RADIUS Attributes for Virtual LAN and Priority Support
RFC 4675
Document Type RFC - Proposed Standard (September 2006; Errata)
Last updated 2015-10-14
Stream IETF
Formats plain text pdf html bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 4675 (Proposed Standard)
Consensus Boilerplate Unknown
Telechat date
Responsible AD David Kessens
Send notices to (None)
Email authors IPR References Referenced by Nits 
Network Working Group                                         P. Congdon
Request for Comments: 4675                                    M. Sanchez
Category: Standards Track                        Hewlett-Packard Company
                                                                B. Aboba
                                                   Microsoft Corporation
                                                          September 2006

         RADIUS Attributes for Virtual LAN and Priority Support

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2006).

Abstract

   This document proposes additional Remote Authentication Dial-In User
   Service (RADIUS) attributes for dynamic Virtual LAN assignment and
   prioritization, for use in provisioning of access to IEEE 802 local
   area networks.  These attributes are usable within either RADIUS or
   Diameter.

Congdon, et al.             Standards Track                     [Page 1]
RFC 4675              VLAN and Priority Attributes        September 2006

Table of Contents

   1. Introduction ....................................................3
      1.1. Terminology ................................................3
      1.2. Requirements Language ......................................3
      1.3. Attribute Interpretation ...................................3
   2. Attributes ......................................................4
      2.1. Egress-VLANID ..............................................4
      2.2. Ingress-Filters ............................................6
      2.3. Egress-VLAN-Name ...........................................7
      2.4. User-Priority-Table ........................................8
   3. Table of Attributes ............................................10
   4. Diameter Considerations ........................................10
   5. IANA Considerations ............................................11
   6. Security Considerations ........................................11
   7. References .....................................................12
      7.1. Normative References ......................................12
      7.2. Informative References ....................................13
   8. Acknowledgements ...............................................13

Congdon, et al.             Standards Track                     [Page 2]
RFC 4675              VLAN and Priority Attributes        September 2006

1.  Introduction

   This document describes Virtual LAN (VLAN) and re-prioritization
   attributes that may prove useful for provisioning of access to IEEE
   802 local area networks [IEEE-802] with the Remote Authentication
   Dial-In User Service (RADIUS) or Diameter.

   While [RFC3580] enables support for VLAN assignment based on the
   tunnel attributes defined in [RFC2868], it does not provide support
   for a more complete set of VLAN functionality as defined by
   [IEEE-802.1Q].  The attributes defined in this document provide
   support within RADIUS and Diameter analogous to the management
   variables supported in [IEEE-802.1Q] and MIB objects defined in
   [RFC4363].  In addition, this document enables support for a wider
   range of [IEEE-802.1X] configurations.

1.1.  Terminology

   This document uses the following terms:

   Network Access Server (NAS)
        A device that provides an access service for a user to a
        network.  Also known as a RADIUS client.

   RADIUS server
        A RADIUS authentication server is an entity that provides an
        authentication service to a NAS.

   RADIUS proxy
        A RADIUS proxy acts as an authentication server to the NAS, and
        a RADIUS client to the RADIUS server.

1.2.  Requirements Language

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

1.3.  Attribute Interpretation

   The attributes described in this document apply to a single instance
   of a NAS port, or more specifically an IEEE 802.1Q bridge port.
   [IEEE-802.1Q], [IEEE-802.1D], and [IEEE-802.1X] do not recognize
   finer management granularity than "per port".  In some cases, such as
Show full document text
ISOC IETF Trust RFC Editor IRTF IESG IETF IAB IASA & IAOC IETF Tools IANA