internet Draft  RADIUS VSAs for Ericsson Datacom Access  20 October 1999

   Type

      46 for Acc-Ip-Pool-Name

   Length

      >= 3

   String

      The string field is one or more octets, and should match the name
      of an IP address pool configured on the NAS.

2.31 Acc-Igmp-Admin-State

   Description

      This attribute indicates the administrative state of IGMP for a
      dial-in user.  The Acc-Igmp-Admin-State attribute may be used in
      Access-Accept packets only.

   A summary of the Acc-Igmp-Admin-State attribute format within the
   Ericsson Datacom Access vendor-specific attribute is shown below. The
   fields are transmitted left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      47 for Acc-Igmp-Admin-State

   Length

      6

   Value

Ilgun                                                          [Page 31]


Internet Draft  RADIUS VSAs for Ericsson Datacom Access  20 October 1999

      The value field is four octets.

          Enabled     1
          Disabled    2

2.32 Acc-Igmp-Version

   Description

      This attribute indicates the version of IGMP that will be used by
      a dial-in user.  The Acc-Igmp-Version attribute may be used in
      Access-Accept packets only.

   A summary of the Acc-Igmp-Version attribute format within the
   Ericsson Datacom Access vendor-specific attribute is shown below. The
   fields are transmitted left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      48 for Acc-Igmp-Version

   Length

      6

   Value

      The value field is four octets.

          V1    1
          V2    2

3. Ericsson Datacom Access Radius Accounting Attributes

   The table below indicates how the accounting vendor-specific
   attributes are used in the accounting request packets. The attributes

Ilgun                                                          [Page 32]


Internet Draft  RADIUS VSAs for Ericsson Datacom Access  20 October 1999

   with (*) are accounting specific attributes. An X indicates in which
   type of Accounting-Request packet the attribute may be included.
   Note that any Accounting-Request packet may include a copy of all the
   configuration attributes.  The attributes listed below with no (X)
   associated with them may be used in any Accounting-Request packet,
   though they are not Accounting specific attributes.

     +-------------------------------+--------+-------+------+---------+
     | Attribute Name                | Number | Start | Stop | Interim |
     +-------------------------------+--------+-------+------+---------+
     | Acc-Reason-Code (*)           |   1    |       |  X   |         |
     | Acc-Ccp-Option                |   2    |       |      |         |
     | Acc-Input-Errors (*)          |   3    |       |  X   |    X    |
     | Acc-Output-Errors (*)         |   4    |       |  X   |    X    |
     | Acc-Access-Partition (*)      |   5    |   X   |  X   |    X    |
     | Acc-Customer-Id (*)           |   6    |   X   |  X   |    X    |
     | Acc-Ip-Gateway-Pri            |   7    |       |      |         |
     | Acc-Ip-Gateway-Sec            |   8    |       |      |         |
     | Acc-Route-Policy              |   9    |       |      |         |
     | Acc-ML-MLX-Admin-State        |   10   |       |      |         |
     | Acc-ML-Call-Threshold         |   11   |       |      |         |
     | Acc-ML-Clear-Threshold        |   12   |       |      |         |
     | Acc-ML-Damping-Factor         |   13   |       |      |         |
     | Acc-Clearing-Cause (*)        |   15   |       |  X   |         |
     | Acc-Clearing-Location (*)     |   16   |       |  X   |         |
     | Acc-Service-Profile           |   17   |   X   |  X   |    X    |
     | Acc-Request-Type              |   18   |   X   |  X   |    X    |
     | Acc-Framed-Bridge             |   19   |       |      |         |
     | Acc-Vpsm-Oversubscribed (*)   |   20   |   X   |  X   |         |
     | Acc-Acct-On-Off-Reason (*)    |   21   |       |      |         |
     | Acc-Tunnel-Port (*)           |   22   |   X   |  X   |    X    |
     | Acc-Dns-Server-Pri            |   23   |       |      |         |
     | Acc-Dns-Server-Sec            |   24   |       |      |         |
     | Acc-Nbns-Server-Pri           |   25   |       |      |         |
     | Acc-Nbns-Server-Sec           |   26   |       |      |         |
     | Acc-Dial-Port-Index (*)       |   27   |   X   |  X   |    X    |
     | Acc-Ip-Compression            |   28   |       |      |         |
     | Acc-Ipx-Compression           |   29   |       |      |         |
     | Acc-Connect-Tx-Speed (*)      |   30   |   X   |  X   |    X    |
     | Acc-Connect-Rx-Speed (*)      |   31   |   X   |  X   |    X    |
     | Acc-Modem-Modulation-Type (*) |   32   |   X   |  X   |    X    |
     | Acc-Modem-Error-Protocol (*)  |   33   |   X   |  X   |    X    |
     | Acc-Callback-Delay            |   34   |       |      |         |
     | Acc-Callback-Num-Valid        |   35   |       |      |         |
     | Acc-Callback-Mode             |   36   |       |      |         |
     | Acc-Callback-CBCP-Type        |   37   |       |      |         |
     | Acc-Dialout-Auth-Mode         |   38   |       |      |         |
     | Acc-Dialout-Auth-Password     |   39   |       |      |         |

Ilgun                                                          [Page 33]


Internet Draft  RADIUS VSAs for Ericsson Datacom Access  20 October 1999

     | Acc-Dialout-Auth-UserName     |   40   |       |      |         |
     | Acc-Access-Community          |   42   |       |      |         |
     | Acc-Vpsm-Reject-Cause         |   43   |       |      |         |
     | Acc-Ace-Token                 |   44   |       |      |         |
     | Acc-Ace-Token-Ttl             |   45   |       |      |         |
     | Acc-Ip-Pool-Name              |   46   |       |      |         |
     | Acc-Igmp-Admin-State          |   47   |       |      |         |
     | Acc-Igmp-Version              |   48   |       |      |         |
     +-------------------------------+--------+-------+------+---------+

3.1 Acc-Reason-Code

   Description

      This attribute provides an extension to the standard Acct-
      Terminate-Cause attribute. It provides more detail on the
      termination reason for a call.

   A summary of the Acc-Reason-Code Attribute format within the Ericsson
   Datacom Access vendor- specific attribute is shown below. The fields
   are transmitted left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      1 for Acc-Reason-Code

   Length

      6

   Value

      The value field is four octets.

          0    no reason given/no failure
          1    resource shortage
          2    session already open
          3    too many RADIUS users

Ilgun                                                          [Page 34]


Internet Draft  RADIUS VSAs for Ericsson Datacom Access  20 October 1999

          4    no authentication server
          5    no authentication response
          6    no accounting server
          7    no accounting response
          8    access denied
          9    temporary buffer shortage
          10   protocol error
          11   invalid attribute
          12   invalid service type
          13   invalid framed protocol
          14   invalid attribute value
          15   invalid user information
          16   invalid IP address
          17   invalid integer syntax
          18   invalid NAS port
          19   requested by user
          20   network disconnect
          21   service interruption
          22   physical port error
          23   idle timeout
          24   session timeout
          25   administrative reset
          26   NAS reload or reset
          27   NAS error
          28   NAS request
          29   undefined reason given
          30   conflicting attributes
          31   port limit exceeded
          32   facility not available
          33   internal configuration error
          34   bad route specification
          35   Access Partition bind failure
          36   security violation
          37   request type conflict
          38   configuration disallowed
          39   missing attribute
          40   invalid request
          41   missing parameter
          42   invalid parameter
          43   call cleared with cause
          44   inopportune config request
          45   invalid config parameter
          46   missing config parameter
          47   incompatible service profile
          48   administrative reset
          49   administrative reload
          50   port unneeded
          51   port preempted

Ilgun                                                          [Page 35]


Internet Draft  RADIUS VSAs for Ericsson Datacom Access  20 October 1999

          52   port suspended
          53   service unavailable
          54   callback
          55   user error
          56   host request

3.2 Acc-Input-Errors

   Description

      This attribute indicates the number of receive errors on the
      physical port the dial- in user was connected to.

   A summary of the Acc-Input-Errors Attribute format within the
   Ericsson Datacom Access vendor- specific attribute is shown below.
   The fields are transmitted left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      3 for Acc-Input-Errors

   Length

      6

   Value

      The value field is four octets.

3.3 Acc-Output-Errors

   Description

      This attribute indicates the number of send errors on the physical
      port the dial-in user was connected to.

Ilgun                                                          [Page 36]


Internet Draft  RADIUS VSAs for Ericsson Datacom Access  20 October 1999

   A summary of the Acc-Output-Errors Attribute format within the
   Ericsson Datacom Access vendor- specific attribute is shown below.
   The fields are transmitted left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      4 for Acc-Output-Errors

   Length

      6

   Value

      The value field is four octets.

3.4 Acc-Access-Partition

   Description

      This attribute specifies the name of the Access Partition the
      dial-in user is assigned to.  Access Partitioning [EDA97a] gives
      carriers the ability to partition dial-in resources and assign
      these partitions to dial-in Virtual Private Networks.

   A summary of the Acc-Access-Partition Attribute format within the
   Ericsson Datacom Access vendor- specific attribute is shown below.
   The fields are transmitted left-to-right.

    0                   1                   2
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |     String...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

Ilgun                                                          [Page 37]


Internet Draft  RADIUS VSAs for Ericsson Datacom Access  20 October 1999

      5 for Acc-Access-Partition

   Length

      >= 3

   String

      The String field is one or more octets.

3.5 Acc-Customer-Id

   Description

      This attribute specifies the Id of the Customer the dial-in user
      is associated with.

   A summary of the Acc-Customer-Id Attribute format within the Ericsson
   Datacom Access vendor- specific attribute is shown below. The fields
   are transmitted left-to-right.

    0                   1                   2
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |     String...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      6 for Acc-Customer-Id

   Length

      >= 3

   Value

      The String field is one or more octets.

3.6 Acc-Clearing-Cause

   Description

      This attribute provides an extension to the Acc-Reason-Code
      attribute. It provides more detail if Acc-Reason-Code indicates
      Call-Cleared-With-Cause (43).

Ilgun                                                          [Page 38]


Internet Draft  RADIUS VSAs for Ericsson Datacom Access  20 October 1999

   A summary of the Acc-Clearing-Cause Attribute format within the
   Ericsson Datacom Access vendor- specific attribute is shown below.
   The fields are transmitted left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      15 for Acc-Clearing-Cause

   Length

      6

   Value

      The value field is four octets.

          0    cause unspecified
          1    unassigned number
          2    no route to transit network
          3    no route to destination
          6    channel unacceptable
          7    call awarded being delivered
          16   normal clearing
          17   user busy
          18   no user responding
          19   user alerted no answer
          21   call rejected
          22   number changed
          26   non selected user clearing
          27   destination out of order
          28   invalid or incomplete number
          29   facility rejected
          30   response to status inquiry
          31   normal unspecified cause
          34   no circuit or channel available
          38   network out of order
          41   temporary failure
          42   switching equipment congestion

Ilgun                                                          [Page 39]


Internet Draft  RADIUS VSAs for Ericsson Datacom Access  20 October 1999

          43   access information discarded
          44   circuit or channel unavailable
          45   circuit or channel preempted
          47   resources unavailable
          49   quality of service unavailable
          50   facility not subscribed
          52   outgoing calls barred
          54   incoming calls barred
          57   bearer capability unauthorized
          58   bearer capability not available
          63   service not available
          65   bearer capability not implemented
          66   channel type not implemented
          69   facility not implemented
          70   restricted digital information only
          79   service not implemented
          81   invalid call reference
          82   identified channel does not exist
          83   call identity does not exist
          84   call identity in use
          85   no call suspended
          86   suspended call cleared
          88   incompatible destination
          91   invalid transit network selection
          95   invalid message
          96   mandatory information element missing
          97   message not implemented
          98   inopportune message
          99   information element not implemented
          100  invalid information element contents
          101  message incompatible with state
          102  recovery on timer expiration
          103  mandatory information element length error
          111  protocol error
          127  interworking

3.7 Acc-Clearing-Location

   Description

      This attribute provides an extension to the Acc-Reason-Code
      attribute. It provides detail on where the call has been cleared.

   A summary of the Acc-Clearing-Location Attribute format within the
   Ericsson Datacom Access vendor-specific attribute is shown below. The
   fields are transmitted left-to-right.

Ilgun                                                          [Page 40]


Internet Draft  RADIUS VSAs for Ericsson Datacom Access  20 October 1999

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      16 for Acc-Clearing-Location

   Length

      6

   Value

      The value field is four octets

          0   local or remote user
          1   private network serving local user
          2   public network serving local user
          3   transit network
          4   private network serving remote user
          5   public network serving remote user
          6   international network
          10  beyond interworking point

3.8 Acc-Vpsm-Oversubscribed

   Description

      This attribute is specific to Ericsson Datacom Access's VPSM
      (Virtual Port Service Manager) server software.  VPSM runs as a
      proxy RADIUS server between an Ericsson Datacom Access NAS and a
      home RADIUS server.  If the VPSM server detects that this
      connection caused the corresponding Access Partition quota to be
      exceeded, the Accounting-Start record for the connection will
      include the Acc-Vpsm-Oversubscribed attribute with a value of 2
      (True).

   A summary of the Acc-Vpsm-Oversubscribed Attribute format within the
   Ericsson Datacom Access vendor-specific attribute is shown below. The
   fields are transmitted left-to-right.

Ilgun                                                          [Page 41]


Internet Draft  RADIUS VSAs for Ericsson Datacom Access  20 October 1999

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      20 for Acc-Vpsm-Oversubscribed

   Length

      6

   Value

      The value field is four octets.

          1   False
          2   True

3.9 Acc-Acct-On-Off-Reason

   Description

      This attribute provides a reason code for why the Accounting-On or
      Accounting- Off message is sent.

   A summary of the Acc-Acct-On-Off-Reason Attribute format within the
   Ericsson Datacom Access vendor-specific attribute is shown below. The
   fields are transmitted left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      21 for Acc-Acct-On-Off-Reason

Ilgun                                                          [Page 42]


Internet Draft  RADIUS VSAs for Ericsson Datacom Access  20 October 1999

   Length

      6

   Value

      The value field is four octets.

          0    NAS Reset
          1    NAS Reload
          2    Configuration Reset
          3    Configuration Reload
          4    Enabled
          5    Disabled

3.10 Acc-Tunnel-Port

   Description

      This attribute indicates the index of the Tunnel Port the dial-in
      user is connected to.

   A summary of the Acc-Tunnel-Port attribute format within the Ericsson
   Datacom Access vendor-specific attribute is shown below. The fields
   are transmitted left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      22 for Acc-Tunnel-Port

   Length

      6

   Value

      The value field is four octets.

Ilgun                                                          [Page 43]


Internet Draft  RADIUS VSAs for Ericsson Datacom Access  20 October 1999

3.11 Acc-Dial-Port-Index

   Description

      This attribute indicates the index of the Dial Port the dial-in
      user is connected to.

   A summary of the Acc-Dial-Port-Index attribute format within the
   Ericsson Datacom Access vendor-specific attribute is shown below. The
   fields are transmitted left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      27 for Acc-Dial-Port-Index

   Length

      6

   Value

      The value field is four octets.

3.12 Acc-Connect-Tx-Speed

   Description

      This attribute indicates the transmit speed that is negotiated on
      the NAS port for this dial-in connection. If an LNS (L2TP Network
      Server) is generating this accounting record, then the value is
      passed to the LNS from a LAC (L2TP Access Concentrator).

   A summary of the Acc-Connect-Tx-Speed attribute format within the
   Ericsson Datacom Access vendor-specific attribute is shown below. The
   fields are transmitted left-to-right.

Ilgun                                                          [Page 44]


Internet Draft  RADIUS VSAs for Ericsson Datacom Access  20 October 1999

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      30 for Acc-Connect-Tx-Speed

   Length

      6

   Value

      The value field is four octets.

3.13 Acc-Connect-Rx-Speed

   Description

      This attribute indicates the receive speed that is negotiated on
      the NAS port for this dial-in connection.  If an LNS (L2TP Network
      Server) is generating this accounting record, then the value is
      passed to the LNS from a LAC (L2TP Access Concentrator).

   A summary of the Acc-Connect-Rx-Speed attribute format within the
   Ericsson Datacom Access vendor-specific attribute is shown below. The
   fields are transmitted left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      31 for Acc-Connect-Rx-Speed

Ilgun                                                          [Page 45]


Internet Draft  RADIUS VSAs for Ericsson Datacom Access  20 October 1999

   Length

      6

   Value

      The value field is four octets.

3.14 Acc-Modem-Modulation-Type

   Description

      This attribute indicates the modem modulation type that is used on
      the NAS port for this dial-in connection.  This attribute is only
      available if the dial-in NAS port is a modem port.

   A summary of the Acc-Modem-Modulation-Type attribute format within
   the Ericsson Datacom Access vendor-specific attribute is shown below.
   The fields are transmitted left-to-right.

    0                   1                   2
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |     String...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      32 for Acc-Modem-Modulation-Type

   Length

      >=3

   Value

      The value field is four octets.

3.15 Acc-Modem-Error-Protocol

   Description

      This attribute indicates the modem error protocol that is used on
      the NAS port for this dial-in connection.  This attribute is only
      available if the dial-in NAS port is a modem port.

Ilgun                                                          [Page 46]


Internet Draft  RADIUS VSAs for Ericsson Datacom Access  20 October 1999

   A summary of the Acc-Modem-Error-Protocol attribute format within the
   Ericsson Datacom Access vendor-specific attribute is shown below. The
   fields are transmitted left-to-right.

    0                   1                   2
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |     String...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      33 for Acc-Modem-Error-Protocol

   Length

      >=3

   Value

      The value field is four octets.

4. Security Considerations

   Security issues regarding the RADIUS protocol are discussed in RFC
   2138 [RIG97a] and RFC 2139 [RIG97b].  The use of Acc-Tunnel-Secret
   attribute is insecure. The Tunnel-Password attribute, defined in
   [ZOR98], should be used whenever possible and Acc-Tunnel-Secret
   attribute should only be used if the RADIUS server does not support
   salt encryption.

5. References

       [EDA97a]  "Access Partitioning" White Paper,
                 available via http://www.acc.com,
                 Ericsson Datacom Access, August 1997

       [EDA97b]  "RADIUS Implementation" White Paper,
                 available via http://www.acc.com,
                 Ericsson Datacom Access, January 1998

       [COB95]   Cobb, S., PPP Internet Protocol Control Protocol
                 Extensions for Name Server Addresses,
                 RFC 1877, Microsoft, December 1995.

       [GID94]   Gidwani, N., Proposal for Callback Control Protocol (CBCP),
                 draft-ietf-pppext-callback-cp-02.txt, Microsoft, July 1994.

Ilgun                                                          [Page 47]


Internet Draft  RADIUS VSAs for Ericsson Datacom Access  20 October 1999

       [MCG92]   McGregor, G., PPP Internet Control Protocol",
                 RFC 1332, Merit, May 1992.

       [RAN96]   Rand, D., The PPP Compression Control Protocol (CCP),
                 RFC 1962, Novell, June 1996.

       [RIG97a]  Rigney, C., Remote Authentication Dial In User Service
                 (RADIUS), RFC 2138, Livingston, April 1997.

       [RIG97b]  Rigney, C., et al, RADIUS Accounting,
                 RFC 2139, Livingston, April 1997.

       [SIM98]   Simpson, W., PPP LCP CallBack,
                 draft-ietf-pppext-callback-ds-02.txt, Daydreamer, August
1998.

       [SKL96]   Sklower, K., et al, The PPP Multilink Protocol (MP),
                 RFC 1990, UC Berkeley, August 1996.

       [SMI96]   Smith, K., Ascend's Multilink Protocol Plus (MP+),
                 Ascend, RFC 1934, August 1996.

       [VAL97]   Valencia, et al., Layer Two Tunneling Protocol (L2TP),
                 draft-ietf-pppext-l2tp-06.txt, June 1997.

       [ZOR98]   Zorn, G., et al, RADIUS Attributes for Tunnel
                 Protocol Support, draft-ietf-radius-tunnel-auth-05.txt,
                 Microsoft-Ascend-Shiva, April 1998.

6. Expiration Date

   This document expires June 1, 1999.

7. Author's Address

   Koral Ilgun
   Ericsson Inc.
   Datacom Networks and IP Services
   Access Product Unit
   340 Storke Road
   Santa Barbara, CA 93117

   Phone: (805) 961-0279

   E-Mail: koral@acc.com

Ilgun                                                          [Page 48]