IEEE 802.1X Remote Authentication Dial In User Service (RADIUS) Usage Guidelines
RFC 3580
Document | Type |
RFC - Informational
(September 2003; Errata)
Updated by RFC 7268
|
|
---|---|---|---|
Authors | Andrew Smith , Glen Zorn , John Roese , Bernard Aboba , Paul Congdon | ||
Last updated | 2020-01-21 | ||
Stream | ISE | ||
Formats | plain text html pdf htmlized with errata bibtex | ||
Stream | ISE state | (None) | |
Consensus Boilerplate | Unknown | ||
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 3580 (Informational) | |
Action Holders |
(None)
|
||
Telechat date | |||
Responsible AD | Randy Bush | ||
Send notices to | <paulcongon@hp.com> |
Network Working Group P. Congdon Request for Comments: 3580 Hewlett Packard Company Category: Informational B. Aboba Microsoft A. Smith Trapeze Networks G. Zorn Cisco Systems J. Roese Enterasys September 2003 IEEE 802.1X Remote Authentication Dial In User Service (RADIUS) Usage Guidelines Status of this Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2003). All Rights Reserved. Abstract This document provides suggestions on Remote Authentication Dial In User Service (RADIUS) usage by IEEE 802.1X Authenticators. The material in this document is also included within a non-normative Appendix within the IEEE 802.1X specification, and is being presented as an IETF RFC for informational purposes. Congdon, et al. Informational [Page 1] RFC 3580 IEEE 802.1X RADIUS September 2003 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Terminology. . . . . . . . . . . . . . . . . . . . . . . 3 1.2. Requirements Language. . . . . . . . . . . . . . . . . . 4 2. RADIUS Accounting Attributes . . . . . . . . . . . . . . . . . 5 2.1. Acct-Terminate-Cause . . . . . . . . . . . . . . . . . . 5 2.2. Acct-Multi-Session-Id. . . . . . . . . . . . . . . . . . 6 2.3. Acct-Link-Count. . . . . . . . . . . . . . . . . . . . . 7 3. RADIUS Authentication. . . . . . . . . . . . . . . . . . . . . 7 3.1. User-Name. . . . . . . . . . . . . . . . . . . . . . . . 8 3.2. User-Password, CHAP-Password, CHAP-Challenge . . . . . . 8 3.3. NAS-IP-Address, NAS-IPv6-Address . . . . . . . . . . . . 8 3.4. NAS-Port . . . . . . . . . . . . . . . . . . . . . . . . 8 3.5. Service-Type . . . . . . . . . . . . . . . . . . . . . . 8 3.6. Framed-Protocol. . . . . . . . . . . . . . . . . . . . . 9 3.7. Framed-IP-Address, Framed-IP-Netmask . . . . . . . . . . 9 3.8. Framed-Routing . . . . . . . . . . . . . . . . . . . . . 9 3.9. Filter-ID. . . . . . . . . . . . . . . . . . . . . . . . 9 3.10. Framed-MTU . . . . . . . . . . . . . . . . . . . . . . . 9 3.11. Framed-Compression . . . . . . . . . . . . . . . . . . . 10 3.12. Displayable Messages . . . . . . . . . . . . . . . . . . 10 3.13. Callback-Number, Callback-ID . . . . . . . . . . . . . . 10 3.14. Framed-Route, Framed-IPv6-Route. . . . . . . . . . . . . 11 3.15. State, Class, Proxy-State. . . . . . . . . . . . . . . . 11 3.16. Vendor-Specific. . . . . . . . . . . . . . . . . . . . . 11 3.17. Session-Timeout. . . . . . . . . . . . . . . . . . . . . 11 3.18. Idle-Timeout . . . . . . . . . . . . . . . . . . . . . . 12 3.19. Termination-Action . . . . . . . . . . . . . . . . . . . 12 3.20. Called-Station-Id. . . . . . . . . . . . . . . . . . . . 12 3.21. Calling-Station-Id . . . . . . . . . . . . . . . . . . . 12 3.22. NAS-Identifier . . . . . . . . . . . . . . . . . . . . . 12 3.23. NAS-Port-Type. . . . . . . . . . . . . . . . . . . . . . 12 3.24. Port-Limit . . . . . . . . . . . . . . . . . . . . . . . 13 3.25. Password-Retry . . . . . . . . . . . . . . . . . . . . . 13 3.26. Connect-Info . . . . . . . . . . . . . . . . . . . . . . 13 3.27. EAP-Message. . . . . . . . . . . . . . . . . . . . . . . 13 3.28. Message-Authenticator. . . . . . . . . . . . . . . . . . 13 3.29. NAS-Port-Id. . . . . . . . . . . . . . . . . . . . . . . 13 3.30. Framed-Pool, Framed-IPv6-Pool. . . . . . . . . . . . . . 14 3.31. Tunnel Attributes. . . . . . . . . . . . . . . . . . . . 14 4. RC4 EAPOL-Key Descriptor . . . . . . . . . . . . . . . . . . . 15 5. Security Considerations. . . . . . . . . . . . . . . . . . . . 18 5.1. Packet Modification or Forgery . . . . . . . . . . . . . 18 5.2. Dictionary Attacks . . . . . . . . . . . . . . . . . . . 19 5.3. Known Plaintext Attacks. . . . . . . . . . . . . . . . . 19 5.4. Replay . . . . . . . . . . . . . . . . . . . . . . . . . 20Show full document text