[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Review of draft-ietf-radext-vlan-02.txt

To: <radiusext@ops.ietf.org>
Subject: RE: Review of draft-ietf-radext-vlan-02.txt
From: "Nelson, David" <dnelson@enterasys.com>
Date: Tue, 18 Apr 2006 18:22:44 -0400

Paul Congdon writes...

> Since we are talking mostly about VLANs in this draft, I suggest
> replacing 802.1D with 802.1Q below.

OK.

> The last sentence seems to drop things off sharply. In all cases, the
> assumption is one user per port.  In the case of 'virtual ports' there
> may be multiple users on the same 'physical port'.  How about the
> following modifications...
> 
> If a NAS implementation, conforming to this document,
> supports "virtual ports", it may be possible to provision
> those "virtual ports" with unique values of the attributes
> described in this document allowing multiple users sharing
> the same physical port to have a unique set of authorization
> parameters.  The authorization parameters are applied on a
> per user basis and it is expected that there is a single user
> per port however in some cases that port may be a "virtual
> port".

That looks good to me.

Integrating your suggestions, and wordsmithing slightly, we would then
have:

<quote>

The semantics of the RADIUS attributes described in this
document apply to a single instance of a NAS port, or more
specifically an IEEE 802.1Q bridge port.  The underlying IEEE
802 standards, as listed in the references section, do not
recognize finer management granularity than "per port".  In 
some cases, such as with IEEE 802.11 wireless LANs, the concept
of a "virtual port" is used in place of the physical port. 
Such virtual ports are typically based on security associations
and scoped by station, or MAC address.

If a NAS implementation, conforming to this document,
supports "virtual ports", it may be possible to provision
those "virtual ports" with unique values of the attributes
described in this document allowing multiple users sharing
the same physical port to each have a unique set of authorization
parameters.  The authorization parameters are applied on a
per user basis and it is expected that there is a single user
per port, however in some cases that port may be a "virtual
port".

</quote>

How does this text look?

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Prev by Date: RE: Review of draft-ietf-radext-vlan-02.txt
Next by Date: New Issue: RE: RADEXT WG last call on VLAN and Priority Document
Previous by thread: RE: Review of draft-ietf-radext-vlan-02.txt
Next by thread: RE: Review of draft-ietf-radext-vlan-02.txt
Index(es):
- Date
- Thread