[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Proposed Resolution to Issue 167: Compatibility with RFC 2866 and RFC 3576

To: radiusext@ops.ietf.org
Subject: Proposed Resolution to Issue 167: Compatibility with RFC 2866 and RFC 3576
From: "Bernard Aboba" <bernard_aboba@hotmail.com>
Date: Thu, 16 Mar 2006 14:12:04 -0800
Bcc:

The text of Issue 167 is enclosed below. The proposed resolution is asfollows:


In Section 1.4, change:

 1.4 Attribute Interpretation

    Unless otherwise noted in the individual description of an
    attribute contained herein, a NAS that conforms to this
    specification and receives an Access-Accept message that contains
    an attribute from this document that it cannot apply MUST
    interpret this though an Access-Reject had been sent and MUST
    terminate the session.  If accounting is enabled on the NAS, it
    MUST generate an Accounting-Request(Stop) message upon session
    termination.

    Similarly, if a NAS conforming to this specification and also
    conforming to RFC 3576 [RFC3576] receives a CoA message that
    contains an attribute from this document that it cannot apply, it
    MUST NOT terminate the session and MUST generate a CoA-NAK packet
    with ERROR-CAUSE(101) set to "Unsupported Attribute"(401).  If
    accounting is enabled on the NAS, it MUST NOT generate an
    Accounting-Request(Stop) message in such instances.

To:

 1.4 Attribute Interpretation

    Unless otherwise noted in the individual description of an
    attribute contained herein, a NAS that conforms to this
    specification and receives an Access-Accept message that contains
    an attribute from this document that it cannot apply MUST
    interpret this though an Access-Reject had been sent and MUST
    terminate the session.

    Similarly, if a NAS conforming to this specification and also
    conforming to RFC 3576 [RFC3576] receives a CoA message that
    contains an attribute from this document that it cannot apply, it
    MUST NOT terminate the session and MUST generate a CoA-NAK packet.

-----------------------------------------------------------------------------------------------------
Issue 167: Compatibility with RFC 2866 and RFC 3576
Submitter names: Bernard Aboba
Submitter email address: aboba@internaut.com
Date first submitted: January 30, 2006
Reference:
Document: IEEE 802-01
Comment type: Technical
Priority: S
Section: 1.4
Rationale/Explanation of issue:

Section 1.4 states:

 1.4 Attribute Interpretation

    Unless otherwise noted in the individual description of an
    attribute contained herein, a NAS that conforms to this
    specification and receives an Access-Accept message that contains
    an attribute from this document that it cannot apply MUST
    interpret this though an Access-Reject had been sent and MUST
    terminate the session.  If accounting is enabled on the NAS, it
    MUST generate an Accounting-Request(Stop) message upon session
    termination.

    Similarly, if a NAS conforming to this specification and also
    conforming to RFC 3576 [RFC3576] receives a CoA message that
    contains an attribute from this document that it cannot apply, it
    MUST NOT terminate the session and MUST generate a CoA-NAK packet
    with ERROR-CAUSE(101) set to "Unsupported Attribute"(401).  If
    accounting is enabled on the NAS, it MUST NOT generate an
    Accounting-Request(Stop) message in such instances.

RFC 2866 does not specify the generation of Accounting Stop messagesresulting

from Access-Reject packets.  This document is therefore requiring RADIUS
accounting clients to generate accounting records in circumstances where
they would not otherwise do so.  This raises the question of why
this particular set of attributes would cause a special case modification

to RFC 2866. Here is what RFC 3576 has to say about receipt of attributesin a CoA-Request:


 If one or more authorization changes specified in a CoA-Request
 cannot be carried out, or if one or more attributes or attribute-
 values is unsupported, a CoA-NAK MUST be sent.

On inclusion of Error-Cause attributes:

    It is possible that the NAS cannot honor Disconnect-Request or
    CoA-Request messages for some reason.  The Error-Cause Attribute
    provides more detail on the cause of the problem.  It MAY be
    included within Disconnect-ACK, Disconnect-NAK and CoA-NAK
    messages.

Since inclusion of an Error-Cause attribute is generally optional, the
second paragraph mandates behavior not required by RFC 3576.



--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- RE: Proposed Resolution to Issue 167: Compatibility with RFC 2866 and RFC 3576
  - From: "Bernard Aboba" <bernard_aboba@hotmail.com>

Prev by Date: Re: New Technical Issues RE: WG last call in progress on VLAN/Priority Draft
Next by Date: Extended attribute formats (was RE: New Technical Issues RE: WG last call in progress on VLAN/Priority Draft)
Previous by thread: Strawman VLAN -01 document
Next by thread: RE: Proposed Resolution to Issue 167: Compatibility with RFC 2866 and RFC 3576
Index(es):
- Date
- Thread