Radius

Este guia atua como uma declaração de conformidade da implementação do protocolo para o protocolo Radius.
Categoria:

Tópicos neste documento:

Protocolo RADIUS

Esta seção fornece informações sobre como o AAA Gateway mapeia as mensagens de controle de acesso RADIUS para o protocolo RADIUS definido no RFC-2865 e RFC-2869.

Conformidade da Seção

A Tabela 1-1 abaixo lista as informações de conformidade para as seções do protocolo RADIUS no RFC-2865.

Tabela 1-1: RFC-2865 Section Compliance

Número da SeçãoSeçãoStatusNotas
1IntroductionNot applicable-
1.1Specification of RequirementsNot applicable-
1.2TerminologyNot applicable-
2OperationPartially supported-
2.1Challenge/ResponseSupported-
2.2Interoperation with PAP and CHAPNot supported-
2.3ProxyNot applicable-
2.4Why UDP?Not applicable-
2.5Retransmission HintsSupported-
2.6Keep-Alives Considered HarmfulSupported-
3Packet FormatSupported-
4Packet TypesSupported-
4.1Access-RequestSupported-
4.2Access-AcceptSupported-
4.3Access-RejectSupported-
4.4Access-ChallengeSupported-
5AttributesSupported-
5.1User-NameSupported-
5.2User-PasswordSupported-
5.3CHAP-PasswordSupported-
5.4NAS-IP-AddressSupported-
5.5NAS-PortSupported-
5.6Service-TypeSupported-
5.7Framed-ProtocolSupported-
5.8Framed-IP-AddressSupported-
5.9Framed-IP-NetmaskSupported-
5.10Framed-RoutingSupported-
5.11Filter-IdSupported-
5.12Framed-MTUSupported-
5.13Framed-CompressionSupported-
5.14Login-IP-HostSupported-
5.15Login-ServiceSupported-
5.16Login-TCP-PortSupported-
5.17(unassigned)Supported-
5.18Reply-MessageSupported-
5.19Callback-NumberSupported-
5.20Callback-IdSupported-
5.21(unassigned)Supported-
5.22Framed-RouteSupported-
5.23Framed-IPX-NetworkSupported-
5.24StateSupported-
5.25ClassSupported-
5.26Vendor-SpecificSupported-
5.27Session-TimeoutSupported-
5.28Idle-TimeoutSupported-
5.29Termination-ActionSupported-
5.30Called-Station-IdSupported-
5.31Calling-Station-IdSupported-
5.32NAS-IdentifierSupported-
5.33Proxy-StateSupported-
5.34Login-LAT-ServiceSupported-
5.35Login-LAT-NodeSupported-
5.36Login-LAT-GroupSupported-
5.37Framed-AppleTalk-LinkSupported-
5.38Framed-AppleTalk-NetworkSupported-
5.39Framed-AppleTalk-ZoneSupported-
5.40CHAP-ChallengeSupported-
5.41NAS-Port-TypeSupported-
5.42Port-LimitSupported-
5.43Login-LAT-PortSupported-
5.44Table of AttributesSupported-
6IANA ConsiderationsNo requirement-
6.1Definition of TermsNo requirement-
6.2Recommended Registration PoliciesNo requirement-
7ExamplesSupported-
7.1User Telnet to Specified HostSupported-
7.2Framed User Authenticating with CHAPSupported-
7.3User with Challenge-Response cardNot supported-
8Security ConsiderationsNot supported-
9Change LogNo requirement-
10ReferencesNo requirement-
11AcknowledgementsNo requirement-
12Chair’s AddressNo requirement-
13Authors’ AddressesNo requirement-
14Full Copyright StatementNo requirement-

A Tabela 1-2 a seguir fornece uma lista das informações de conformidade para as seções do protocolo RADIUS no RFC-2869.

Tabela 1-2: RFC-2869 Section Compliance

Número da SeçãoSeçãoStatusNotas
1IntroductionNot applicable-
1.1Specification of RequirementsNot applicable-
1.2TerminologyNot applicable-
2OperationPartially supported-
2.1RADIUS support for Interim Accounting UpdatesNot supported-
2.2RADIUS support for Apple Remote Access ProtocolNot supported-
2.3RADIUS Support for Extensible Authentication Protocol (EAP)Supported-
2.3.1Protocol OverviewSupported-
2.3.2RetransmissionSupported-
2.3.3FragmentationNot supported-
2.3.4ExamplesSupported-
2.3.5Alternative UsesSupported-
3Packet FormatSupported-
4Packet TypesSupported-
5AttributesPartially supported-
5.1Acct-Input-GigawordsNot supported-
5.2Acct-Output-GigawordsNot supported-
5.3Event-TimestampNot supported-
5.4ARAP-PasswordNot supported-
5.5ARAP-FeaturesNot supported-
5.6ARAP-Zone-AccessNot supported-
5.7ARAP-SecurityNot supported-
5.8ARAP-Security-DataNot supported-
5.9Password-RetryNot supported-
5.10PromptNot supported-
5.11Connect-InfoNot supported-
5.12Configuration-TokenNot supported-
5.13EAP-MessageSupported-
5.14Message-AuthenticatorSupported-
5.15ARAP-Challenge-ResponseNot supported-
5.16Acct-Interim-IntervalNot supported-
5.17NAS-Port-IdSupported-
5.18Framed-PoolNot supported-
5.19Table of AttributesNot supported-
6IANA ConsiderationsNo requirement-
7Security ConsiderationsSupported-
7.1Message-Authenticator SecuritySupported-
7.2EAP SecuritySupported-
7.2.1Separation of EAP server and PPP authenticatorNot supported-
7.2.2Connection hijackingNot supported-
7.2.3Man in the middle attacksNot supported-
7.2.4Multiple databasesNot supported-
7.2.5Negotiation attacksNot supported-
8ReferencesNo requirement-
9AcknowledgementsNo requirement-
10Chair’s AddressNo requirement-
11Authors’ AddressesNo requirement-
12Full Copyright StatementNo requirement-

AVPs de Access-Request

Aqui está a Tabela 1-3 com as informações de conformidade para pares atributo-valor (AVPs) de Access-Request.

Tabela 1-3: Access-Request AVPs

RADIUS AVPStatusNotas
User-NameSupported-
User-PasswordSupported-
CHAP-PasswordSupported-
CHAP-ChallengeSupported-
NAS-IP-AddressSupported-
NAS-PortSupported-
NAS-Port-TypeSupported-
NAS-IdentifierSupported-
Service-TypeSupported-
Framed-ProtocolSupported-
Framed-IP-AddressSupported-
Framed-IP-NetmaskSupported-
Framed-MTUSupported-
Framed-CompressionSupported-
Login-IP-HostSupported-
Callback-NumberSupported-
Called-Station-IdSupported-
Calling-Station-IdSupported-
StateSupported-
Proxy-StateSupported-
Login-LAT-ServiceSupported-
Login-LAT-NodeSupported-
Login-LAT-GroupSupported-
Login-LAT-PortSupported-
Vendor-SpecificSupported-
EAP-MessageSupported-
Message-AuthenticatorSupported-

AVPs de Access-Accept

Abaixo estão as informações de conformidade para AVPs de Access-Accept.

Tabela 1-4: Access-Accept AVPs

RADIUS AVPStatusNotas
User-NameSupported-
Service-TypeSupported-
Framed-ProtocolSupported-
Framed-IP-AddressSupported-
Framed-IP-NetmaskSupported-
Framed-RoutingSupported-
Framed-RouteSupported-
Framed-IPX-NetworkSupported-
Framed-AppleTalk-LinkSupported-
Framed-AppleTalk-NetworkSupported-
Framed-AppleTalk-ZoneSupported-
Filter-IdSupported-
Framed-MTUSupported-
Framed-CompressionSupported-
Login-IP-HostSupported-
Login-ServiceSupported-
Login-TCP-PortSupported-
Reply-MessageSupported-
Callback-NumberSupported-
Callback-IdSupported-
ClassSupported-
Session-TimeoutSupported-
Idle-TimeoutSupported-
Termination-ActionSupported-
StateSupported-
Proxy-StateSupported-
Login-LAT-ServiceSupported-
Login-LAT-NodeSupported-
Login-LAT-GroupSupported-
Login-LAT-PortSupported-
Port-LimitSupported-
Vendor-SpecificSupported-
Acct-Session-IdSupported-
EAP-MessageSupported-
Message-AuthenticatorSupported-

AVPs de Access-Reject

A Tabela 1-5 tem uma lista das informações de conformidade para AVPs de Access-Reject.

Tabela 1-5: Access-Reject AVPs

RADIUS AVPStatusNotas
User-NameSupported-
Reply-MessageSupported-
ClassSupported-
Proxy-StateSupported-
Vendor-SpecificSupported-
Acct-Session-IdSupported-
EAP-MessageSupported-
Message-AuthenticatorSupported-

AVPs de Access-Challenge

A Tabela 1-6 contém as informações de conformidade para AVPs de Access-Challenge.

Tabela 1-6: Access-Challenge AVPs

RADIUS AVPStatusNotas
Reply-MessageSupported-
Session-TimeoutSupported-
Idle-TimeoutSupported-
StateSupported-
Proxy-StateSupported-
Vendor-SpecificSupported-
EAP-MessageSupported-
Message-AuthenticatorSupported-

Protocolo de Contabilização RADIUS

Esta seção fornece detalhes sobre como o AAA Gateway mapeia as mensagens de contabilização RADIUS para o protocolo RADIUS definido no RFC-2866.

Conformidade da Seção

Abaixo está uma lista das informações de conformidade para as seções do protocolo de Contabilização RADIUS no RFC-2866.

Tabela 2-1: RFC-2866 Section Compliance

Número da SeçãoSeçãoStatusNotas
1IntroductionNot applicable-
1.1Specification of RequirementNot applicable-
1.2TerminologyNot applicable-
2OperationSupported-
2.1ProxyNot supported-
3Packet FormatSupported-
4Packet TypesSupported-
4.1Accounting-RequestSupported-
4.2Accounting-ResponseSupported-
5AttributesSupported-
5.1Acct-Status-TypeSupported-
5.2Acct-Delay-TimeSupported-
5.3Acct-Input-OctetsSupported-
5.4Acct-Output-OctetsSupported-
5.5Acct-Session-IdSupported-
5.6Acct-AuthenticSupported-
5.7Acct-Session-TimeSupported-
5.8Acct-Input-PacketsSupported-
5.9Acct-Output-PacketsSupported-
5.10Acct-Terminate-CauseSupported-
5.11Acct-Multi-Session-IdSupported-
5.12Acct-Link-CountSupported-
5.13Table of AttributesSupported-
6IANA ConsiderationsSupported-
7Security ConsiderationsSupported-
8Change LogNot applicable-
9ReferencesNo Requirement-
10AcknowledgementsNo requirement-

AVPs de Accounting-Request

A tabela a seguir contém a descrição de como o ECE suporta pares atributo-valor (AVPs) de Accounting-Request.

Tabela 2-2: Accounting-Request AVPs

RADIUS Accounting AVPStatusNotas
User-NameSupportedEste é um AVP obrigatório.
NAS-IP-AddressSupportedEste é um AVP obrigatório.
NAS-IdentifierSupportedEste é um AVP obrigatório.
NAS-Port-TypeSupported-
ClassSupported-
Service-TypeSupported-
Framed-ProtocolSupported-
Framed-IP-AddressSupported-
Framed-IP-NetmaskSupported-
Framed-MTUSupported-
Framed-CompressionSupported-
Login-IP-HostSupported-
Callback-NumberSupported-
Called-Station-IdSupported-
Calling-Station-IdSupported-
Proxy-StateSupported-
Login-LAT-ServiceSupported-
Login-LAT-NodeSupported-
Login-LAT-GroupSupported-
Login-LAT-PortSupported-
CHAP-ChallengeSupported-
Acct-Status-TypeSupportedEste é um AVP obrigatório.
Acct-Delay-TimeSupported-
Acct-Input-OctetsSupported-
Acct-Output-OctetsSupported-
Acct-Session-IdSupportedEste é um AVP obrigatório.
Acct-AuthenticSupported-
Acct-Session-TimeSupported-
Acct-Input-PacketsSupported-
Acct-Output-PacketsSupported-
Acct-Terminate-CauseSupported-
Acct-Multi-Session-IdSupported-
Acct-Link-CountSupported-
Vendor-SpecificSupported-

AVPs de Accounting-Response

A mensagem Accounting-Response não possui AVPs.

Protocolo de Desconexão RADIUS

Esta seção descreve como o AAA Gateway mapeia as mensagens de desconexão RADIUS para o protocolo RADIUS definido no RFC-3576.

Conformidade da Seção

Abaixo estão as informações de conformidade para as seções do protocolo de Desconexão RADIUS no RFC-3576.

Tabela 3-1: RFC-3576 Section Compliance

Número da SeçãoSeçãoStatusNotas
1Introduction--
1.1Applicability--
1.2Requirements Language--
1.3Terminology--
2Overview--
2.1Disconnect Messages (DM)--
2.2Change-of-Authorization Messages (CoA)--
2.3Packet Format--
3Attributes--
3.1Error-Cause--
3.2Table of Attributes--
4IANA Considerations--
5Security Considerations--
5.1Authorization Issues--
5.2Impersonation--
5.3IPsec Usage Guidelines--
5.4Replay Protection--
6Example Traces--
7References--
7.1Normative References--
7.2Informative References--
8Intellectual Property Statement--
9Acknowledgements--
10Author’s Addresses--
11Full Copyright Statement--

AVPs de Disconnect-Request

A Tabela 3-2 a seguir lista as informações de conformidade para pares atributo-valor (AVPs) de Disconnect-Request.

Tabela 3-2: Disconnect-Request AVPs

RADIUS AVPStatusNotas
User-NameSupported-
User-PasswordSupported-
CHAP-PasswordSupported-
CHAP-ChallengeSupported-
NAS-IP-AddressSupported-
NAS-PortSupported-
NAS-Port-TypeSupported-
NAS-IdentifierSupported-
Service-TypeSupported-
Framed-ProtocolSupported-
Framed-IP-AddressSupported-
Framed-IP-NetmaskSupported-
Framed-MTUSupported-
Framed-CompressionSupported-
Login-IP-HostSupported-
Callback-NumberSupported-
Called-Station-IdSupported-
Calling-Station-IdSupported-
StateSupported-
Proxy-StateSupported-
Login-LAT-ServiceSupported-
Login-LAT-NodeSupported-
Login-LAT-GroupSupported-
Login-LAT-PortSupported-
Vendor-SpecificSupported-
EAP-MessageSupported-
Message-AuthenticatorSupported-

AVPs de Disconnect-Response

A mensagem Disconnect-Response não possui AVPs.

Anterior
5G CHF
Próximo
FAQs