RADIUS and IPv6
RFC 3162
| Document | Type |
RFC - Proposed Standard
(August 2001; Errata)
Updated by RFC 8044
Was draft-aboba-radius-ipv6 (individual)
|
|
|---|---|---|---|
| Last updated | 2013-03-02 | ||
| Stream | Legacy | ||
| Formats | plain text pdf html bibtex | ||
| Stream | Legacy state | (None) | |
| Consensus Boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | RFC 3162 (Proposed Standard) | |
| Telechat date | |||
| Responsible AD | (None) | ||
| Send notices to | (None) | ||
Network Working Group B. Aboba
Request for Comments: 3162 Microsoft
Category: Standards Track G. Zorn
Cisco Systems
D. Mitton
Circular Logic UnLtd.
August 2001
RADIUS and IPv6
Status of this Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2001). All Rights Reserved.
Abstract
This document specifies the operation of RADIUS (Remote
Authentication Dial In User Service) when run over IPv6 as well as
the RADIUS attributes used to support IPv6 network access.
1. Introduction
This document specifies the operation of RADIUS [4]-[8] over IPv6
[13] as well as the RADIUS attributes used to support IPv6 network
access.
Note that a NAS sending a RADIUS Access-Request may not know a-priori
whether the host will be using IPv4, IPv6, or both. For example,
within PPP, IPv6CP [11] occurs after LCP, so that address assignment
will not occur until after RADIUS authentication and authorization
has completed.
Therefore it is presumed that the IPv6 attributes described in this
document MAY be sent along with IPv4-related attributes within the
same RADIUS message and that the NAS will decide which attributes to
use. The NAS SHOULD only allocate addresses and prefixes that the
client can actually use, however. For example, there is no need for
Aboba, et al. Standards Track [Page 1]
RFC 3162 RADIUS and IPv6 August 2001
the NAS to reserve use of an IPv4 address for a host that only
supports IPv6; similarly, a host only using IPv4 or 6to4 [12] does
not require allocation of an IPv6 prefix.
The NAS can provide IPv6 access natively, or alternatively, via other
methods such as IPv6 within IPv4 tunnels [15] or 6over4 [14]. The
choice of method for providing IPv6 access has no effect on RADIUS
usage per se, although if it is desired that an IPv6 within IPv4
tunnel be opened to a particular location, then tunnel attributes
should be utilized, as described in [6], [7].
1.1. Requirements language
In this document, the key words "MAY", "MUST, "MUST NOT", "optional",
"recommended", "SHOULD", and "SHOULD NOT", are to be interpreted as
described in [1].
2. Attributes
2.1. NAS-IPv6-Address
Description
This Attribute indicates the identifying IPv6 Address of the NAS
which is requesting authentication of the user, and SHOULD be
unique to the NAS within the scope of the RADIUS server. NAS-
IPv6-Address is only used in Access-Request packets. NAS-IPv6-
Address and/or NAS-IP-Address MAY be present in an Access-Request
packet; however, if neither attribute is present then NAS-
Identifier MUST be present.
A summary of the NAS-IPv6-Address Attribute format is shown below.
The fields are transmitted from left to right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Address
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Address
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Address
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Address
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Aboba, et al. Standards Track [Page 2]
RFC 3162 RADIUS and IPv6 August 2001
Type
95 for NAS-IPv6-Address
Length
18
Address
The Address field is 16 octets.
3.2. Framed-Interface-Id
Description
This Attribute indicates the IPv6 interface identifier to be
configured for the user. It MAY be used in Access-Accept packets.
If the Interface-Identifier IPv6CP option [11] has been
successfully negotiated, this Attribute MUST be included in an
Access-Request packet as a hint by the NAS to the server that it
would prefer that value. It is recommended, but not required,
Show full document text