User's Guide
What It Is
What's New
Key Features List
ClearBox Enterprise vs ClearBox
System Requirements
Purchasing Licenses
Getting Started
Quick Start
Understanding Server Components
Managing User Accounts
Configuring RADIUS Realms
Realm Settings
Realm Rules
Dynamic Realm Rules
Authentication Protocols Compatibility
Logging Authentication Packets
Logging Discarded Requests
Account Log Files
Realm Settings
Configuring SQL Queries
Private RADIUS Attributes
Regular Expressions Syntax
RADIUS Clients
RADIUS Client Settings
Dynamic Clients Settings
SQL Data Sources
SQL Data Source Settings
LDAP Servers
LDAP Server Settings
Remote RADIUS Servers
Remote RADIUS Server Settings
State Servers
State Server Settings
Meta Configuration
Meta Configuration
Meta Configuration Settings
Meta Base Schema
TLS Settings
Creating SSL Certificates
Creating Server Sertificate
Requesting Server Certificate
Creating Client Certificates
Revoking a Certificate or Renewing CRL
Exporting CA Certificate
Issuing a Certificate in Active Directory CA
Remote Configuration
Advanced ISP Billing Integration
DTH Billing Integration
Platypus Billing System Intergration
OnDO SIP Server Integration
How Do I...
Wi-Fi Security
Wireless Authentication
Wi-Fi and RADIUS
Supported EAP Authentication Types
Security Considerations
10 Tips for Wireless Network Security
Administering the Server
Debug Logs
Using Client Tool
List of Server Errors
Maintaining RADIUS Dictionary
Basic Concepts
Wireless Authentication
Authentication Protocols
RADIUS Attributes
Example of RADIUS Packet Transactions
List of Standard RADIUS Attributes
Technical Support
Purchasing Licenses

ClearBox Enterprise Server 2.0 Online Manual
Prev Page Next Page
ClearBox Enterprise Serverâ„¢ 2.0. User's Guide

RADIUS Attributes

Attribute Values

The value of each RADIUS attribute has a well-defined data type.

ClearBox Server distinguishes five basic value types that may be a number (possibly with a set of named values), binary or text string, IP or IPX address, date/time.
For example, Callback-Number is of string type and contains a telephone number. NAS-Port-Type is an integer item, and its numeric values have alises 'Sync', 'Async', and so forth. Some attributes may have Tag field to provide a means of grouping attributes in the same packet.

Further information on this page is about RADIUS authorization.

Vendor-Specific Attributes

In addition to IETF-specified standard attributes, the RFC allowed for vendors to create their own, for specific authentication and accounting settings for their own equipment. This is managed using attribute number 26 - any packet with this attribute ID will have another AV pair nested within it, that will mean something to the RADIUS client and server in use, although not every RADIUS implementation may understand it.

Examples of these Vendor Specific Attributes (VSAs) include the Bay-Primary-DNS-Server (the value is an IP address) for Nortel equipment, the Microsoft MS-MPPE-Encryption-Type (an integer) or Cisco's CVPN3000-IPSec-Sec-Association (a string) - there are numerous more.

Sadly, RFC 2865 doesn't require the contents of the RADIUS vendor- specific attribute to contain the same fields as normal attributes have to specify their attribute ID and length. This has led to varieties like 2- and 4-octet attribute numbers, length specifications that don't include the attribute- and length fields, multiple vendor attributes inside one encapsulating attribute 26, etc. Luckily, ClearBox Server can receive and send all these types of attributes.

Multi-valued Attributes

Attributes may be single- or multi-valued; in other words, certain attributes may appear at most once in the Check list or Response list, while others may appear multiple times. (Read more about Check lists and Response lists.)

If an attribute appears more than once in the Check list, this means that any of the values is valid. For example, ClearBox may be configured to include both Sync and Async values for attribute NAS-Port-Type in the Check list. This means that the user can dial into a Sync port or an Async port, but not into one of the ISDN ports.

If an attribute appears more than once in the Response list, this results in each value of the attribute being sent as part of the response packet. For example, to enable both IP and IPX header compression for a user, the Framed-Compression attribute should appear twice in the Response list; once with the value 'VJ-TCP-IP-header-compression' and once with the value 'IPX-header-compression'.

Orderable Attributes

Certain multi-valued Response list attributes are also orderable; that is, the attribute may appear more than once in a RADIUS response, and the order in which the attributes appear is important.

For example, the Reply-Message attribute allows text messages to be sent back to the user for display. A multi-line message is sent by including this attribute multiple times in the Response list, with each line of the message in its proper sequence.

RADIUS Attributes Reference

List of standard RADIUS attributes can be found here.

© 2001-2007 XPerience Technologies.
Converted from CHM to HTML with chm2web Pro 2.7 (unicode)