draft-ietf-radext-vlan-01.txt   draft-ietf-radext-vlan-02.txt 
Network Working Group Paul Congdon Network Working Group Paul Congdon
INTERNET-DRAFT Mauricio Sanchez INTERNET-DRAFT Mauricio Sanchez
Category: Proposed Standard Hewlett-Packard Company Category: Proposed Standard Hewlett-Packard Company
<draft-ietf-radext-vlan-01.txt> Bernard Aboba <draft-ietf-radext-vlan-02.txt> Bernard Aboba
22 March 2006 Microsoft Corporation 26 March 2006 Microsoft Corporation
RADIUS Attributes for Virtual LAN and Priority Support RADIUS Attributes for Virtual LAN and Priority Support
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 32 skipping to change at page 1, line 32
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on September 10, 2006. This Internet-Draft will expire on October 10, 2006.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society 2006. Copyright (C) The Internet Society 2006.
Abstract Abstract
This document proposes additional RADIUS (Remote Authentication Dial This document proposes additional RADIUS (Remote Authentication Dial
In User Service) attributes for dynamic Virtual LAN assignment and In User Service) attributes for dynamic Virtual LAN assignment and
prioritization, for use by IEEE 802.1X authenticators. These prioritization, for use by IEEE 802.1X authenticators. These
skipping to change at page 3, line 9 skipping to change at page 3, line 9
ACKNOWLEDGMENTS .............................................. 12 ACKNOWLEDGMENTS .............................................. 12
AUTHORS' ADDRESSES ........................................... 12 AUTHORS' ADDRESSES ........................................... 12
Intellectual Property Statement............................... 13 Intellectual Property Statement............................... 13
Disclaimer of Validity........................................ 13 Disclaimer of Validity........................................ 13
Full Copyright Statement ..................................... 13 Full Copyright Statement ..................................... 13
1. Introduction 1. Introduction
IEEE 802.1X [IEEE-802.1X] provides "network port authentication" for IEEE 802.1X [IEEE-802.1X] provides "network port authentication" for
IEEE 802 [IEEE-802] media, including Ethernet [IEEE-802.3], Token IEEE 802 [IEEE-802] media, including Ethernet [IEEE-802.3], Token
Ring and 802.11 wireless LANs [IEEE-802.11i]. Ring and 802.11 wireless LANs [IEEE-802.11][IEEE-802.11i].
This document describes Virtual LAN (VLAN) and re-prioritization This document describes Virtual LAN (VLAN) and re-prioritization
attributes that may prove useful for provisioning of access to IEEE attributes that may prove useful for provisioning of access to IEEE
802 local area networks with the Remote Authentication Dialin User 802 local area networks with the Remote Authentication Dialin User
Service (RADIUS). Service (RADIUS).
While [RFC3580] enables support for VLAN assignment based on the While [RFC3580] enables support for VLAN assignment based on the
tunnel attributes defined in [RFC2868], it does not provide support tunnel attributes defined in [RFC2868], it does not provide support
for a more complete set of VLAN functionality as defined by for a more complete set of VLAN functionality as defined by
[IEEE-802.1Q]. The attributes defined in this document provide [IEEE-802.1Q]. The attributes defined in this document provide
skipping to change at page 4, line 11 skipping to change at page 4, line 11
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
1.3. Attribute Interpretation 1.3. Attribute Interpretation
If a NAS conforming to this specification receives an Access-Accept If a NAS conforming to this specification receives an Access-Accept
packet containing an attribute defined in this document which it packet containing an attribute defined in this document which it
cannot apply, it MUST act as though it had received an Access-Reject. cannot apply, it MUST act as though it had received an Access-Reject.
Similarly, [RFC3576] requires that a NAS receiving a CoA-Request Similarly, [RFC3576] requires that a NAS receiving a Change of
containing an unsupported attribute reply with a CoA-NAK. It is Authorization Request (CoA-Request) containing an unsupported
recommended that an Error-Cause attribute with value set to attribute reply with a CoA-NAK. It is recommended that an Error-
"Unsupported Attribute" (401) be included in the packet. As noted in Cause attribute with value set to "Unsupported Attribute" (401) be
[RFC3576], authorization changes are atomic so that this situation included in the packet. As noted in [RFC3576], authorization changes
does not result in session termination and the pre-existing are atomic so that this situation does not result in session
configuration remains unchanged. As a result, no accounting packets termination and the pre-existing configuration remains unchanged. As
should be generated. a result, no accounting packets should be generated.
2. Attributes 2. Attributes
2.1. Egress-VLANID 2.1. Egress-VLANID
Description Description
The Egress-VLANID attribute represents an allowed IEEE 802 Egress The Egress-VLANID attribute represents an allowed IEEE 802 Egress
VLANID for this port, indicating if the VLANID is allowed for VLANID for this port, indicating if the VLANID is allowed for
tagged or untagged packets as well as the VLANID. tagged or untagged packets as well as the VLANID.
skipping to change at page 10, line 42 skipping to change at page 10, line 42
[IEEE-802.1D] [IEEE-802.1D]
IEEE Standards for Local and Metropolitan Area Networks: Media IEEE Standards for Local and Metropolitan Area Networks: Media
Access Control (MAC) Bridges, IEEE Std 802.1D-2004, June 2004. Access Control (MAC) Bridges, IEEE Std 802.1D-2004, June 2004.
[IEEE-802.1Q] [IEEE-802.1Q]
IEEE Standards for Local and Metropolitan Area Networks: Draft IEEE Standards for Local and Metropolitan Area Networks: Draft
Standard for Virtual Bridged Local Area Networks, Standard for Virtual Bridged Local Area Networks,
P802.1Q-2003, January 2003. P802.1Q-2003, January 2003.
[IEEE-802.1X] [IEEE802.1X]
IEEE Standards for Local and Metropolitan Area Networks: Port IEEE Standards for Local and Metropolitan Area Networks: Port
based Network Access Control, IEEE Std 802.1X-2004, August based Network Access Control, IEEE Std 802.1X-2004, December
2004. 2004.
7.2. Informative references 7.2. Informative references
[RFC2607] Aboba, B. and J. Vollbrecht, "Proxy Chaining and Policy [RFC2607] Aboba, B. and J. Vollbrecht, "Proxy Chaining and Policy
Implementation in Roaming", RFC 2607, June 1999. Implementation in Roaming", RFC 2607, June 1999.
[RFC2868] Zorn, G., Leifer, D., Rubens, A., Shriver, J., Holdrege, M. [RFC2868] Zorn, G., Leifer, D., Rubens, A., Shriver, J., Holdrege, M.
and I. Goyret, "RADIUS Attributes for Tunnel Protocol and I. Goyret, "RADIUS Attributes for Tunnel Protocol
Support", RFC 2868, June 2000. Support", RFC 2868, June 2000.
skipping to change at page 11, line 44 skipping to change at page 11, line 44
area networks - Common specifications - Part 3: Carrier Sense area networks - Common specifications - Part 3: Carrier Sense
Multiple Access with Collision Detection (CSMA/CD) Access Multiple Access with Collision Detection (CSMA/CD) Access
Method and Physical Layer Specifications, (also ANSI/IEEE Std Method and Physical Layer Specifications, (also ANSI/IEEE Std
802.3- 1996), 1996. 802.3- 1996), 1996.
[IEEE-802.11] [IEEE-802.11]
Information technology - Telecommunications and information Information technology - Telecommunications and information
exchange between systems - Local and metropolitan area exchange between systems - Local and metropolitan area
networks - Specific Requirements Part 11: Wireless LAN Medium networks - Specific Requirements Part 11: Wireless LAN Medium
Access Control (MAC) and Physical Layer (PHY) Specifications, Access Control (MAC) and Physical Layer (PHY) Specifications,
IEEE Std. 802.11-1999, 1999. IEEE Std. 802.11- 2003, 2003.
[IEEE-802.11i] [IEEE802.11i]
Institute of Electrical and Electronics Engineers, "Supplement Institute of Electrical and Electronics Engineers, "Supplement
to Standard for Telecommunications and Information Exchange to Standard for Telecommunications and Information Exchange
Between Systems - LAN/MAN Specific Requirements - Part 11: Between Systems - LAN/MAN Specific Requirements - Part 11:
Wireless LAN Medium Access Control (MAC) and Physical Layer Wireless LAN Medium Access Control (MAC) and Physical Layer
(PHY) Specifications: Specification for Enhanced Security", (PHY) Specifications: Specification for Enhanced Security",
June 2004. IEEE 802.11i, July 2004.
Acknowledgments Acknowledgments
The authors would like to acknowledge Joseph Salowey of Cisco, David The authors would like to acknowledge Joseph Salowey of Cisco, David
Nelson of Enterasys, Chuck Black of Hewlett Packard, and Ashwin Nelson of Enterasys, Chuck Black of Hewlett Packard, and Ashwin
Palekar of Microsoft. Palekar of Microsoft.
Authors' Addresses Authors' Addresses
Paul Congdon Paul Congdon
 End of changes. 9 change blocks. 
17 lines changed or deleted 17 lines changed or added

This html diff was produced by rfcdiff 1.29, available from http://www.levkowetz.com/ietf/tools/rfcdiff/