RADIUS and IPv6
RFC 3162
Document | Type |
RFC - Proposed Standard
(August 2001; Errata)
Updated by RFC 8044
Was draft-aboba-radius-ipv6 (individual)
|
|
---|---|---|---|
Authors | Glen Zorn , David Mitton , Bernard Aboba | ||
Last updated | 2013-03-02 | ||
Stream | Legacy | ||
Formats | plain text html pdf htmlized bibtex | ||
Stream | Legacy state | (None) | |
Consensus Boilerplate | Unknown | ||
RFC Editor Note | (None) | ||
IESG | IESG state | RFC 3162 (Proposed Standard) | |
Telechat date | |||
Responsible AD | (None) | ||
Send notices to | (None) |
Network Working Group B. Aboba Request for Comments: 3162 Microsoft Category: Standards Track G. Zorn Cisco Systems D. Mitton Circular Logic UnLtd. August 2001 RADIUS and IPv6 Status of this Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2001). All Rights Reserved. Abstract This document specifies the operation of RADIUS (Remote Authentication Dial In User Service) when run over IPv6 as well as the RADIUS attributes used to support IPv6 network access. 1. Introduction This document specifies the operation of RADIUS [4]-[8] over IPv6 [13] as well as the RADIUS attributes used to support IPv6 network access. Note that a NAS sending a RADIUS Access-Request may not know a-priori whether the host will be using IPv4, IPv6, or both. For example, within PPP, IPv6CP [11] occurs after LCP, so that address assignment will not occur until after RADIUS authentication and authorization has completed. Therefore it is presumed that the IPv6 attributes described in this document MAY be sent along with IPv4-related attributes within the same RADIUS message and that the NAS will decide which attributes to use. The NAS SHOULD only allocate addresses and prefixes that the client can actually use, however. For example, there is no need for Aboba, et al. Standards Track [Page 1] RFC 3162 RADIUS and IPv6 August 2001 the NAS to reserve use of an IPv4 address for a host that only supports IPv6; similarly, a host only using IPv4 or 6to4 [12] does not require allocation of an IPv6 prefix. The NAS can provide IPv6 access natively, or alternatively, via other methods such as IPv6 within IPv4 tunnels [15] or 6over4 [14]. The choice of method for providing IPv6 access has no effect on RADIUS usage per se, although if it is desired that an IPv6 within IPv4 tunnel be opened to a particular location, then tunnel attributes should be utilized, as described in [6], [7]. 1.1. Requirements language In this document, the key words "MAY", "MUST, "MUST NOT", "optional", "recommended", "SHOULD", and "SHOULD NOT", are to be interpreted as described in [1]. 2. Attributes 2.1. NAS-IPv6-Address Description This Attribute indicates the identifying IPv6 Address of the NAS which is requesting authentication of the user, and SHOULD be unique to the NAS within the scope of the RADIUS server. NAS- IPv6-Address is only used in Access-Request packets. NAS-IPv6- Address and/or NAS-IP-Address MAY be present in an Access-Request packet; however, if neither attribute is present then NAS- Identifier MUST be present. A summary of the NAS-IPv6-Address Attribute format is shown below. The fields are transmitted from left to right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Address +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Address +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Address +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Address +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Aboba, et al. Standards Track [Page 2] RFC 3162 RADIUS and IPv6 August 2001 Type 95 for NAS-IPv6-Address Length 18 Address The Address field is 16 octets. 3.2. Framed-Interface-Id Description This Attribute indicates the IPv6 interface identifier to be configured for the user. It MAY be used in Access-Accept packets. If the Interface-Identifier IPv6CP option [11] has been successfully negotiated, this Attribute MUST be included in an Access-Request packet as a hint by the NAS to the server that it would prefer that value. It is recommended, but not required,Show full document text