RADIUS and IPv6
RFC 3162

Document Type RFC - Proposed Standard (August 2001; Errata)
Updated by RFC 8044
Was draft-aboba-radius-ipv6 (individual)
Last updated 2013-03-02
Stream Legacy
Formats plain text pdf html bibtex
Stream Legacy state (None)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state RFC 3162 (Proposed Standard)
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                           B. Aboba
Request for Comments: 3162                                     Microsoft
Category: Standards Track                                        G. Zorn
                                                           Cisco Systems
                                                               D. Mitton
                                                   Circular Logic UnLtd.
                                                             August 2001

                            RADIUS and IPv6

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2001).  All Rights Reserved.

Abstract

   This document specifies the operation of RADIUS (Remote
   Authentication Dial In User Service) when run over IPv6 as well as
   the RADIUS attributes used to support IPv6 network access.

1.  Introduction

   This document specifies the operation of RADIUS [4]-[8] over IPv6
   [13] as well as the RADIUS attributes used to support IPv6 network
   access.

   Note that a NAS sending a RADIUS Access-Request may not know a-priori
   whether the host will be using IPv4, IPv6, or both.  For example,
   within PPP, IPv6CP [11] occurs after LCP, so that address assignment
   will not occur until after RADIUS authentication and authorization
   has completed.

   Therefore it is presumed that the IPv6 attributes described in this
   document MAY be sent along with IPv4-related attributes within the
   same RADIUS message and that the NAS will decide which attributes to
   use.  The NAS SHOULD only allocate addresses and prefixes that the
   client can actually use, however.  For example, there is no need for

Aboba, et al.               Standards Track                     [Page 1]
RFC 3162                    RADIUS and IPv6                  August 2001

   the NAS to reserve use of an IPv4 address for a host that only
   supports IPv6; similarly, a host only using IPv4 or 6to4 [12] does
   not require allocation of an IPv6 prefix.

   The NAS can provide IPv6 access natively, or alternatively, via other
   methods such as IPv6 within IPv4 tunnels [15] or 6over4 [14].  The
   choice of method for providing IPv6 access has no effect on RADIUS
   usage per se, although if it is desired that an IPv6 within IPv4
   tunnel be opened to a particular location, then tunnel attributes
   should be utilized, as described in [6], [7].

1.1.  Requirements language

   In this document, the key words "MAY", "MUST, "MUST NOT", "optional",
   "recommended", "SHOULD", and "SHOULD NOT", are to be interpreted as
   described in [1].

2.  Attributes

2.1.  NAS-IPv6-Address

   Description

      This Attribute indicates the identifying IPv6 Address of the NAS
      which is requesting authentication of the user, and SHOULD be
      unique to the NAS within the scope of the RADIUS server.  NAS-
      IPv6-Address is only used in Access-Request packets.  NAS-IPv6-
      Address and/or NAS-IP-Address MAY be present in an Access-Request
      packet; however, if neither attribute is present then NAS-
      Identifier MUST be present.

   A summary of the NAS-IPv6-Address Attribute format is shown below.
   The fields are transmitted from left to right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Address
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                                Address
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                                Address
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                                Address
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
               Address             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Aboba, et al.               Standards Track                     [Page 2]
RFC 3162                    RADIUS and IPv6                  August 2001

   Type

      95 for NAS-IPv6-Address

   Length

      18

   Address

      The Address field is 16 octets.

3.2.  Framed-Interface-Id

   Description

      This Attribute indicates the IPv6 interface identifier to be
      configured for the user.  It MAY be used in Access-Accept packets.
      If the Interface-Identifier IPv6CP option [11] has been
      successfully negotiated, this Attribute MUST be included in an
      Access-Request packet as a hint by the NAS to the server that it
      would prefer that value.  It is recommended, but not required,
Show full document text