[x]

 > RADIUS attributes

 

 Next

RADIUS attributes

Commonly used standard RADIUS attributes

No.

Attribute

Description

1

User-Name

Name of the user to be authenticated.

2

User-Password

User password for PAP authentication, only present in Access-Request packets when PAP authentication is used.

3

CHAP-Password

Digest of the user password for CHAP authentication, only present in Access-Request packets when CHAP authentication is used.

4

NAS-IP-Address

IP address for the server to use to identify the client. Typically, a client is identified by the IP address of its access interface. This attribute is only present in Access-Request packets.

5

NAS-Port

Physical port of the NAS that the user accesses.

6

Service-Type

Type of service that the user has requested or type of service to be provided.

7

Framed-Protocol

Encapsulation protocol for framed access.

8

Framed-IP-Address

IP address assigned to the user.

11

Filter-ID

Name of the filter list.

12

Framed-MTU

MTU for the data link between the user and NAS. For example, with 802.1X EAP authentication, NAS uses this attribute to notify the server of the MTU for EAP packets to avoid oversized EAP packets.

14

Login-IP-Host

IP address of the NAS interface that the user accesses.

15

Login-Service

Type of the service that the user uses for login.

18

Reply-Message

Text to be displayed to the user, which can be used by the server to communicate information, for example, the reason of the authentication failure.

26

Vendor-Specific

Vendor-specific proprietary attribute. A packet can contain one or more proprietary attributes, each of which can contain one or more subattributes.

27

Session-Timeout

Maximum service duration for the user before termination of the session.

28

Idle-Timeout

Maximum idle time permitted for the user before termination of the session.

31

Calling-Station-Id

User identification that the NAS sends to the server. For the LAN access service provided by an HPE device, this attribute includes the MAC address of the user in the format HH-HH-HH-HH-HH-HH.

32

NAS-Identifier

Identification that the NAS uses to identify itself to the RADIUS server.

40

Acct-Status-Type

Type of the Accounting-Request packet. Possible values include:

  • 1—Start.

  • 2—Stop.

  • 3—Interim-Update.

  • 4—Reset-Charge.

  • 7—Accounting-On. (Defined in the 3rd Generation Partnership Project.)

  • 8—Accounting-Off. (Defined in the 3rd Generation Partnership Project.)

  • 9 to 14—Reserved for tunnel accounting.

  • 15—Reserved for failed.

45

Acct-Authentic

Authentication method used by the user. Possible values include:

  • 1—RADIUS.

  • 2—Local.

  • 3—Remote.

60

CHAP-Challenge

CHAP challenge generated by the NAS for MD5 calculation during CHAP authentication.

61

NAS-Port-Type

Type of the physical port of the NAS that is authenticating the user. Possible values include:

  • 15—Ethernet.

  • 16—Any type of ADSL.

  • 17—Cable. (With cable for cable TV.)

  • 19—WLAN-IEEE 802.11.

  • 201—VLAN.

  • 202—ATM.

If the port is an ATM or Ethernet one and VLANs are implemented on it, the value of this attribute is 201.

79

EAP-Message

Used to encapsulate EAP packets to allow RADIUS to support EAP authentication.

80

Message-Authenticator

Used for authentication and verification of authentication packets to prevent spoofing Access-Requests. This attribute is present when EAP authentication is used.

87

NAS-Port-Id

String for describing the port of the NAS that is authenticating the user.

HPE proprietary RADIUS subattributes

No.

Subattribute

Description

1

Input-Peak-Rate

Peak rate in the direction from the user to the NAS, in bps.

2

Input-Average-Rate

Average rate in the direction from the user to the NAS, in bps.

3

Input-Basic-Rate

Basic rate in the direction from the user to the NAS, in bps.

4

Output-Peak-Rate

Peak rate in the direction from the NAS to the user, in bps.

5

Output-Average-Rate

Average rate in the direction from the NAS to the user, in bps.

6

Output-Basic-Rate

Basic rate in the direction from the NAS to the user, in bps.

15

Remanent_Volume

Total amount of data available for the connection, in different units for different server types.

20

Command

Operation for the session, used for session control. Possible values include:

  • 1—Trigger-Request.

  • 2—Terminate-Request.

  • 3—SetPolicy.

  • 4—Result.

  • 5—PortalClear.

24

Control_Identifier

Identification for retransmitted packets. For retransmitted packets from the same session, this attribute must be the same value. For retransmitted packets from different sessions, this attribute does not have to be the same value. The client response of a retransmitted packet must also include this attribute and the value of this attribute must be the same.

For Accounting-Request packets of the start, stop, and interim update types, the Control_Identifier attribute does not take effect.

25

Result_Code

Result of the Trigger-Request or SetPolicy operation, zero for success and any other value for failure.

26

Connect_ID

Index of the user connection.

28

Ftp_Directory

FTP, SFTP, or SCP user working directory.

When the RADIUS client acts as the FTP, SFTP, or SCP server, this attribute is used to set the working directory for an FTP, SFTP, or SCP user on the RADIUS client.

29

Exec_Privilege

EXEC user priority.

59

NAS_Startup_Timestamp

Startup time of the NAS in seconds, which is represented by the time elapsed after 00:00:00 on Jan. 1, 1970 (UTC).

60

Ip_Host_Addr

User IP address and MAC address included in authentication and accounting requests, in the format A.B.C.D hh:hh:hh:hh:hh:hh. A space is required between the IP address and the MAC address.

61

User_Notify

Information that must be sent from the server to the client transparently.

62

User_HeartBeat

Hash value assigned after an 802.1X user passes authentication, which is a 32-byte string. This attribute is stored in the user list on the NAS and verifies the handshake packets from the 802.1X user. This attribute only exists in Access-Accept and Accounting-Request packets.

140

User_Group

User groups assigned after the SSL VPN user passes authentication. A user can belong to multiple user groups that are separated by semicolons. This attribute is used to work with the SSL VPN device.

141

Security_Level

Security level assigned after the SSL VPN user passes security authentication.

201

Input-Interval-Octets

Number of bytes input within a realtime accounting interval.

202

Output-Interval-Octets

Number of bytes output within a realtime accounting interval.

203

Input-Interval-Packets

Number of packets input within an accounting interval in the unit set on the NAS.

204

Output-Interval-Packets

Number of packets output within an accounting interval in the unit set on the NAS.

205

Input-Interval-Gigawords

Amount of bytes input within an accounting interval, in units of 4G bytes.

206

Output-Interval-Gigawords

Amount of bytes output within an accounting interval, in units of 4G bytes.

207

Backup-NAS-IP

Backup source IP address for sending RADIUS packets.

255

Product_ID

Product name.

prev

 

up

 next

Protocols and standards 

home

 FIPS compliance

© Copyright 2015, 2017 Hewlett Packard Enterprise Development LP