RADIUS Attributes for Virtual LAN and Priority Support
RFC 4675
Document | Type | RFC - Proposed Standard (September 2006; Errata) | |
---|---|---|---|
Authors | Bernard Aboba , Paul Congdon , Mauricio Sanchez | ||
Last updated | 2015-10-14 | ||
Stream | Internent Engineering Task Force (IETF) | ||
Formats | plain text html pdf htmlized (tools) htmlized bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 4675 (Proposed Standard) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | David Kessens | ||
Send notices to | (None) |
Network Working Group P. Congdon Request for Comments: 4675 M. Sanchez Category: Standards Track Hewlett-Packard Company B. Aboba Microsoft Corporation September 2006 RADIUS Attributes for Virtual LAN and Priority Support Status of This Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2006). Abstract This document proposes additional Remote Authentication Dial-In User Service (RADIUS) attributes for dynamic Virtual LAN assignment and prioritization, for use in provisioning of access to IEEE 802 local area networks. These attributes are usable within either RADIUS or Diameter. Congdon, et al. Standards Track [Page 1] RFC 4675 VLAN and Priority Attributes September 2006 Table of Contents 1. Introduction ....................................................3 1.1. Terminology ................................................3 1.2. Requirements Language ......................................3 1.3. Attribute Interpretation ...................................3 2. Attributes ......................................................4 2.1. Egress-VLANID ..............................................4 2.2. Ingress-Filters ............................................6 2.3. Egress-VLAN-Name ...........................................7 2.4. User-Priority-Table ........................................8 3. Table of Attributes ............................................10 4. Diameter Considerations ........................................10 5. IANA Considerations ............................................11 6. Security Considerations ........................................11 7. References .....................................................12 7.1. Normative References ......................................12 7.2. Informative References ....................................13 8. Acknowledgements ...............................................13 Congdon, et al. Standards Track [Page 2] RFC 4675 VLAN and Priority Attributes September 2006 1. Introduction This document describes Virtual LAN (VLAN) and re-prioritization attributes that may prove useful for provisioning of access to IEEE 802 local area networks [IEEE-802] with the Remote Authentication Dial-In User Service (RADIUS) or Diameter. While [RFC3580] enables support for VLAN assignment based on the tunnel attributes defined in [RFC2868], it does not provide support for a more complete set of VLAN functionality as defined by [IEEE-802.1Q]. The attributes defined in this document provide support within RADIUS and Diameter analogous to the management variables supported in [IEEE-802.1Q] and MIB objects defined in [RFC4363]. In addition, this document enables support for a wider range of [IEEE-802.1X] configurations. 1.1. Terminology This document uses the following terms: Network Access Server (NAS) A device that provides an access service for a user to a network. Also known as a RADIUS client. RADIUS server A RADIUS authentication server is an entity that provides an authentication service to a NAS. RADIUS proxy A RADIUS proxy acts as an authentication server to the NAS, and a RADIUS client to the RADIUS server. 1.2. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 1.3. Attribute Interpretation The attributes described in this document apply to a single instance of a NAS port, or more specifically an IEEE 802.1Q bridge port. [IEEE-802.1Q], [IEEE-802.1D], and [IEEE-802.1X] do not recognize finer management granularity than "per port". In some cases, such as with IEEE 802.11 wireless LANs, the concept of a "virtual port" is used in place of the physical port. Such virtual ports are typically based on security associations and scoped by station, or Media Access Control (MAC) address. Congdon, et al. Standards Track [Page 3] RFC 4675 VLAN and Priority Attributes September 2006Show full document text