| draft-ietf-radext-vlan-04.txt | draft-ietf-radext-vlan-05.txt | |||
|---|---|---|---|---|
| Network Working Group Paul Congdon | Network Working Group Paul Congdon | |||
| INTERNET-DRAFT Mauricio Sanchez | INTERNET-DRAFT Mauricio Sanchez | |||
| Category: Proposed Standard Hewlett-Packard Company | Category: Proposed Standard Hewlett-Packard Company | |||
| <draft-ietf-radext-vlan-04.txt> Bernard Aboba | <draft-ietf-radext-vlan-05.txt> Bernard Aboba | |||
| 29 April 2006 Microsoft Corporation | 1 May 2006 Microsoft Corporation | |||
| RADIUS Attributes for Virtual LAN and Priority Support | RADIUS Attributes for Virtual LAN and Priority Support | |||
| By submitting this Internet-Draft, each author represents that any | By submitting this Internet-Draft, each author represents that any | |||
| applicable patent or other IPR claims of which he or she is aware | applicable patent or other IPR claims of which he or she is aware | |||
| have been or will be disclosed, and any of which he or she becomes | have been or will be disclosed, and any of which he or she becomes | |||
| aware will be disclosed, in accordance with Section 6 of BCP 79. | aware will be disclosed, in accordance with Section 6 of BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
| skipping to change at page 2, line 17 | skipping to change at page 2, line 17 | |||
| 1. Introduction .......................................... 3 | 1. Introduction .......................................... 3 | |||
| 1.1 Terminology ..................................... 3 | 1.1 Terminology ..................................... 3 | |||
| 1.2 Requirements Language ........................... 3 | 1.2 Requirements Language ........................... 3 | |||
| 1.3 Attribute Interpretation ........................ 3 | 1.3 Attribute Interpretation ........................ 3 | |||
| 2. Attributes ............................................ 4 | 2. Attributes ............................................ 4 | |||
| 2.1 Egress-VLANID ................................... 4 | 2.1 Egress-VLANID ................................... 4 | |||
| 2.2 Ingress-Filters ................................. 5 | 2.2 Ingress-Filters ................................. 5 | |||
| 2.3 Egress-VLAN-Name ................................ 6 | 2.3 Egress-VLAN-Name ................................ 6 | |||
| 2.4 User-Priority-Table ............................. 7 | 2.4 User-Priority-Table ............................. 7 | |||
| 3. Table of Attributes ................................... 9 | 3. Table of Attributes ................................... 9 | |||
| 4. Diameter Considerations ............................... 9 | 4. Diameter Considerations ............................... 10 | |||
| 5. IANA Considerations ................................... 9 | 5. IANA Considerations ................................... 10 | |||
| 6. Security Considerations ............................... 10 | 6. Security Considerations ............................... 10 | |||
| 7. References ............................................ 10 | 7. References ............................................ 11 | |||
| 7.1 Normative References ............................ 10 | 7.1 Normative References ............................ 11 | |||
| 7.2 Informative References .......................... 11 | 7.2 Informative References .......................... 11 | |||
| ACKNOWLEDGMENTS .............................................. 12 | ACKNOWLEDGMENTS .............................................. 12 | |||
| AUTHORS' ADDRESSES ........................................... 12 | AUTHORS' ADDRESSES ........................................... 12 | |||
| Intellectual Property Statement............................... 13 | Intellectual Property Statement............................... 13 | |||
| Disclaimer of Validity........................................ 13 | Disclaimer of Validity........................................ 13 | |||
| Full Copyright Statement ..................................... 13 | Full Copyright Statement ..................................... 13 | |||
| 1. Introduction | 1. Introduction | |||
| This document describes Virtual LAN (VLAN) and re-prioritization | This document describes Virtual LAN (VLAN) and re-prioritization | |||
| skipping to change at page 6, line 40 | skipping to change at page 6, line 40 | |||
| Description | Description | |||
| Clause 12.10.2.1.3 (a) in [IEEE-8021.Q] describes the | Clause 12.10.2.1.3 (a) in [IEEE-8021.Q] describes the | |||
| administratively assigned VLAN Name associated with a VLAN-ID | administratively assigned VLAN Name associated with a VLAN-ID | |||
| defined within an IEEE 802.1Q bridge. The Egress-VLAN-Name | defined within an IEEE 802.1Q bridge. The Egress-VLAN-Name | |||
| attribute represents an allowed VLAN for this port. It is similar | attribute represents an allowed VLAN for this port. It is similar | |||
| to the Egress-VLANID attribute, except that the VLAN-ID itself is | to the Egress-VLANID attribute, except that the VLAN-ID itself is | |||
| not specified or known; rather the VLAN name is used to identify | not specified or known; rather the VLAN name is used to identify | |||
| the VLAN within the system. | the VLAN within the system. | |||
| The tunnel attributes described in [RFC3580] and the Egress-VLAN- | ||||
| Name attribute both can be used to configure the egress VLAN for | ||||
| untagged packets. These attributes can be used concurrently and | ||||
| MAY appear in the same RADIUS packet. When they do appear | ||||
| concurrently, the list of allowed VLANs is the concatenation of | ||||
| the Egress-VLAN-Name and the Tunnel-Private-Group-ID (81) | ||||
| attributes. The Egress-VLAN-Name attribute does not alter the | ||||
| ingress VLAN for untagged traffic on a port (also known as the | ||||
| PVID). The tunnel attributes from [RFC3580] should be relied upon | ||||
| instead to set the PVID. | ||||
| The Egress-VLAN-Name attribute contains two parts; the first part | The Egress-VLAN-Name attribute contains two parts; the first part | |||
| indicates if frames on the VLAN for this port are to be | indicates if frames on the VLAN for this port are to be | |||
| represented in tagged or untagged format, the second part is the | represented in tagged or untagged format, the second part is the | |||
| VLAN name. | VLAN name. | |||
| Multiple Egress-VLAN-Name attributes MAY be included within an | Multiple Egress-VLAN-Name attributes MAY be included within an | |||
| Access-Request, Access-Accept, CoA-Request or Accounting-Request | Access-Request, Access-Accept, CoA-Request or Accounting-Request | |||
| packet; this attribute MUST NOT be sent within an Access- | packet; this attribute MUST NOT be sent within an Access- | |||
| Challenge, Access-Reject, Disconnect-Request, Disconnect-ACK, | Challenge, Access-Reject, Disconnect-Request, Disconnect-ACK, | |||
| Disconnect-NAK, CoA-ACK or CoA-NAK. Each attribute adds the named | Disconnect-NAK, CoA-ACK or CoA-NAK. Each attribute adds the named | |||
| skipping to change at page 11, line 50 | skipping to change at page 12, line 16 | |||
| "Dynamic Authorization Extensions to Remote Authentication | "Dynamic Authorization Extensions to Remote Authentication | |||
| Dial In User Service (RADIUS)", RFC 3576, July 2003. | Dial In User Service (RADIUS)", RFC 3576, July 2003. | |||
| [RFC3579] Aboba, B. and P. Calhoun, "RADIUS Support for Extensible | [RFC3579] Aboba, B. and P. Calhoun, "RADIUS Support for Extensible | |||
| Authentication Protocol (EAP)", RFC 3579, September 2003. | Authentication Protocol (EAP)", RFC 3579, September 2003. | |||
| [RFC3580] Congdon, P., Aboba, B., Smith, A., Zorn, G., Roese, J., "IEEE | [RFC3580] Congdon, P., Aboba, B., Smith, A., Zorn, G., Roese, J., "IEEE | |||
| 802.1X Remote Authentication Dial In User Service (RADIUS) | 802.1X Remote Authentication Dial In User Service (RADIUS) | |||
| Usage Guidelines", RFC3580, September 2003. | Usage Guidelines", RFC3580, September 2003. | |||
| [RFC3748] Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J. and H. | ||||
| Levkowetz, "Extensible Authentication Protocol (EAP)", RFC | ||||
| 3748, June 2004. | ||||
| [RFC4005] Calhoun, P., Zorn, G., Spence, D. and D. Mitton, "Diameter | [RFC4005] Calhoun, P., Zorn, G., Spence, D. and D. Mitton, "Diameter | |||
| Network Access Server Application", RFC 4005, August 2005. | Network Access Server Application", RFC 4005, August 2005. | |||
| [RFC4072] Eronen, P., Hiller, T., and G. Zorn, "Diameter Extensible | [RFC4072] Eronen, P., Hiller, T., and G. Zorn, "Diameter Extensible | |||
| Authentication Protocol (EAP) Application", RFC 4072, August | Authentication Protocol (EAP) Application", RFC 4072, August | |||
| 2005. | 2005. | |||
| Acknowledgments | Acknowledgments | |||
| The authors would like to acknowledge Joseph Salowey of Cisco, David | The authors would like to acknowledge Joseph Salowey of Cisco, David | |||
| End of changes. 5 change blocks. | ||||
| 10 lines changed or deleted | 17 lines changed or added | |||
This html diff was produced by rfcdiff 1.29, available from http://www.levkowetz.com/ietf/tools/rfcdiff/ | ||||