[Docs] [txt|pdf] [Tracker] [Email] [Diff1] [Diff2] [Nits]

Versions: 00 01 02

Network Working Group                                       Koral Ilgun
INTERNET-DRAFT                              ACC/Ericsson Datacom Access
Category: Internet Draft
Title: draft-ilgun-radius-accvsa-01.txt
Date: 18 December 1998
Expires: 18 June 1999





   RADIUS Vendor Specific Attributes for ACC/Ericsson Datacom Access




Status of this Memo

   This document is a submission to the RADIUS Working Group of the
   Internet Engineering Task Force (IETF).  Comments should be submitted
   to the ietf-radius@livingston.com mailing list.

   Distribution of this memo is unlimited.

   This document is an Internet-Draft.  Internet-Drafts are working
   documents of the Internet Engineering Task Force (IETF), its areas,
   and its working groups.  Note that other groups may also distribute
   working documents as Internet-Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as ``work in progress.''

   To learn the current status of any Internet-Draft, please check the
   ``1id-abstracts.txt'' listing contained in the Internet-Drafts Shadow
   Directories on on ftp.is.co.za (Africa), nic.nordu.net (Europe),
   munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or
   ftp.isi.edu (US West Coast).

Abstract

   This document describes vendor specific attributes for carrying
   authentication, authorization and accounting information between
   ACC's (now called Ericsson Datacom Access) Network Access Server
   (NAS) and an Authentication/Accounting Server using the Remote
   Authentication Dial In User Service (RADIUS) protocol described in
   RFC 2058 and RFC 2059.



Ilgun                                                           [Page 1]

Internet Draft      ACC's Vendor Specific Attributes    27 November 1998


                             Table of Contents

      1.    Introduction ...........................................  4

      2.    ACC's Radius Authentication Attributes .................  4
         2.1    Acc-Ccp-Option .....................................  5
         2.2    Acc-Ip-Gateway-Pri .................................  6
         2.3    Acc-Ip-Gateway-Sec .................................  7
         2.4    Acc-Route-Policy ...................................  7
         2.5    Acc-ML-MLX-Admin-State .............................  8
         2.6    Acc-ML-Call-Threshold .............................. 10
         2.7    Acc-ML-Clear-Threshold ............................. 11
         2.8    Acc-ML-Damping-Factor .............................. 11
         2.9    Acc-Tunnel-Secret  ................................. 12
         2.10   Acc-Service-Profile ................................ 13
         2.11   Acc-Request-Type  .................................. 13
         2.12   Acc-Framed-Bridge .................................. 15
         2.13   Acc-Dns-Server-Pri ................................. 16
         2.14   Acc-Dns-Server-Sec ................................. 16
         2.15   Acc-Nbns-Server-Pri ................................ 17
         2.16   Acc-Nbns-Server-Sec ................................ 18
         2.17   Acc-Ip-Compression ................................. 19
         2.18   Acc-Ipx-Compression ................................ 20
         2.19   Acc-Callback-Delay ................................. 20
         2.20   Acc-Callback-Num-Valid ............................. 21
         2.21   Acc-Callback-Mode .................................. 22
         2.22   Acc-Callback-CBCP-Type ............................. 23
         2.23   Acc-Dialout-Auth-Mode .............................. 24
         2.24   Acc-Dialout-Auth-Password .......................... 25
         2.25   Acc-Dialout-Auth-Username .......................... 25
         2.26   Acc-Access-Community ............................... 26

       3. ACC's Radius Accounting Attributes ....................... 27
         3.1    Acc-Reason-Code .................................... 28
         3.2    Acc-Input-Errors ................................... 30
         3.3    Acc-Output-Errors .................................. 31
         3.4    Acc-Access-Partition ............................... 32
         3.5    Acc-Customer-Id .................................... 32
         3.6    Acc-Clearing-Cause ................................. 33
         3.7    Acc-Clearing-Location .............................. 35
         3.8    Acc-Vpsm-Oversubscribed ............................ 36
         3.9    Acc-Acct-On-Off-Reason ............................. 37
         3.10   Acc-Tunnel-Port .................................... 37
         3.11   Acc-Dial-Port-Index ................................ 38
         3.12   Acc-Connect-Tx-Speed ............................... 39
         3.13   Acc-Connect-Rx-Speed ............................... 40
         3.14   Acc-Modem-Modulation-Type .......................... 40
         3.15   Acc-Modem-Error-Protocol ........................... 41



Ilgun                                                           [Page 2]

Internet Draft      ACC's Vendor Specific Attributes    27 November 1998


       4. Security Considerations .................................. 42

       5. References ............................................... 42

       6. Expiration Date .......................................... 43

       7. Author's Address ......................................... 43












































Ilgun                                                           [Page 3]

Internet Draft      ACC's Vendor Specific Attributes    27 November 1998


1. Introduction

   The Remote Authentication Dial In User Service (RADIUS) protocol is
   specified by the RADIUS Working Group of the Internet Engineering
   Task Force (IETF). There are two specifications that make up the
   RADIUS protocol suite: Authentication [RIG97a] and Accounting
   [RIG97b].  These protocols aim to centralize authentication,
   configuration, and accounting of dial-in services to an independent
   server.

   ACC has implemented RADIUS authentication and accounting for its
   Network Access Server family of router products.  This document
   provides details of ACC's RADIUS implementation, in particular the
   use of Vendor Specific Attributes (VSA's).  It is intended as a guide
   for using the RADIUS protocol for ACC products.  ACC's vendor-
   specific attributes use a vendor Id of 5.  For more information on
   ACC's RADIUS implementation, see the white paper [ACC97b].

2. ACC's Radius Authentication Attributes

   The table below indicates how the authentication vendor-specific
   attributes are used in the access request and response packets.





























Ilgun                                                           [Page 4]

Internet Draft      ACC's Vendor Specific Attributes    27 November 1998


      +---------------------------+--------+---------+--------+--------+
      | Attribute Name            | Number | Request | Accept | Reject |
      +---------------------------+--------+---------+--------+--------+
      | Acc-Ccp-Option            |    2   |         |   X    |        |
      | Acc-Ip-Gateway-Pri        |    7   |         |   X    |        |
      | Acc-Ip-Gateway-Sec        |    8   |         |   X    |        |
      | Acc-Route-Policy          |    9   |         |   X    |        |
      | Acc-ML-MLX-Admin-State    |   10   |         |   X    |        |
      | Acc-ML-Call-Threshold     |   11   |         |   X    |        |
      | Acc-ML-Clear-Threshold    |   12   |         |   X    |        |
      | Acc-ML-Damping-Factor     |   13   |         |   X    |        |
      | Acc-Tunnel-Secret         |   14   |         |   X    |        |
      | Acc-Service-Profile       |   17   |         |   X    |        |
      | Acc-Request-Type          |   18   |    X    |        |        |
      | Acc-Framed-Bridge         |   19   |         |   X    |        |
      | Acc-Dns-Server-Pri        |   23   |         |   X    |        |
      | Acc-Dns-Server-Sec        |   24   |         |   X    |        |
      | Acc-Nbns-Server-Pri       |   25   |         |   X    |        |
      | Acc-Nbns-Server-Sec       |   26   |         |   X    |        |
      | Acc-Ip-Compression        |   28   |         |   X    |        |
      | Acc-Ipx-Compression       |   29   |         |   X    |        |
      | Acc-Callback-Delay        |   34   |         |   X    |        |
      | Acc-Callback-Num-Valid    |   35   |         |   X    |        |
      | Acc-Callback-Mode         |   36   |         |   X    |        |
      | Acc-Callback-CBCP-Type    |   37   |         |   X    |        |
      | Acc-Dialout-Auth-Mode     |   38   |         |   X    |        |
      | Acc-Dialout-Auth-Password |   39   |         |   X    |        |
      | Acc-Dialout-Auth-UserName |   40   |         |   X    |        |
      | Acc-Access-Community      |   42   |         |   X    |        |
      +---------------------------+--------+---------+--------+--------+

2.1 Acc-Ccp-Option

   Description

      This attribute indicates if PPP CCP [RAN96] compression
      negotiation is to be attempted on the dial-in link. It may be used
      in Access-Accept packets only.


   A summary of the Acc-Ccp-Option Attribute format within the ACC
   vendor- specific attribute is shown below. The fields are transmitted
   left-to-right.








Ilgun                                                           [Page 5]

Internet Draft      ACC's Vendor Specific Attributes    27 November 1998


    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Type

      2 for Acc-Ccp-Option

   Length

      6

   Value

      The value field is four octets.

          1    Disabled
          2    Enabled

2.2 Acc-Ip-Gateway-Pri

   Description

      This attribute defines the next hop IP address where the dial-in
      user's data packets should be directed to.  This address could be
      a router that is directly attached to a VPN (Virtual Private
      Network) customer's network or to a router that forwards the
      packet to its final destination based on the Source IP Address. It
      may be used in Access-Accept packets only.


   A summary of the Acc-Ip-Gateway-Pri Attribute format within the ACC
   vendor- specific attribute is shown below. The fields are transmitted
   left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Address
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
            Address (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+




Ilgun                                                           [Page 6]

Internet Draft      ACC's Vendor Specific Attributes    27 November 1998


   Type

      7 for Acc-Ip-Gateway-Pri

   Length

      6

   Address

      The Address field is a four octet IP Address.

2.3 Acc-Ip-Gateway-Sec

   Description

      Similar to Acc-Ip-Gateway-Pri described in Section 2.2, this
      attribute defines the next hop IP address in case the Acc-Ip-
      Gateway-Pri is unreachable.  It may be used in Access-Accept
      packets only.


   A summary of the Acc-Ip-Gateway-Sec Attribute format within the ACC
   vendor- specific attribute is shown below. The fields are transmitted
   left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Address
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
            Address (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Type

      8 for Acc-Ip-Gateway-Sec

   Length

      6

   Address

      The Address field is a four octet IP Address.

2.4 Acc-Route-Policy



Ilgun                                                           [Page 7]

Internet Draft      ACC's Vendor Specific Attributes    27 November 1998


   Description

      This attribute indicates the route policy to be used with Access
      Partitioning [ACC97a].  Access Partitioning gives carriers the
      ability to partition dial-in resources and assign these partitions
      to dial-in Virtual Private Networks.  If the Acc-Route-Policy
      attribute is set to Direct (2) two dial-in links belonging to the
      same Access Partition can route directly to each other without
      going through the IP home gateway.  If this attribute is not
      defined or set to Funnel (1), it means all packets received from
      the dial-in user of this access partition will be forwarded to the
      designated home gateway.  It may be used in Access-Accept packets
      only.


   A summary of the Acc-Route-Policy Attribute format within the ACC
   vendor- specific attribute is shown below. The fields are transmitted
   left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Type

      9 for Acc-Route-Policy

   Length

      6

   Value

      The value field is four octets.

          1    Funnel
          2    Direct


2.5 Acc-ML-MLX-Admin-State

   Description




Ilgun                                                           [Page 8]

Internet Draft      ACC's Vendor Specific Attributes    27 November 1998


      If the standard Port-Limit attribute is configured for the dial-in
      user on the RADIUS server, the ACC NAS attempts to place the
      dial-in user in a multilink group. The Port-Limit attribute
      defines the maximum number of members the multilink group can
      have. All members of the multilink group must have the same dial-
      in user name. When the first member of a multilink group calls in,
      a multilink group is created on receipt of the access-accept with
      the Port-Limit attribute configured. The multilink group exists
      for as long as there is a call up in the multilink group. When the
      last call in the multilink group is cleared, the multilink group
      is deleted. When subsequent links in the multilink group call in,
      they are added to the multilink group. The multilink group uses
      the IETF standard PPP Multilink protocol [SKL96].  The MLX (also
      known as MP+ [SMI96]) administrative state, call threshold, clear
      threshold and damping factor values of the multilink group can
      also be set using the ACC VSAs described in 2.5, 2.6, 2.7 and 2.8

      The Acc-ML-MLX-Admin-State attribute indicates if PPP MLX (RFC
      1934) negotiation is to be attempted on the dial-in link. It may
      be used in Access-Accept packets only.


   A summary of the Acc-ML-MLX-Admin-State Attribute format within the
   ACC vendor-specific attribute is shown below. The fields are
   transmitted left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Type

      10 for Acc-ML-MLX-Admin-State

   Length

      6

   Value

      The value field is four octets.

          1    Enabled



Ilgun                                                           [Page 9]

Internet Draft      ACC's Vendor Specific Attributes    27 November 1998


          2    Disabled


2.6 Acc-ML-Call-Threshold

   Description

      This attribute indicates the call threshold value to be used with
      the multilink group that is to be configured.  It may be used in
      Access-Accept packets only.  See Section 2.5 for more information
      about this attribute.


   A summary of the Acc-ML-Call-Threshold Attribute format within the
   ACC vendor-specific attribute is shown below. The fields are
   transmitted left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Type

      11 for Acc-ML-Call-Threshold

   Length

      6

   Value

      The value field is four octets.  The minimum value is 0 and
      maximum value is 101.

2.7 Acc-ML-Clear-Threshold

   Description

      This attribute indicates the clear threshold value to be used with
      the multilink group that is to be configured.  It may be used in
      Access-Accept packets only.





Ilgun                                                          [Page 10]

Internet Draft      ACC's Vendor Specific Attributes    27 November 1998


   A summary of the Acc-ML-Clear-Threshold Attribute format within the
   ACC vendor-specific attribute is shown below. The fields are
   transmitted left-to-right.  See Section 2.5 for more information
   about this attribute.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Type

      12 for Acc-ML-Clear-Threshold

   Length

      6

   Value

      The value field is four octets.  The minimum value is 0 and
      maximum value is 100.

2.8 Acc-ML-Damping-Factor

   Description

      This attribute indicates the damping factor value to be used with
      the multilink group that is to be configured.  It may be used in
      Access-Accept packets only.  See Section 2.5 for more information
      about this attribute.


   A summary of the Acc-ML-Damping-Factor Attribute format within the
   ACC vendor-specific attribute is shown below. The fields are
   transmitted left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+



Ilgun                                                          [Page 11]

Internet Draft      ACC's Vendor Specific Attributes    27 November 1998


   Type

      13 for Acc-ML-Damping-Factor

   Length

      6

   Value

      The value field is four octets.  The minimum value is 0 and
      maximum value is 64.

2.9 Acc-Tunnel-Secret

   Description

      This attribute sets the shared secret to support the CHAP style
      endpoint authentication used by L2TP [VAL97]. The purpose for this
      attribute is same as Tunnel-Password [ZOR98], except that Acc-
      Tunnel-Secret is sent in clear.  Therefore, Acc-Tunnel-Secret
      should only be used if the RADIUS server does not support salt
      encryption.  It may be used in Access-Accept packets only.


   A summary of the Acc-Tunnel-Secret Attribute format within the ACC
   vendor- specific attribute is shown below. The fields are transmitted
   left-to-right.

    0                   1                   2
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |     String...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Type

      14 for Acc-Tunnel-Secret

   Length

      >= 3

   String

      The String field is one or more octets.  It is the clear text
      tunnel secret.



Ilgun                                                          [Page 12]

Internet Draft      ACC's Vendor Specific Attributes    27 November 1998


2.10 Acc-Service-Profile

   Description

      This attribute the service profile to be used on the dial-in link.
      It may be used in Access-Accept packets only.

      With the addition of Acc-Service-Profile VSA, RADIUS can identify
      the Service Profile to be assigned to a dial-in user.  This
      attribute should only be present in an access accept message when
      the NAS has queried RADIUS prior to answering the call.  In this
      case all RADIUS has is the called number.  The service profile
      identified by this VSA must exist on the NAS in its locally
      configured Service Profile database.  For the regular routing case
      the service profile indicates that dial-in calls to be routed
      based on the Destination IP Address received from a dial-in user.
      This service is used primarily to provide carrier-based Internet
      access.  For the called number routing case, the service profile
      forces IP dial-in calls to be specifically directed to a VPN
      customer's network.  A service profile may also indicate that
      Layer 2 Tunneling should be performed for a given dial-in user.


   A summary of the Acc-Service-Profile Attribute format within the ACC
   vendor- specific attribute is shown below. The fields are transmitted
   left-to-right.

    0                   1                   2
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |     String...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Type

      17 for Acc-Service-Profile

   Length

      >= 3

   String

      The String field is one or more octets.  It is the name of the
      service profile.

2.11 Acc-Request-Type



Ilgun                                                          [Page 13]

Internet Draft      ACC's Vendor Specific Attributes    27 November 1998


   Description

      This attribute indicates the type of the Access-Request or
      Accounting-Request packet. It may be used in Access-Request and
      Accounting-Request packets only.  The attribute values from 1 to 4
      are used in Access-Request packets, whereas 5 and 6 are used in
      Accounting-Request packets.

      An ACC NAS may send an Access-Request packet to the RADIUS server
      before it answers the call.  In this case the User-Name attribute
      includes the Called Number and the Acc-Request-Type attribute
      contains the value 1, i.e. Ring-Indication. A special-purpose
      RADIUS server (or proxy) receiving this message may accept or
      reject the call based on its policy, e.g. it may reject the call
      if the quota assigned for this Called Number has been exceeded.
      This is useful when an ISP or TELCO outsources their dial-in ports
      to separate customers and partitions the customers by
      differentiating them based on the number they call in.  ACC's VPSM
      server product is an example for this type of operation.

      A value of 2 in the Acc-Request-Type field indicates that the NAS
      is attempting to authorize an outgoing call.  A value of 3
      indicates that the type of access request is for user
      authentication, which is the default behavior for the RADIUS
      authentication.  A value of 4 indicates that a tunnel
      authentication is requested by the LAC (L2TP Access Concentrator)
      in response to a tunnel request from an LNS (L2TP Network Server).

      This attribute may also be present in Accounting-Request packets.
      A value of 5 indicates that the Accounting-Request is for a PPP
      session, whereas a value of 6 indicates that the Accounting-
      Request is for a tunnel session.  The latter case also indicates
      that this accounting information is being provided for a dial-in
      session that is not authenticated at the LAC end of the tunnel,
      but possibly authenticated at the LNS end.


   A summary of the Acc-Request-Type Attribute format within the ACC
   vendor- specific attribute is shown below. The fields are transmitted
   left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+



Ilgun                                                          [Page 14]

Internet Draft      ACC's Vendor Specific Attributes    27 November 1998


   Type

      18 for Acc-Request-Type

   Length

      6

   Value

      The value field is four octets.

          1    Ring Indication
          2    Dial Request
          3    User Authentication
          4    Tunnel Authentication
          5    User Accounting
          6    Tunnel Accounting

2.12 Acc-Framed-Bridge

   Description

      This attribute indicates if Transparent (Ethernet) Bridging should
      be enabled on the dial-in link. It may be used in Access-Accept
      packets only.


   A summary of the Acc-Framed-Bridge Attribute format within the ACC
   vendor-specific attribute is shown below. The fields are transmitted
   left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Type

      19 for Acc-Framed-Bridge

   Length

      6



Ilgun                                                          [Page 15]

Internet Draft      ACC's Vendor Specific Attributes    27 November 1998


   Value

      The value field is four octets.

          0    Disabled
          1    Enabled

2.13 Acc-Dns-Server-Pri

   Description

      This attribute indicates the primary DNS (Domain Name System)
      Server Address to be provided to the dial-in user during IPCP
      negotiation.  The IPCP protocol (RFC 1332) [MCG92] provides the
      option of negotiating the IP addresses of the primary and
      secondary DNS and NBNS (NetBIOS Name Server) servers.  The support
      for these options is specified by RFC 1877 [COB95].  The Acc-Dns-
      Server-Pri attribute may be used in Access-Accept packets only.


   A summary of the Acc-Dns-Server-Pri attribute format within the ACC
   vendor-specific attribute is shown below. The fields are transmitted
   left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Type

      23 for Acc-Dns-Server-Pri

   Length

      6

   Value

      The value field is four octets.

2.14 Acc-Dns-Server-Sec

   Description



Ilgun                                                          [Page 16]

Internet Draft      ACC's Vendor Specific Attributes    27 November 1998


      This attribute indicates the secondary DNS (Domain Name System)
      Server Address to be provided to the dial-in user during IPCP
      negotiation.  The IPCP protocol (RFC 1332) [MCG92] provides the
      option of negotiating the IP addresses of the primary and
      secondary DNS and NBNS (NetBIOS Name Server) servers.  The support
      for these options is specified by RFC 1877 [COB95].  The Acc-Dns-
      Server-Sec attribute may be used in Access-Accept packets only.


   A summary of the Acc-Dns-Server-Sec attribute format within the ACC
   vendor-specific attribute is shown below. The fields are transmitted
   left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Type

      24 for Acc-Dns-Server-Sec

   Length

      6

   Value

      The value field is four octets.

2.15 Acc-Nbns-Server-Pri

   Description

      This attribute indicates the primary NBNS (NetBIOS Name Server)
      Address to be provided to the dial-in user during IPCP
      negotiation.  The IPCP protocol (RFC 1332) [MCG92] provides the
      option of negotiating the IP addresses of the primary and
      secondary DNS (Domain Name System) and NBNS (NetBIOS Name Server)
      servers.  The support for these options is specified by RFC 1877
      [COB95].  The Acc-Nbns-Server-Pri attribute may be used in
      Access-Accept packets only.





Ilgun                                                          [Page 17]

Internet Draft      ACC's Vendor Specific Attributes    27 November 1998


   A summary of the  Acc-Nbns-Server-Pri attribute format within the ACC
   vendor-specific attribute is shown below. The fields are transmitted
   left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Type

      25 for Acc-Nbns-Server-Pri

   Length

      6

   Value

      The value field is four octets.

2.16 Acc-Nbns-Server-Sec

   Description

      This attribute indicates the secondary NBNS (NetBIOS Name Server)
      Address to be provided to the dial-in user during IPCP
      negotiation.  The IPCP protocol (RFC 1332) [MCG92] provides the
      option of negotiating the IP addresses of the primary and
      secondary DNS (Domain Name System) and NBNS (NetBIOS Name Server)
      servers.  The support for these options is specified by RFC 1877
      [COB95].  The Acc-Nbns-Server-Sec attribute may be used in
      Access-Accept packets only.



   A summary of the Acc-Nbns-Server-Sec attribute format within the ACC
   vendor-specific attribute is shown below. The fields are transmitted
   left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value



Ilgun                                                          [Page 18]

Internet Draft      ACC's Vendor Specific Attributes    27 November 1998


   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Type

      26 for Acc-Nbns-Server-Sec

   Length

      6

   Value

      The value field is four octets.

2.17 Acc-Ip-Compression

   Description

      This attribute indicates whether VJ Header Compression should be
      enabled for the dial-in user's IP traffic. The Acc-Ip-Compression
      attribute may be used in Access-Accept packets only.



   A summary of the Acc-Ip-Compression attribute format within the ACC
   vendor-specific attribute is shown below. The fields are transmitted
   left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Type

      28 for Acc-Ip-Compression

   Length

      6




Ilgun                                                          [Page 19]

Internet Draft      ACC's Vendor Specific Attributes    27 November 1998


   Value

      The value field is four octets.

          0    Disabled
          1    Enabled

2.18 Acc-Ipx-Compression

   Description

      This attribute indicates whether Header Compression should be
      enabled for the dial-in user's IPX traffic. The Acc-Ipx-
      Compression attribute may be used in Access-Accept packets only.



   A summary of the Acc-Ipx-Compression attribute format within the ACC
   vendor-specific attribute is shown below. The fields are transmitted
   left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Type

      29 for Acc-Ipx-Compression

   Length

      6

   Value

      The value field is four octets.

          0    Disabled
          1    Enabled

2.19 Acc-Callback-Delay

   Description



Ilgun                                                          [Page 20]

Internet Draft      ACC's Vendor Specific Attributes    27 November 1998


      This attribute specifies the delay time in seconds before the
      remote side is called back. The Acc-Callback-Delay attribute may
      be used in Access-Accept packets only.



   A summary of the Acc-Callback-Delay attribute format within the ACC
   vendor-specific attribute is shown below. The fields are transmitted
   left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Type

      34 for Acc-Callback-Delay

   Length

      6

   Value

      The value field is four octets.

2.19 Acc-Callback-Num-Valid

   Description

      This attribute specifies the acceptable callback number for the
      remote site to be called back.  Each dial-in user may be
      associated with zero or more valid number attributes.  If this
      attribute is not used then the callback will proceed as usual.
      Also, if the Acc-Callback-Mode (see Section 2.21) is not one of 3
      (User-Specified-E-164) and 6 (CBCP-Callback) then the valid number
      filtering will not be performed.  Otherwise, if this attribute is
      returned in an Access-Reply message, then the callback number
      negotiated from the callback phase will be compared to the numbers
      in this attribute.  Multiple instances (up to 16) of this
      attribute can be returned in the same Access-Reply message.  This
      attribute contains a string (valid characters: representing a
      number filter.  'x' and 'X' represent single character wildcards,



Ilgun                                                          [Page 21]

Internet Draft      ACC's Vendor Specific Attributes    27 November 1998


      and '-' character is ignored during filtering.  The matching
      starts from the end of the string. The filter string specified in
      this attribute must be at least the same length as the callback
      number (excluding the '-' characters).  If the negotiated callback
      number is determined to be valid then callback will proceed,
      otherwise no callback will be made. The Acc-Callback-Num-Valid
      attribute may be used in Access-Accept packets only.



   A summary of the Acc-Callback-Num-Valid attribute format within the
   ACC vendor-specific attribute is shown below. The fields are
   transmitted left-to-right.

    0                   1                   2
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |     String...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Type

      35 for Acc-Callback-Num-Valid

   Length

      >= 3

   Value

      The String field is one or more octets.

2.21 Acc-Callback-Mode

   Description

      This attribute indicates what type of callback should be performed
      for the dial-in user.  A value of 0 (User-Auth) indicates the
      callback will depend on the user authentication.  A value of 3
      (User-Specified-E-164) indicates the callback will be done to the
      user specified callback number.  A value of 6 (CBCP-Callback)
      indicates callback will be negotiated using CBCP.  A value of 7
      (CLI-Callback) indicates CLI (Calling Line Identifier) type
      callback will be used.  The Acc-Callback-Mode attribute may be
      used in Access-Accept packets only.





Ilgun                                                          [Page 22]

Internet Draft      ACC's Vendor Specific Attributes    27 November 1998


   A summary of the Acc-Callback-Mode attribute format within the ACC
   vendor-specific attribute is shown below. The fields are transmitted
   left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Type

      36 for Acc-Callback-Mode

   Length

      6

   Value

      The value field is four octets.

          0    User-Auth
          3    User-Specified-E-164
          6    CBCP-Callback
          7    CLI-Callback

2.22 Acc-Callback-CBCP-Type

   Description

      This attribute indicates the type of CBCP to be used for the
      dial-in user.  The Acc-Callback-CBCP-Type attribute may be used in
      Access-Accept packets only.



   A summary of the Acc-Callback-CBCP-Type attribute format within the
   ACC vendor-specific attribute is shown below. The fields are
   transmitted left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value



Ilgun                                                          [Page 23]

Internet Draft      ACC's Vendor Specific Attributes    27 November 1998


   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Type

      37 for Acc-Callback-CBCP-Type

   Length

      6

   Value

      The value field is four octets.

          CBCP-None                 1
          CBCP-User-Specified       2
          CBCP-Pre-Specified        3

2.23 Acc-Dialout-Auth-Mode

   Description

      This attribute indicates the type of authentication to be used for
      the dialout of the callback session.  The Acc-Dialout-Auth-Mode
      attribute may be used in Access-Accept packets only.



   A summary of the Acc-Dialout-Auth-Mode attribute format within the
   ACC vendor-specific attribute is shown below. The fields are
   transmitted left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Type

      38 for Acc-Dialout-Auth-Mode




Ilgun                                                          [Page 24]

Internet Draft      ACC's Vendor Specific Attributes    27 November 1998


   Length

      6

   Value

      The value field is four octets.

          PAP       1
          CHAP      2
          CHAP-PAP  3
          NONE      4

2.24 Acc-Dialout-Auth-Password

   Description

      This attribute indicates the password to be used for the outgoing
      authentication of the callback.  The Acc-Dialout-Auth-Password
      attribute may be used in Access-Accept packets only.



   A summary of the Acc-Dialout-Auth-Password attribute format within
   the ACC vendor-specific attribute is shown below. The fields are
   transmitted left-to-right.

    0                   1                   2
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |     String...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Type

      36 for Acc-Dialout-Auth-Password

   Length

      >= 3

   Value

      The String field is one or more octets.

2.25 Acc-Dialout-Auth-Username




Ilgun                                                          [Page 25]

Internet Draft      ACC's Vendor Specific Attributes    27 November 1998


   Description

      This attribute indicates the username to be used for the outgoing
      authentication of the callback.  The Acc-Dialout-Auth-Username
      attribute may be used in Access-Accept packets only.



   A summary of the Acc-Dialout-Auth-Username attribute format within
   the ACC vendor-specific attribute is shown below. The fields are
   transmitted left-to-right.

    0                   1                   2
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |     String...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Type

      37 for Acc-Dialout-Auth-Username

   Length

      >= 3

   Value

      The String field is one or more octets.


2.26 Acc-Access-Community

   Description

      This attribute indicates SNMP community name for the RADIUS
      authenticated console login session.  The Acc-Access-Community
      attribute may be used in Access-Accept packets only.



   A summary of the Acc-Access-Community attribute format within the ACC
   vendor-specific attribute is shown below. The fields are transmitted
   left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1



Ilgun                                                          [Page 26]

Internet Draft      ACC's Vendor Specific Attributes    27 November 1998


   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Type

      42 for Acc-Access-Community

   Length

      6

   Value

      The value field is four octets.

          PUBLIC  1
          NETMAN  2


3. ACC's Radius Accounting Attributes

   The table below indicates how the accounting vendor-specific
   attributes are used in the accounting request packets. The attributes
   with (*) are accounting specific attributes. An X indicates in which
   type of Accounting-Request packet the attribute may be included.
   Note that any Accounting-Request packet may include a copy of all the
   configuration attributes.




















Ilgun                                                          [Page 27]

Internet Draft      ACC's Vendor Specific Attributes    27 November 1998


      +-------------------------------+--------+-------+------+---------+
      | Attribute Name                | Number | Start | Stop | Interim |
      +-------------------------------+--------+-------+------+---------+
      | Acc-Reason-Code (*)           |   1    |       |  X   |         |
      | Acc-Ccp-Option                |   2    |       |      |         |
      | Acc-Input-Errors (*)          |   3    |       |  X   |    X    |
      | Acc-Output-Errors (*)         |   4    |       |  X   |    X    |
      | Acc-Access-Partition (*)      |   5    |   X   |  X   |    X    |
      | Acc-Customer-Id (*)           |   6    |   X   |  X   |    X    |
      | Acc-Ip-Gateway-Pri            |   7    |       |      |         |
      | Acc-Ip-Gateway-Sec            |   8    |       |      |         |
      | Acc-Route-Policy              |   9    |       |      |         |
      | Acc-ML-MLX-Admin-State        |   10   |       |      |         |
      | Acc-ML-Call-Threshold         |   11   |       |      |         |
      | Acc-ML-Clear-Threshold        |   12   |       |      |         |
      | Acc-ML-Damping-Factor         |   13   |       |      |         |
      | Acc-Clearing-Cause (*)        |   15   |       |  X   |         |
      | Acc-Clearing-Location (*)     |   16   |       |  X   |         |
      | Acc-Service-Profile           |   17   |   X   |  X   |    X    |
      | Acc-Request-Type              |   18   |   X   |  X   |    X    |
      | Acc-Framed-Bridge             |   19   |       |      |         |
      | Acc-Vpsm-Oversubscribed (*)   |   20   |   X   |  X   |         |
      | Acc-Acct-On-Off-Reason (*)    |   21   |       |      |         |
      | Acc-Tunnel-Port (*)           |   22   |   X   |  X   |    X    |
      | Acc-Dns-Server-Pri            |   23   |       |      |         |
      | Acc-Dns-Server-Sec            |   24   |       |      |         |
      | Acc-Nbns-Server-Pri           |   25   |       |      |         |
      | Acc-Nbns-Server-Sec           |   26   |       |      |         |
      | Acc-Dial-Port-Index (*)       |   27   |   X   |  X   |    X    |
      | Acc-Ip-Compression            |   28   |       |      |         |
      | Acc-Ipx-Compression           |   29   |       |      |         |
      | Acc-Connect-Tx-Speed (*)      |   30   |   X   |  X   |    X    |
      | Acc-Connect-Rx-Speed (*)      |   31   |   X   |  X   |    X    |
      | Acc-Modem-Modulation-Type (*) |   32   |   X   |  X   |    X    |
      | Acc-Modem-Error-Protocol (*)  |   33   |   X   |  X   |    X    |
      | Acc-Callback-Delay            |   34   |       |      |         |
      | Acc-Callback-Num-Valid        |   35   |       |      |         |
      | Acc-Callback-Mode             |   36   |       |      |         |
      | Acc-Callback-CBCP-Type        |   37   |       |      |         |
      | Acc-Dialout-Auth-Mode         |   38   |       |      |         |
      | Acc-Dialout-Auth-Password     |   39   |       |      |         |
      | Acc-Dialout-Auth-UserName     |   40   |       |      |         |
      | Acc-Access-Community          |   42   |       |      |         |
      +-------------------------------+--------+-------+------+---------+

3.1 Acc-Reason-Code

   Description



Ilgun                                                          [Page 28]

Internet Draft      ACC's Vendor Specific Attributes    27 November 1998


      This attribute provides an extension to the standard Acct-
      Terminate-Cause attribute. It provides more detail on the
      termination reason for a call.


   A summary of the Acc-Reason-Code Attribute format within the ACC
   vendor- specific attribute is shown below. The fields are transmitted
   left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Type

      1 for Acc-Reason-Code

   Length

      6

   Value

      The value field is four octets.

          0    no reason given/no failure
          1    resource shortage
          2    session already open
          3    too many RADIUS users
          4    no authentication server
          5    no authentication response
          6    no accounting server
          7    no accounting response
          8    access denied
          9    temporary buffer shortage
          10   protocol error
          11   invalid attribute
          12   invalid service type
          13   invalid framed protocol
          14   invalid attribute value
          15   invalid user information
          16   invalid IP address
          17   invalid integer syntax



Ilgun                                                          [Page 29]

Internet Draft      ACC's Vendor Specific Attributes    27 November 1998


          18   invalid NAS port
          19   requested by user
          20   network disconnect
          21   service interruption
          22   physical port error
          23   idle timeout
          24   session timeout
          25   administrative reset
          26   NAS reload or reset
          27   NAS error
          28   NAS request
          29   undefined reason given
          30   conflicting attributes
          31   port limit exceeded
          32   facility not available
          33   internal configuration error
          34   bad route specification
          35   Access Partition bind failure
          36   security violation
          37   request type conflict
          38   configuration disallowed
          39   missing attribute
          40   invalid request
          41   missing parameter
          42   invalid parameter
          43   call cleared with cause
          44   inopportune config request
          45   invalid config parameter
          46   missing config parameter
          47   incompatible service profile
          48   administrative reset
          49   administrative reload
          50   port unneeded
          51   port preempted
          52   port suspended
          53   service unavailable
          54   callback
          55   user error
          56   host request

3.2 Acc-Input-Errors

   Description

      This attribute indicates the number of receive errors on the
      physical port the dial- in user was connected to.





Ilgun                                                          [Page 30]

Internet Draft      ACC's Vendor Specific Attributes    27 November 1998


   A summary of the Acc-Input-Errors Attribute format within the ACC
   vendor- specific attribute is shown below. The fields are transmitted
   left-to-right.


    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Type

      3 for Acc-Input-Errors

   Length

      6

   Value

      The value field is four octets.

3.3 Acc-Output-Errors

   Description

      This attribute indicates the number of send errors on the physical
      port the dial-in user was connected to.


   A summary of the Acc-Output-Errors Attribute format within the ACC
   vendor- specific attribute is shown below. The fields are transmitted
   left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Type



Ilgun                                                          [Page 31]

Internet Draft      ACC's Vendor Specific Attributes    27 November 1998


      4 for Acc-Output-Errors

   Length

      6

   Value

      The value field is four octets.

3.4 Acc-Access-Partition

   Description

      This attribute specifies the name of the Access Partition the
      dial-in user is assigned to.  Access Partitioning [ACC97a] gives
      carriers the ability to partition dial-in resources and assign
      these partitions to dial-in Virtual Private Networks.


   A summary of the Acc-Access-Partition Attribute format within the ACC
   vendor- specific attribute is shown below. The fields are transmitted
   left-to-right.

    0                   1                   2
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |     String...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Type

      5 for Acc-Access-Partition

   Length

      >= 3

   String

      The String field is one or more octets.

3.5 Acc-Customer-Id

   Description

      This attribute specifies the Id of the Customer the dial-in user



Ilgun                                                          [Page 32]

Internet Draft      ACC's Vendor Specific Attributes    27 November 1998


      is associated with.


   A summary of the Acc-Customer-Id Attribute format within the ACC
   vendor- specific attribute is shown below. The fields are transmitted
   left-to-right.

    0                   1                   2
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |     String...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Type

      6 for Acc-Customer-Id

   Length

      >= 3

   Value

      The String field is one or more octets.

3.6 Acc-Clearing-Cause

   Description

      This attribute provides an extension to the Acc-Reason-Code
      attribute. It provides more detail if Acc-Reason-Code indicates
      Call-Cleared-With-Cause (43).


   A summary of the Acc-Clearing-Cause Attribute format within the ACC
   vendor- specific attribute is shown below. The fields are transmitted
   left-to-right.


    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+




Ilgun                                                          [Page 33]

Internet Draft      ACC's Vendor Specific Attributes    27 November 1998


   Type

      15 for Acc-Clearing-Cause

   Length

      6

   Value

      The value field is four octets.

          0    cause unspecified
          1    unassigned number
          2    no route to transit network
          3    no route to destination
          6    channel unacceptable
          7    call awarded being delivered
          16   normal clearing
          17   user busy
          18   no user responding
          19   user alerted no answer
          21   call rejected
          22   number changed
          26   non selected user clearing
          27   destination out of order
          28   invalid or incomplete number
          29   facility rejected
          30   response to status inquiry
          31   normal unspecified cause
          34   no circuit or channel available
          38   network out of order
          41   temporary failure
          42   switching equipment congestion
          43   access information discarded
          44   circuit or channel unavailable
          45   circuit or channel preempted
          47   resources unavailable
          49   quality of service unavailable
          50   facility not subscribed
          52   outgoing calls barred
          54   incoming calls barred
          57   bearer capability unauthorized
          58   bearer capability not available
          63   service not available
          65   bearer capability not implemented
          66   channel type not implemented
          69   facility not implemented



Ilgun                                                          [Page 34]

Internet Draft      ACC's Vendor Specific Attributes    27 November 1998


          70   restricted digital information only
          79   service not implemented
          81   invalid call reference
          82   identified channel does not exist
          83   call identity does not exist
          84   call identity in use
          85   no call suspended
          86   suspended call cleared
          88   incompatible destination
          91   invalid transit network selection
          95   invalid message
          96   mandatory information element missing
          97   message not implemented
          98   inopportune message
          99   information element not implemented
          100  invalid information element contents
          101  message incompatible with state
          102  recovery on timer expiration
          103  mandatory information element length error
          111  protocol error
          127  interworking

3.7 Acc-Clearing-Location

   Description

      This attribute provides an extension to the Acc-Reason-Code
      attribute. It provides detail on where the call has been cleared.


   A summary of the Acc-Clearing-Location Attribute format within the
   ACC vendor-specific attribute is shown below. The fields are
   transmitted left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Type

      16 for Acc-Clearing-Location

   Length



Ilgun                                                          [Page 35]

Internet Draft      ACC's Vendor Specific Attributes    27 November 1998


      6

   Value

      The value field is four octets

          0   local or remote user
          1   private network serving local user
          2   public network serving local user
          3   transit network
          4   private network serving remote user
          5   public network serving remote user
          6   international network
          10  beyond interworking point

3.8 Acc-Vpsm-Oversubscribed

   Description

      This attribute is specific to ACC's VPSM (Virtual Port Service
      Manager) server software.  VPSM runs as a proxy RADIUS server
      between an ACC NAS and a home RADIUS server.  If the VPSM server
      detects that this connection caused the corresponding Access
      Partition quota to be exceeded, the Accounting-Start record for
      the connection will include the Acc-Vpsm-Oversubscribed attribute
      with a value of 2 (True).


   A summary of the Acc-Vpsm-Oversubscribed Attribute format within the
   ACC vendor-specific attribute is shown below. The fields are
   transmitted left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Type

      20 for Acc-Vpsm-Oversubscribed

   Length

      6



Ilgun                                                          [Page 36]

Internet Draft      ACC's Vendor Specific Attributes    27 November 1998


   Value

      The value field is four octets.

          1   False
          2   True

3.9 Acc-Acct-On-Off-Reason

   Description

      This attribute provides a reason code for why the Accounting-On or
      Accounting- Off message is sent.


   A summary of the Acc-Acct-On-Off-Reason Attribute format within the
   ACC vendor-specific attribute is shown below. The fields are
   transmitted left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Type

      21 for Acc-Acct-On-Off-Reason

   Length

      6

   Value

      The value field is four octets.

          0    NAS Reset
          1    NAS Reload
          2    Configuration Reset
          3    Configuration Reload
          4    Enabled
          5    Disabled

3.10 Acc-Tunnel-Port



Ilgun                                                          [Page 37]

Internet Draft      ACC's Vendor Specific Attributes    27 November 1998


   Description

      This attribute indicates the index of the Tunnel Port the dial-in
      user is connected to.


   A summary of the Acc-Tunnel-Port attribute format within the ACC
   vendor-specific attribute is shown below. The fields are transmitted
   left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Type

      22 for Acc-Tunnel-Port

   Length

      6

   Value

      The value field is four octets.

3.11 Acc-Dial-Port-Index

   Description

      This attribute indicates the index of the Dial Port the dial-in
      user is connected to.


   A summary of the Acc-Dial-Port-Index attribute format within the ACC
   vendor-specific attribute is shown below. The fields are transmitted
   left-to-right.









Ilgun                                                          [Page 38]

Internet Draft      ACC's Vendor Specific Attributes    27 November 1998


    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Type

      27 for Acc-Dial-Port-Index

   Length

      6

   Value

      The value field is four octets.

3.12 Acc-Connect-Tx-Speed

   Description

      This attribute indicates the transmit speed that is negotiated on
      the NAS port for this dial-in connection.


   A summary of the Acc-Connect-Tx-Speed attribute format within the ACC
   vendor-specific attribute is shown below. The fields are transmitted
   left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Type

      30 for Acc-Connect-Tx-Speed

   Length




Ilgun                                                          [Page 39]

Internet Draft      ACC's Vendor Specific Attributes    27 November 1998


      6

   Value

      The value field is four octets.

3.13 Acc-Connect-Rx-Speed

   Description

      This attribute indicates the receive speed that is negotiated on
      the NAS port for this dial-in connection.


   A summary of the Acc-Connect-Rx-Speed attribute format within the ACC
   vendor-specific attribute is shown below. The fields are transmitted
   left-to-right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |             Value
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              Value (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Type

      31 for Acc-Connect-Rx-Speed

   Length

      6

   Value

      The value field is four octets.

3.14 Acc-Modem-Modulation-Type

   Description

      This attribute indicates the modem modulation type that is used on
      the NAS port for this dial-in connection.


   A summary of the Acc-Modem-Modulation-Type attribute format within



Ilgun                                                          [Page 40]

Internet Draft      ACC's Vendor Specific Attributes    27 November 1998


   the ACC vendor-specific attribute is shown below. The fields are
   transmitted left-to-right.

    0                   1                   2
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |     String...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Type

      32 for Acc-Modem-Modulation-Type

   Length

      >=3

   Value

      The value field is four octets.

3.15 Acc-Modem-Error-Protocol

   Description

      This attribute indicates the modem error protocol that is used on
      the NAS port for this dial-in connection.


   A summary of the Acc-Modem-Error-Protocol attribute format within the
   ACC vendor-specific attribute is shown below. The fields are
   transmitted left-to-right.

    0                   1                   2
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |     String...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Type

      33 for Acc-Modem-Error-Protocol

   Length

      >=3



Ilgun                                                          [Page 41]

Internet Draft      ACC's Vendor Specific Attributes    27 November 1998


   Value

      The value field is four octets.

4. Security Considerations

   Security issues regarding the RADIUS protocol are discussed in RFC
   2138 [RIG97a] and RFC 2139 [RIG97b].  The use of Acc-Tunnel-Secret
   attribute is insecure. The Tunnel-Password attribute, defined in
   [ZOR98], should be used whenever possible and Acc-Tunnel-Secret
   attribute should only be used if the RADIUS server does not support
   salt encryption.

5. References

       [ACC97a]  "Access Partitioning" White Paper,
                 http://www.acc.com/internet/whitepapers/
                 accesspartitioning.html, ACC, August 1997

       [ACC97b]  "RADIUS Implementation" White Paper,
                 http://www.acc.com/internet/whitepapers/
                 radiusimp.html, ACC, January 1998

       [COB95]   Cobb, S., PPP Internet Protocol Control Protocol
                 Extensions for Name Server Addresses,
                 RFC 1877, Microsoft, December 1995.

       [GID94]   Gidwani, N., Proposal for Callback Control Protocol (CBCP),
                 draft-ietf-pppext-callback-cp-02.txt, Microsoft, July 1994.

       [MCG92]   McGregor, G., PPP Internet Control Protocol",
                 RFC 1332, Merit, May 1992.

       [RAN96]   Rand, D., The PPP Compression Control Protocol (CCP),
                 RFC 1962, Novell, June 1996.

       [RIG97a]  Rigney, C., Remote Authentication Dial In User Service
                 (RADIUS), RFC 2138, Livingston, April 1997.

       [RIG97b]  Rigney, C., et al, RADIUS Accounting,
                 RFC 2139, Livingston, April 1997.

       [SIM98]   Simpson, W., PPP LCP CallBack,
                 draft-ietf-pppext-callback-ds-02.txt, Daydreamer, August 1998.

       [SKL96]   Sklower, K., et al, The PPP Multilink Protocol (MP),
                 RFC 1990, UC Berkeley, August 1996.




Ilgun                                                          [Page 42]

Internet Draft      ACC's Vendor Specific Attributes    27 November 1998


       [SMI96]   Smith, K., Ascend's Multilink Protocol Plus (MP+),
                 Ascend, RFC 1934, August 1996.

       [VAL97]   Valencia, et al., Layer Two Tunneling Protocol (L2TP),
                 draft-ietf-pppext-l2tp-06.txt, June 1997.

       [ZOR98]   Zorn, G., et al, RADIUS Attributes for Tunnel
                 Protocol Support, draft-ietf-radius-tunnel-auth-05.txt,
                 Microsoft-Ascend-Shiva, April 1998.


6. Expiration Date

   This document expires June 18, 1999.

7. Author's Address

   Koral Ilgun
   ACC/Ericsson Datacom Access
   340 Storke Road
   Santa Barbara, CA 93117

   Phone: (805) 961-0279

   EMail: koral@acc.com


























Ilgun                                                          [Page 43]


Html markup produced by rfcmarkup 1.109, available from https://tools.ietf.org/tools/rfcmarkup/