RADIUS Attributes for Virtual LAN and Priority Support
RFC 4675
|
| Document |
Type |
|
RFC - Proposed Standard
(September 2006; Errata)
|
|
Last updated |
|
2015-10-14
|
|
Stream |
|
IETF
|
|
Formats |
|
plain text
html
pdf
htmlized
with errata
bibtex
|
| Stream |
WG state
|
|
(None)
|
|
Document shepherd |
|
No shepherd assigned
|
| IESG |
IESG state |
|
RFC 4675 (Proposed Standard)
|
|
Consensus Boilerplate |
|
Unknown
|
|
Telechat date |
|
|
|
Responsible AD |
|
David Kessens
|
|
Send notices to |
|
(None)
|
Network Working Group P. Congdon
Request for Comments: 4675 M. Sanchez
Category: Standards Track Hewlett-Packard Company
B. Aboba
Microsoft Corporation
September 2006
RADIUS Attributes for Virtual LAN and Priority Support
Status of This Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2006).
Abstract
This document proposes additional Remote Authentication Dial-In User
Service (RADIUS) attributes for dynamic Virtual LAN assignment and
prioritization, for use in provisioning of access to IEEE 802 local
area networks. These attributes are usable within either RADIUS or
Diameter.
Congdon, et al. Standards Track [Page 1]
RFC 4675 VLAN and Priority Attributes September 2006
Table of Contents
1. Introduction ....................................................3
1.1. Terminology ................................................3
1.2. Requirements Language ......................................3
1.3. Attribute Interpretation ...................................3
2. Attributes ......................................................4
2.1. Egress-VLANID ..............................................4
2.2. Ingress-Filters ............................................6
2.3. Egress-VLAN-Name ...........................................7
2.4. User-Priority-Table ........................................8
3. Table of Attributes ............................................10
4. Diameter Considerations ........................................10
5. IANA Considerations ............................................11
6. Security Considerations ........................................11
7. References .....................................................12
7.1. Normative References ......................................12
7.2. Informative References ....................................13
8. Acknowledgements ...............................................13
Congdon, et al. Standards Track [Page 2]
RFC 4675 VLAN and Priority Attributes September 2006
1. Introduction
This document describes Virtual LAN (VLAN) and re-prioritization
attributes that may prove useful for provisioning of access to IEEE
802 local area networks [IEEE-802] with the Remote Authentication
Dial-In User Service (RADIUS) or Diameter.
While [RFC3580] enables support for VLAN assignment based on the
tunnel attributes defined in [RFC2868], it does not provide support
for a more complete set of VLAN functionality as defined by
[IEEE-802.1Q]. The attributes defined in this document provide
support within RADIUS and Diameter analogous to the management
variables supported in [IEEE-802.1Q] and MIB objects defined in
[RFC4363]. In addition, this document enables support for a wider
range of [IEEE-802.1X] configurations.
1.1. Terminology
This document uses the following terms:
Network Access Server (NAS)
A device that provides an access service for a user to a
network. Also known as a RADIUS client.
RADIUS server
A RADIUS authentication server is an entity that provides an
authentication service to a NAS.
RADIUS proxy
A RADIUS proxy acts as an authentication server to the NAS, and
a RADIUS client to the RADIUS server.
1.2. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
1.3. Attribute Interpretation
The attributes described in this document apply to a single instance
of a NAS port, or more specifically an IEEE 802.1Q bridge port.
[IEEE-802.1Q], [IEEE-802.1D], and [IEEE-802.1X] do not recognize
finer management granularity than "per port". In some cases, such as
with IEEE 802.11 wireless LANs, the concept of a "virtual port" is
used in place of the physical port. Such virtual ports are typically
based on security associations and scoped by station, or Media Access
Control (MAC) address.
Congdon, et al. Standards Track [Page 3]
RFC 4675 VLAN and Priority Attributes September 2006
Show full document text