draft-ietf-dime-rfc4005bis-05.txt   draft-ietf-dime-rfc4005bis-06.txt 
Network Working Group G. Zorn Network Working Group G. Zorn
Internet-Draft Network Zen Internet-Draft Network Zen
Obsoletes: 4005 (if approved) July 11, 2011 Obsoletes: 4005 (if approved) January 3, 2012
Intended status: Standards Track Intended status: Standards Track
Expires: January 12, 2012 Expires: July 6, 2012
Diameter Network Access Server Application Diameter Network Access Server Application
draft-ietf-dime-rfc4005bis-05 draft-ietf-dime-rfc4005bis-06
Abstract Abstract
This document describes the Diameter protocol application used for This document describes the Diameter protocol application used for
Authentication, Authorization, and Accounting (AAA) services in the Authentication, Authorization, and Accounting (AAA) services in the
Network Access Server (NAS) environment. When combined with the Network Access Server (NAS) environment; it obsoletes RFC 4005. When
Diameter Base protocol, Transport Profile, and Extensible combined with the Diameter Base protocol, Transport Profile, and
Authentication Protocol specifications, this application Extensible Authentication Protocol specifications, this application
specification satisfies typical network access services requirements. specification satisfies typical network access services requirements.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 12, 2012. This Internet-Draft will expire on July 6, 2012.
Copyright Notice Copyright Notice
Copyright (c) 2011 IETF Trust and the persons identified as the Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5
1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 5 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 5
1.2. Requirements Language . . . . . . . . . . . . . . . . . . 6 1.2. Requirements Language . . . . . . . . . . . . . . . . . . 6
1.3. Advertising Application Support . . . . . . . . . . . . . 7 1.3. Advertising Application Support . . . . . . . . . . . . . 6
2. NAS Calls, Ports, and Sessions . . . . . . . . . . . . . . . . 7 2. NAS Calls, Ports, and Sessions . . . . . . . . . . . . . . . . 7
2.1. Diameter Session Establishment . . . . . . . . . . . . . . 7 2.1. Diameter Session Establishment . . . . . . . . . . . . . . 7
2.2. Diameter Session Reauthentication or Reauthorization . . . 8 2.2. Diameter Session Reauthentication or Reauthorization . . . 7
2.3. Diameter Session Termination . . . . . . . . . . . . . . . 8 2.3. Diameter Session Termination . . . . . . . . . . . . . . . 8
3. Diameter NAS Application Messages . . . . . . . . . . . . . . 9 3. Diameter NAS Application Messages . . . . . . . . . . . . . . 9
3.1. AA-Request (AAR) Command . . . . . . . . . . . . . . . . . 9 3.1. AA-Request (AAR) Command . . . . . . . . . . . . . . . . . 9
3.2. AA-Answer (AAA) Command . . . . . . . . . . . . . . . . . 11 3.2. AA-Answer (AAA) Command . . . . . . . . . . . . . . . . . 11
3.3. Re-Auth-Request (RAR) Command . . . . . . . . . . . . . . 13 3.3. Re-Auth-Request (RAR) Command . . . . . . . . . . . . . . 13
3.4. Re-Auth-Answer (RAA) Command . . . . . . . . . . . . . . . 14 3.4. Re-Auth-Answer (RAA) Command . . . . . . . . . . . . . . . 14
3.5. Session-Termination-Request (STR) Command . . . . . . . . 15 3.5. Session-Termination-Request (STR) Command . . . . . . . . 15
3.6. Session-Termination-Answer (STA) Command . . . . . . . . . 16 3.6. Session-Termination-Answer (STA) Command . . . . . . . . . 16
3.7. Abort-Session-Request (ASR) Command . . . . . . . . . . . 17 3.7. Abort-Session-Request (ASR) Command . . . . . . . . . . . 17
3.8. Abort-Session-Answer (ASA) Command . . . . . . . . . . . . 18 3.8. Abort-Session-Answer (ASA) Command . . . . . . . . . . . . 18
skipping to change at page 2, line 44 skipping to change at page 2, line 44
4.2.3. NAS-Port-Id AVP . . . . . . . . . . . . . . . . . . . 24 4.2.3. NAS-Port-Id AVP . . . . . . . . . . . . . . . . . . . 24
4.2.4. NAS-Port-Type AVP . . . . . . . . . . . . . . . . . . 25 4.2.4. NAS-Port-Type AVP . . . . . . . . . . . . . . . . . . 25
4.2.5. Called-Station-Id AVP . . . . . . . . . . . . . . . . 25 4.2.5. Called-Station-Id AVP . . . . . . . . . . . . . . . . 25
4.2.6. Calling-Station-Id AVP . . . . . . . . . . . . . . . . 25 4.2.6. Calling-Station-Id AVP . . . . . . . . . . . . . . . . 25
4.2.7. Connect-Info AVP . . . . . . . . . . . . . . . . . . . 26 4.2.7. Connect-Info AVP . . . . . . . . . . . . . . . . . . . 26
4.2.8. Originating-Line-Info AVP . . . . . . . . . . . . . . 26 4.2.8. Originating-Line-Info AVP . . . . . . . . . . . . . . 26
4.2.9. Reply-Message AVP . . . . . . . . . . . . . . . . . . 27 4.2.9. Reply-Message AVP . . . . . . . . . . . . . . . . . . 27
4.3. NAS Authentication AVPs . . . . . . . . . . . . . . . . . 27 4.3. NAS Authentication AVPs . . . . . . . . . . . . . . . . . 27
4.3.1. User-Password AVP . . . . . . . . . . . . . . . . . . 28 4.3.1. User-Password AVP . . . . . . . . . . . . . . . . . . 28
4.3.2. Password-Retry AVP . . . . . . . . . . . . . . . . . . 28 4.3.2. Password-Retry AVP . . . . . . . . . . . . . . . . . . 28
4.3.3. Prompt AVP . . . . . . . . . . . . . . . . . . . . . . 29 4.3.3. Prompt AVP . . . . . . . . . . . . . . . . . . . . . . 28
4.3.4. CHAP-Auth AVP . . . . . . . . . . . . . . . . . . . . 29 4.3.4. CHAP-Auth AVP . . . . . . . . . . . . . . . . . . . . 28
4.3.5. CHAP-Algorithm AVP . . . . . . . . . . . . . . . . . . 29 4.3.5. CHAP-Algorithm AVP . . . . . . . . . . . . . . . . . . 29
4.3.6. CHAP-Ident AVP . . . . . . . . . . . . . . . . . . . . 29 4.3.6. CHAP-Ident AVP . . . . . . . . . . . . . . . . . . . . 29
4.3.7. CHAP-Response AVP . . . . . . . . . . . . . . . . . . 29 4.3.7. CHAP-Response AVP . . . . . . . . . . . . . . . . . . 29
4.3.8. CHAP-Challenge AVP . . . . . . . . . . . . . . . . . . 30 4.3.8. CHAP-Challenge AVP . . . . . . . . . . . . . . . . . . 29
4.3.9. ARAP-Password AVP . . . . . . . . . . . . . . . . . . 30 4.3.9. ARAP-Password AVP . . . . . . . . . . . . . . . . . . 29
4.3.10. ARAP-Challenge-Response AVP . . . . . . . . . . . . . 30 4.3.10. ARAP-Challenge-Response AVP . . . . . . . . . . . . . 29
4.3.11. ARAP-Security AVP . . . . . . . . . . . . . . . . . . 30 4.3.11. ARAP-Security AVP . . . . . . . . . . . . . . . . . . 30
4.3.12. ARAP-Security-Data AVP . . . . . . . . . . . . . . . . 30 4.3.12. ARAP-Security-Data AVP . . . . . . . . . . . . . . . . 30
4.4. NAS Authorization AVPs . . . . . . . . . . . . . . . . . . 31 4.4. NAS Authorization AVPs . . . . . . . . . . . . . . . . . . 30
4.4.1. Service-Type AVP . . . . . . . . . . . . . . . . . . . 33 4.4.1. Service-Type AVP . . . . . . . . . . . . . . . . . . . 32
4.4.2. Callback-Number AVP . . . . . . . . . . . . . . . . . 33 4.4.2. Callback-Number AVP . . . . . . . . . . . . . . . . . 32
4.4.3. Callback-Id AVP . . . . . . . . . . . . . . . . . . . 34 4.4.3. Callback-Id AVP . . . . . . . . . . . . . . . . . . . 33
4.4.4. Idle-Timeout AVP . . . . . . . . . . . . . . . . . . . 34 4.4.4. Idle-Timeout AVP . . . . . . . . . . . . . . . . . . . 33
4.4.5. Port-Limit AVP . . . . . . . . . . . . . . . . . . . . 34 4.4.5. Port-Limit AVP . . . . . . . . . . . . . . . . . . . . 33
4.4.6. NAS-Filter-Rule AVP . . . . . . . . . . . . . . . . . 34 4.4.6. NAS-Filter-Rule AVP . . . . . . . . . . . . . . . . . 33
4.4.7. Filter-Id AVP . . . . . . . . . . . . . . . . . . . . 34 4.4.7. Filter-Id AVP . . . . . . . . . . . . . . . . . . . . 33
4.4.8. Configuration-Token AVP . . . . . . . . . . . . . . . 35 4.4.8. Configuration-Token AVP . . . . . . . . . . . . . . . 34
4.4.9. QoS-Filter-Rule AVP . . . . . . . . . . . . . . . . . 35 4.4.9. QoS-Filter-Rule AVP . . . . . . . . . . . . . . . . . 34
4.4.10. Framed Access Authorization AVPs . . . . . . . . . . . 36 4.4.10. Framed Access Authorization AVPs . . . . . . . . . . . 35
4.4.10.1. Framed-Protocol AVP . . . . . . . . . . . . . . . 36 4.4.10.1. Framed-Protocol AVP . . . . . . . . . . . . . . . 35
4.4.10.2. Framed-Routing AVP . . . . . . . . . . . . . . . 36 4.4.10.2. Framed-Routing AVP . . . . . . . . . . . . . . . 35
4.4.10.3. Framed-MTU AVP . . . . . . . . . . . . . . . . . 36 4.4.10.3. Framed-MTU AVP . . . . . . . . . . . . . . . . . 35
4.4.10.4. Framed-Compression AVP . . . . . . . . . . . . . 36 4.4.10.4. Framed-Compression AVP . . . . . . . . . . . . . 35
4.4.10.5. IP Access Authorization AVPs . . . . . . . . . . 36 4.4.10.5. IP Access Authorization AVPs . . . . . . . . . . 35
4.4.10.5.1. Framed-IP-Address AVP . . . . . . . . . . . . 37 4.4.10.5.1. Framed-IP-Address AVP . . . . . . . . . . . . 36
4.4.10.5.2. Framed-IP-Netmask AVP . . . . . . . . . . . . 37 4.4.10.5.2. Framed-IP-Netmask AVP . . . . . . . . . . . . 36
4.4.10.5.3. Framed-Route AVP . . . . . . . . . . . . . . 37 4.4.10.5.3. Framed-Route AVP . . . . . . . . . . . . . . 36
4.4.10.5.4. Framed-Pool AVP . . . . . . . . . . . . . . . 38 4.4.10.5.4. Framed-Pool AVP . . . . . . . . . . . . . . . 37
4.4.10.5.5. Framed-Interface-Id AVP . . . . . . . . . . . 38 4.4.10.5.5. Framed-Interface-Id AVP . . . . . . . . . . . 37
4.4.10.5.6. Framed-IPv6-Prefix AVP . . . . . . . . . . . 38 4.4.10.5.6. Framed-IPv6-Prefix AVP . . . . . . . . . . . 37
4.4.10.5.7. Framed-IPv6-Route AVP . . . . . . . . . . . . 38 4.4.10.5.7. Framed-IPv6-Route AVP . . . . . . . . . . . . 37
4.4.10.5.8. Framed-IPv6-Pool AVP . . . . . . . . . . . . 39 4.4.10.5.8. Framed-IPv6-Pool AVP . . . . . . . . . . . . 38
4.4.10.6. IPX Access AVPs . . . . . . . . . . . . . . . . . 39 4.4.10.6. IPX Access AVPs . . . . . . . . . . . . . . . . . 38
4.4.10.6.1. Framed-IPX-Network AVP . . . . . . . . . . . 39 4.4.10.6.1. Framed-IPX-Network AVP . . . . . . . . . . . 38
4.4.10.7. AppleTalk Network Access AVPs . . . . . . . . . . 39 4.4.10.7. AppleTalk Network Access AVPs . . . . . . . . . . 38
4.4.10.7.1. Framed-AppleTalk-Link AVP . . . . . . . . . . 39 4.4.10.7.1. Framed-AppleTalk-Link AVP . . . . . . . . . . 38
4.4.10.7.2. Framed-AppleTalk-Network AVP . . . . . . . . 40 4.4.10.7.2. Framed-AppleTalk-Network AVP . . . . . . . . 39
4.4.10.7.3. Framed-AppleTalk-Zone AVP . . . . . . . . . . 40 4.4.10.7.3. Framed-AppleTalk-Zone AVP . . . . . . . . . . 39
4.4.10.8. AppleTalk Remote Access AVPs . . . . . . . . . . 40 4.4.10.8. AppleTalk Remote Access AVPs . . . . . . . . . . 39
4.4.10.8.1. ARAP-Features AVP . . . . . . . . . . . . . . 40 4.4.10.8.1. ARAP-Features AVP . . . . . . . . . . . . . . 39
4.4.10.8.2. ARAP-Zone-Access AVP . . . . . . . . . . . . 40 4.4.10.8.2. ARAP-Zone-Access AVP . . . . . . . . . . . . 39
4.4.11. Non-Framed Access Authorization AVPs . . . . . . . . . 41 4.4.11. Non-Framed Access Authorization AVPs . . . . . . . . . 40
4.4.11.1. Login-IP-Host AVP . . . . . . . . . . . . . . . . 41 4.4.11.1. Login-IP-Host AVP . . . . . . . . . . . . . . . . 40
4.4.11.2. Login-IPv6-Host AVP . . . . . . . . . . . . . . . 41 4.4.11.2. Login-IPv6-Host AVP . . . . . . . . . . . . . . . 40
4.4.11.3. Login-Service AVP . . . . . . . . . . . . . . . . 41 4.4.11.3. Login-Service AVP . . . . . . . . . . . . . . . . 40
4.4.11.4. TCP Services . . . . . . . . . . . . . . . . . . 42 4.4.11.4. TCP Services . . . . . . . . . . . . . . . . . . 41
4.4.11.4.1. Login-TCP-Port AVP . . . . . . . . . . . . . 42 4.4.11.4.1. Login-TCP-Port AVP . . . . . . . . . . . . . 41
4.4.11.5. LAT Services . . . . . . . . . . . . . . . . . . 42 4.4.11.5. LAT Services . . . . . . . . . . . . . . . . . . 41
4.4.11.5.1. Login-LAT-Service AVP . . . . . . . . . . . . 42 4.4.11.5.1. Login-LAT-Service AVP . . . . . . . . . . . . 41
4.4.11.5.2. Login-LAT-Node AVP . . . . . . . . . . . . . 43 4.4.11.5.2. Login-LAT-Node AVP . . . . . . . . . . . . . 42
4.4.11.5.3. Login-LAT-Group AVP . . . . . . . . . . . . . 43 4.4.11.5.3. Login-LAT-Group AVP . . . . . . . . . . . . . 42
4.4.11.5.4. Login-LAT-Port AVP . . . . . . . . . . . . . 43 4.4.11.5.4. Login-LAT-Port AVP . . . . . . . . . . . . . 42
4.5. NAS Tunneling AVPs . . . . . . . . . . . . . . . . . . . . 44 4.5. NAS Tunneling AVPs . . . . . . . . . . . . . . . . . . . . 43
4.5.1. Tunneling AVP . . . . . . . . . . . . . . . . . . . . 44 4.5.1. Tunneling AVP . . . . . . . . . . . . . . . . . . . . 43
4.5.2. Tunnel-Type AVP . . . . . . . . . . . . . . . . . . . 45 4.5.2. Tunnel-Type AVP . . . . . . . . . . . . . . . . . . . 44
4.5.3. Tunnel-Medium-Type AVP . . . . . . . . . . . . . . . . 45 4.5.3. Tunnel-Medium-Type AVP . . . . . . . . . . . . . . . . 44
4.5.4. Tunnel-Client-Endpoint AVP . . . . . . . . . . . . . . 45 4.5.4. Tunnel-Client-Endpoint AVP . . . . . . . . . . . . . . 44
4.5.5. Tunnel-Server-Endpoint AVP . . . . . . . . . . . . . . 46 4.5.5. Tunnel-Server-Endpoint AVP . . . . . . . . . . . . . . 45
4.5.6. Tunnel-Password AVP . . . . . . . . . . . . . . . . . 47 4.5.6. Tunnel-Password AVP . . . . . . . . . . . . . . . . . 46
4.5.7. Tunnel-Private-Group-Id AVP . . . . . . . . . . . . . 47 4.5.7. Tunnel-Private-Group-Id AVP . . . . . . . . . . . . . 46
4.5.8. Tunnel-Assignment-Id AVP . . . . . . . . . . . . . . . 47 4.5.8. Tunnel-Assignment-Id AVP . . . . . . . . . . . . . . . 46
4.5.9. Tunnel-Preference AVP . . . . . . . . . . . . . . . . 49 4.5.9. Tunnel-Preference AVP . . . . . . . . . . . . . . . . 48
4.5.10. Tunnel-Client-Auth-Id AVP . . . . . . . . . . . . . . 49 4.5.10. Tunnel-Client-Auth-Id AVP . . . . . . . . . . . . . . 48
4.5.11. Tunnel-Server-Auth-Id AVP . . . . . . . . . . . . . . 49 4.5.11. Tunnel-Server-Auth-Id AVP . . . . . . . . . . . . . . 48
4.6. NAS Accounting AVPs . . . . . . . . . . . . . . . . . . . 50 4.6. NAS Accounting AVPs . . . . . . . . . . . . . . . . . . . 49
4.6.1. Accounting-Input-Octets AVP . . . . . . . . . . . . . 51 4.6.1. Accounting-Input-Octets AVP . . . . . . . . . . . . . 50
4.6.2. Accounting-Output-Octets AVP . . . . . . . . . . . . . 51 4.6.2. Accounting-Output-Octets AVP . . . . . . . . . . . . . 50
4.6.3. Accounting-Input-Packets AVP . . . . . . . . . . . . . 51 4.6.3. Accounting-Input-Packets AVP . . . . . . . . . . . . . 50
4.6.4. Accounting-Output-Packets AVP . . . . . . . . . . . . 51 4.6.4. Accounting-Output-Packets AVP . . . . . . . . . . . . 50
4.6.5. Acct-Session-Time AVP . . . . . . . . . . . . . . . . 51 4.6.5. Acct-Session-Time AVP . . . . . . . . . . . . . . . . 50
4.6.6. Acct-Authentic AVP . . . . . . . . . . . . . . . . . . 52 4.6.6. Acct-Authentic AVP . . . . . . . . . . . . . . . . . . 51
4.6.7. Accounting-Auth-Method AVP . . . . . . . . . . . . . . 52 4.6.7. Accounting-Auth-Method AVP . . . . . . . . . . . . . . 51
4.6.8. Acct-Delay-Time AVP . . . . . . . . . . . . . . . . . 52 4.6.8. Acct-Delay-Time AVP . . . . . . . . . . . . . . . . . 51
4.6.9. Acct-Link-Count AVP . . . . . . . . . . . . . . . . . 52 4.6.9. Acct-Link-Count AVP . . . . . . . . . . . . . . . . . 51
4.6.10. Acct-Tunnel-Connection AVP . . . . . . . . . . . . . . 53 4.6.10. Acct-Tunnel-Connection AVP . . . . . . . . . . . . . . 52
4.6.11. Acct-Tunnel-Packets-Lost AVP . . . . . . . . . . . . . 53 4.6.11. Acct-Tunnel-Packets-Lost AVP . . . . . . . . . . . . . 52
5. AVP Occurrence Tables . . . . . . . . . . . . . . . . . . . . 53 5. AVP Occurrence Tables . . . . . . . . . . . . . . . . . . . . 52
5.1. AA-Request/Answer AVP Table . . . . . . . . . . . . . . . 54 5.1. AA-Request/Answer AVP Table . . . . . . . . . . . . . . . 53
5.2. Accounting AVP Tables . . . . . . . . . . . . . . . . . . 56 5.2. Accounting AVP Tables . . . . . . . . . . . . . . . . . . 55
5.2.1. Framed Access Accounting AVP Table . . . . . . . . . . 57 5.2.1. Framed Access Accounting AVP Table . . . . . . . . . . 56
5.2.2. Non-Framed Access Accounting AVP Table . . . . . . . . 59 5.2.2. Non-Framed Access Accounting AVP Table . . . . . . . . 58
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 60 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 59
7. Security Considerations . . . . . . . . . . . . . . . . . . . 60 7. Security Considerations . . . . . . . . . . . . . . . . . . . 59
8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 61 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 60
8.1. Normative References . . . . . . . . . . . . . . . . . . . 61 8.1. Normative References . . . . . . . . . . . . . . . . . . . 60
8.2. Informative References . . . . . . . . . . . . . . . . . . 62 8.2. Informative References . . . . . . . . . . . . . . . . . . 61
Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 64 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 63
A.1. RFC 4005 . . . . . . . . . . . . . . . . . . . . . . . . . 64 A.1. RFC 4005 . . . . . . . . . . . . . . . . . . . . . . . . . 63
A.2. RFC 4005bis . . . . . . . . . . . . . . . . . . . . . . . 65 A.2. RFC 4005bis . . . . . . . . . . . . . . . . . . . . . . . 64
1. Introduction 1. Introduction
This document describes the Diameter protocol application used for This document describes the Diameter protocol application used for
AAA in the Network Access Server (NAS) environment. When combined AAA in the Network Access Server (NAS) environment. When combined
with the Diameter Base protocol [I-D.ietf-dime-rfc3588bis], Transport with the Diameter Base protocol [I-D.ietf-dime-rfc3588bis], Transport
Profile [RFC3539], and EAP [RFC4072] specifications, this Profile [RFC3539], and EAP [RFC4072] specifications, this
specification satisfies the NAS-related requirements defined in specification satisfies the NAS-related requirements defined in
[RFC2989] and [RFC3169]. [RFC2989] and [RFC3169].
skipping to change at page 6, line 15 skipping to change at page 6, line 15
IPX (Internet Packet Exchange) IPX (Internet Packet Exchange)
The network protocol used by NetWare networks [IPX]. The network protocol used by NetWare networks [IPX].
L2TP (Layer Two Tunneling Protocol) L2TP (Layer Two Tunneling Protocol)
L2TP [RFC3931] provides a dynamic mechanism for tunneling Layer 2 L2TP [RFC3931] provides a dynamic mechanism for tunneling Layer 2
"circuits" across a packet-oriented data network. "circuits" across a packet-oriented data network.
LAC (L2TP Access Concentrator) LAC (L2TP Access Concentrator)
An L2TP Control Connection Endpoint being used tocross-connect an An L2TP Control Connection Endpoint being used to cross-connect an
L2TP session directly to a data link [RFC3931]. L2TP session directly to a data link [RFC3931].
LAT (Local Area Transport) LAT (Local Area Transport)
A Digital Equipment Corp. LAN protocol for terminal services A Digital Equipment Corp. LAN protocol for terminal services
[LAT]. [LAT].
LCP (Link Control Protocol) LCP (Link Control Protocol)
One of the three major components of PPP [RFC1661]. LCP is used One of the three major components of PPP [RFC1661]. LCP is used
to automatically agree upon encapsulation format options, handle to automatically agree upon encapsulation format options, handle
varying limits on sizes of packets, detect a looped-back link and varying limits on sizes of packets, detect a looped-back link and
other common misconfiguration errors, and terminate the link. other common misconfiguration errors, and terminate the link.
Other optional facilities provided are authentication of the Other optional facilities provided are authentication of the
identity of its peer on the link, and determination when a link is identity of its peer on the link, and determination when a link is
functioning properly and when it is failing. functioning properly and when it is failing.
PAC (PPTP Access Concentrator)
A device attached to one or more Public Switched Telephone Network
(PSTN) or Integrated Services Digtal Network (ISDN) lines capable
of PPP operation and of handling PPTP [RFC2637].
PPTP (Point-to-Point Tunneling Protocol) PPTP (Point-to-Point Tunneling Protocol)
A protocol which allows PPP to be tunneled through an IP network A protocol which allows PPP to be tunneled through an IP network
[RFC2637]. [RFC2637].
VPN (Virtual Private Network) VPN (Virtual Private Network)
In this document, this term is used to describe access services In this document, this term is used to describe access services
that use tunneling methods. that use tunneling methods.
1.2. Requirements Language 1.2. Requirements Language
skipping to change at page 19, line 30 skipping to change at page 19, line 30
[ Redirected-Host-Usage ] [ Redirected-Host-Usage ]
[ Redirected-Max-Cache-Time ] [ Redirected-Max-Cache-Time ]
* [ Proxy-Info ] * [ Proxy-Info ]
* [ AVP ] * [ AVP ]
3.9. Accounting-Request (ACR) Command 3.9. Accounting-Request (ACR) Command
The ACR message [I-D.ietf-dime-rfc3588bis] is sent by the NAS to The ACR message [I-D.ietf-dime-rfc3588bis] is sent by the NAS to
report its session information to a target server downstream. report its session information to a target server downstream.
Either the Acct-Application-Id AVP or the Vendor-Specific- The Acct-Application-Id AVP MUST be present.
Application-Id AVP MUST be present. If the Vendor-Specific-
Application-Id grouped AVP is present, it must have an Acct-
Application-Id inside.
The AVPs listed in the Base protocol specification The AVPs listed in the Base protocol specification
[I-D.ietf-dime-rfc3588bis] MUST be assumed to be present, as [I-D.ietf-dime-rfc3588bis] MUST be assumed to be present, as
appropriate. NAS service-specific accounting AVPs SHOULD be present appropriate. NAS service-specific accounting AVPs SHOULD be present
as described in Section 4.6 and the rest of this specification. as described in Section 4.6 and the rest of this specification.
Message Format Message Format
<AC-Request> ::= < Diameter Header: 271, REQ, PXY > <AC-Request> ::= < Diameter Header: 271, REQ, PXY >
< Session-Id > < Session-Id >
{ Origin-Host } { Origin-Host }
{ Origin-Realm } { Origin-Realm }
{ Destination-Realm } { Destination-Realm }
{ Accounting-Record-Type } { Accounting-Record-Type }
{ Accounting-Record-Number } { Accounting-Record-Number }
[ Acct-Application-Id ] { Acct-Application-Id }
[ Vendor-Specific-Application-Id ]
[ User-Name ] [ User-Name ]
[ Accounting-Sub-Session-Id ] [ Accounting-Sub-Session-Id ]
[ Acct-Session-Id ] [ Acct-Session-Id ]
[ Acct-Multi-Session-Id ] [ Acct-Multi-Session-Id ]
[ Origin-AAA-Protocol ] [ Origin-AAA-Protocol ]
[ Origin-State-Id ] [ Origin-State-Id ]
[ Destination-Host ] [ Destination-Host ]
[ Event-Timestamp ] [ Event-Timestamp ]
[ Acct-Delay-Time ] [ Acct-Delay-Time ]
[ NAS-Identifier ] [ NAS-Identifier ]
[ NAS-IP-Address ] [ NAS-IP-Address ]
[ NAS-IPv6-Address ] [ NAS-IPv6-Address ]
[ NAS-Port ] [ NAS-Port ]
[ NAS-Port-Id ] [ NAS-Port-Id ]
[ NAS-Port-Type ] [ NAS-Port-Type ]
* [ Class ] * [ Class ]
skipping to change at page 21, line 38 skipping to change at page 21, line 34
The ACA message [I-D.ietf-dime-rfc3588bis] is used to acknowledge an The ACA message [I-D.ietf-dime-rfc3588bis] is used to acknowledge an
Accounting-Request command. The Accounting-Answer command contains Accounting-Request command. The Accounting-Answer command contains
the same Session-Id as the Request. If the Accounting-Request was the same Session-Id as the Request. If the Accounting-Request was
protected by end-to-end security, then the corresponding ACA message protected by end-to-end security, then the corresponding ACA message
MUST be protected as well. MUST be protected as well.
Only the target Diameter Server or home Diameter Server SHOULD Only the target Diameter Server or home Diameter Server SHOULD
respond with the Accounting-Answer command. respond with the Accounting-Answer command.
Either the Acct-Application-Id AVP or the Vendor-Specific- Either the Acct-Application-Id AVP MUST be present, as it was in the
Application-Id AVP MUST be present, as it was in the request. request.
The AVPs listed in the Base protocol specification The AVPs listed in the Base protocol specification
[I-D.ietf-dime-rfc3588bis] MUST be assumed to be present, as [I-D.ietf-dime-rfc3588bis] MUST be assumed to be present, as
appropriate. NAS service-specific accounting AVPs SHOULD be present appropriate. NAS service-specific accounting AVPs SHOULD be present
as described in Section 4.6 and the rest of this specification. as described in Section 4.6 and the rest of this specification.
Message Format Message Format
<AC-Answer> ::= < Diameter Header: 271, PXY > <AC-Answer> ::= < Diameter Header: 271, PXY >
< Session-Id > < Session-Id >
{ Result-Code } { Result-Code }
{ Origin-Host } { Origin-Host }
{ Origin-Realm } { Origin-Realm }
{ Accounting-Record-Type } { Accounting-Record-Type }
{ Accounting-Record-Number } { Accounting-Record-Number }
[ Acct-Application-Id ] { Acct-Application-Id }
[ Vendor-Specific-Application-Id ]
[ User-Name ] [ User-Name ]
[ Accounting-Sub-Session-Id ] [ Accounting-Sub-Session-Id ]
[ Acct-Session-Id ] [ Acct-Session-Id ]
[ Acct-Multi-Session-Id ] [ Acct-Multi-Session-Id ]
[ Event-Timestamp ] [ Event-Timestamp ]
[ Error-Message ] [ Error-Message ]
[ Error-Reporting-Host ] [ Error-Reporting-Host ]
* [ Failed-AVP ] * [ Failed-AVP ]
[ Origin-AAA-Protocol ] [ Origin-AAA-Protocol ]
[ Origin-State-Id ] [ Origin-State-Id ]
skipping to change at page 25, line 31 skipping to change at page 25, line 31
4.2.5. Called-Station-Id AVP 4.2.5. Called-Station-Id AVP
The Called-Station-Id AVP (AVP Code 30) is of type UTF8String and The Called-Station-Id AVP (AVP Code 30) is of type UTF8String and
allows the NAS to send the ASCII string describing the Layer 2 allows the NAS to send the ASCII string describing the Layer 2
address the user contacted in the request. For dialup access, this address the user contacted in the request. For dialup access, this
can be a phone number obtained by using the Dialed Number can be a phone number obtained by using the Dialed Number
Identification Service (DNIS) or a similar technology. Note that Identification Service (DNIS) or a similar technology. Note that
this may be different from the phone number the call comes in on. this may be different from the phone number the call comes in on.
For use with IEEE 802 access, the Called-Station-Id MAY contain a MAC For use with IEEE 802 access, the Called-Station-Id MAY contain a MAC
address formatted as described in [RFC3580]. It SHOULD only be address formatted as described in [RFC3580].
present in authentication and/or authorization requests.
If the Called-Station-Id AVP is present in an AAR message, Auth- If the Called-Station-Id AVP is present in an AAR message, Auth-
Request-Type AVP is set to AUTHORIZE_ONLY and the User-Name AVP is Request-Type AVP is set to AUTHORIZE_ONLY and the User-Name AVP is
absent, the Diameter Server MAY perform authorization based on this absent, the Diameter Server MAY perform authorization based on this
AVP. This can be used by a NAS to request whether a call should be AVP. This can be used by a NAS to request whether a call should be
answered based on the DNIS result. answered based on the DNIS result.
The codification of this field's allowed usage range is outside the The codification of this field's allowed usage range is outside the
scope of this specification. scope of this specification.
4.2.6. Calling-Station-Id AVP 4.2.6. Calling-Station-Id AVP
The Calling-Station-Id AVP (AVP Code 31) is of type UTF8String and The Calling-Station-Id AVP (AVP Code 31) is of type UTF8String and
allows the NAS to send the ASCII string describing the Layer 2 allows the NAS to send the ASCII string describing the Layer 2
address from which the user connected in the request. For dialup address from which the user connected in the request. For dialup
access, this is the phone number the call came from, using Automatic access, this is the phone number the call came from, using Automatic
Number Identification (ANI) or a similar technology. For use with Number Identification (ANI) or a similar technology. For use with
IEEE 802 access, the Calling-Station-Id AVP MAY contain a MAC IEEE 802 access, the Calling-Station-Id AVP MAY contain a MAC
address, formated as described in [RFC3580]. It SHOULD only be address, formated as described in [RFC3580].
present in authentication and/or authorization requests.
If the Calling-Station-Id AVP is present in an AAR message, the Auth- If the Calling-Station-Id AVP is present in an AAR message, the Auth-
Request-Type AVP is set to AUTHORIZE_ONLY and the User-Name AVP is Request-Type AVP is set to AUTHORIZE_ONLY and the User-Name AVP is
absent, the Diameter Server MAY perform authorization based on the absent, the Diameter Server MAY perform authorization based on the
value of this AVP. This can be used by a NAS to request whether a value of this AVP. This can be used by a NAS to request whether a
call should be answered based on the Layer 2 address (ANI, MAC call should be answered based on the Layer 2 address (ANI, MAC
Address, etc.) Address, etc.)
The codification of this field's allowed usage range is outside the The codification of this field's allowed usage range is outside the
scope of this specification. scope of this specification.
skipping to change at page 47, line 44 skipping to change at page 46, line 44
4.5.8. Tunnel-Assignment-Id AVP 4.5.8. Tunnel-Assignment-Id AVP
The Tunnel-Assignment-Id AVP (AVP Code 82) is of type OctetString and The Tunnel-Assignment-Id AVP (AVP Code 82) is of type OctetString and
is used to indicate to the tunnel initiator the particular tunnel to is used to indicate to the tunnel initiator the particular tunnel to
which a session is to be assigned. Some tunneling protocols, such as which a session is to be assigned. Some tunneling protocols, such as
PPTP [RFC2637] and L2TP [RFC3931], allow for sessions between the PPTP [RFC2637] and L2TP [RFC3931], allow for sessions between the
same two tunnel endpoints to be multiplexed over the same tunnel and same two tunnel endpoints to be multiplexed over the same tunnel and
also for a given session to use its own dedicated tunnel. This also for a given session to use its own dedicated tunnel. This
attribute provides a mechanism for Diameter to inform the tunnel attribute provides a mechanism for Diameter to inform the tunnel
initiator (e.g., PAC, LAC) whether to assign the session to a initiator (for example, a LAC) whether to assign the session to a
multiplexed tunnel or to a separate tunnel. Furthermore, it allows multiplexed tunnel or to a separate tunnel. Furthermore, it allows
for sessions sharing multiplexed tunnels to be assigned to different for sessions sharing multiplexed tunnels to be assigned to different
multiplexed tunnels. multiplexed tunnels.
A particular tunneling implementation may assign differing A particular tunneling implementation may assign differing
characteristics to particular tunnels. For example, different characteristics to particular tunnels. For example, different
tunnels may be assigned different QoS parameters. Such tunnels may tunnels may be assigned different QoS parameters. Such tunnels may
be used to carry either individual or multiple sessions. The Tunnel- be used to carry either individual or multiple sessions. The Tunnel-
Assignment-Id attribute thus allows the Diameter server to indicate Assignment-Id attribute thus allows the Diameter server to indicate
that a particular session is to be assigned to a tunnel providing an that a particular session is to be assigned to a tunnel providing an
skipping to change at page 61, line 24 skipping to change at page 60, line 24
8.1. Normative References 8.1. Normative References
[ANITypes] NANPA Number Resource Info, "ANI [ANITypes] NANPA Number Resource Info, "ANI
Assignments", <http://www.nanpa.com/ Assignments", <http://www.nanpa.com/
number_resource_info/ number_resource_info/
ani_ii_assignments.html>. ani_ii_assignments.html>.
[I-D.ietf-dime-rfc3588bis] Fajardo, V., Arkko, J., Loughney, J., and [I-D.ietf-dime-rfc3588bis] Fajardo, V., Arkko, J., Loughney, J., and
G. Zorn, "Diameter Base Protocol", G. Zorn, "Diameter Base Protocol",
draft-ietf-dime-rfc3588bis-26 (work in draft-ietf-dime-rfc3588bis-29 (work in
progress), January 2011. progress), August 2011.
[RADIUSTypes] IANA, "RADIUS Types", <http:// [RADIUSTypes] IANA, "RADIUS Types", <http://
www.iana.org/assignments/radius-types>. www.iana.org/assignments/radius-types>.
[RFC1994] Simpson, W., "PPP Challenge Handshake [RFC1994] Simpson, W., "PPP Challenge Handshake
Authentication Protocol (CHAP)", Authentication Protocol (CHAP)",
RFC 1994, August 1996. RFC 1994, August 1996.
[RFC2119] Bradner, S., "Key words for use in RFCs [RFC2119] Bradner, S., "Key words for use in RFCs
to Indicate Requirement Levels", BCP 14, to Indicate Requirement Levels", BCP 14,
skipping to change at page 65, line 29 skipping to change at page 64, line 29
Author's Address Author's Address
Glen Zorn Glen Zorn
Network Zen Network Zen
227/358 Thanon Sanphawut 227/358 Thanon Sanphawut
Bang Na, Bangkok 10260 Bang Na, Bangkok 10260
Thailand Thailand
Phone: +66 (0) 87-040-4617 Phone: +66 (0) 87-040-4617
EMail: gwz@net-zen.net EMail: glenzorn@gmail.com
 End of changes. 24 change blocks. 
121 lines changed or deleted 108 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/