[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Extending RADIUS Attribute Space

To: "'Nelson, David'" <dnelson@enterasys.com>
Subject: RE: Extending RADIUS Attribute Space
From: Avi Lior <avi@bridgewatersystems.com>
Date: Thu, 21 Aug 2003 15:40:35 -0400
Cc: "'radiusext@ops.ietf.org'" <radiusext@ops.ietf.org>

I can't give you an example because its not possible to do this today using
RADIUS attribute.

However, EAP/TLS and EAP/PEAP, both are sending attributes that transcend
the boundary of a RADIUS packet.  So its not hard to imagine the need for
this.

As well, we have been involved in a case where someone wanted to do a packet
audit against a wireless session where a counter is reported against a range
of IP addresses. These counters and Ipaddress are stored in a container
attribute.  This container attribute would span a RADIUS accounting packet.
Note: The issue was dropped for other reasons.

My point is this, so far we have a request for addressing an issue for
allowing an attribute to be larger then that which is allowed by RADIUS.
Instead of inventing a specific scheme for that I am proposing to reuse a
solution that already exists that will address that problem *plus* another
one.


> -----Original Message-----
> From: Nelson, David [mailto:dnelson@enterasys.com] 
> Sent: Thursday, August 21, 2003 2:57 PM
> Cc: radiusext@ops.ietf.org
> Subject: RE: Extending RADIUS Attribute Space
> 
> 
> Avi Lior writes...
> 
> > Allowing for larger attributes and allowing for attributes to span
> packets
> > is not a big change.  It is in fact something that is done today
> already.
> 
> Do you have an example of an attribute that would need to be 
> so long as to span two or more packets (UDP datagrams)?
> 
> Regards,
>  
> Dave
>  
> David B. Nelson
> Wireless & AAA Architect, Office of the CTO
> Enterasys Networks, Inc.
> 50 Minuteman Road
> Andover, MA 01810-1008
> Phone: (978) 684-1330  
> E-mail: dnelson@enterasys.com
> 
> 
> --
> to unsubscribe send a message to 
> radiusext-request@ops.ietf.org with the word 'unsubscribe' in 
> a single line as the message text body.
> archive: <http://psg.com/lists/radiusext/>
> 

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- RE: Extending RADIUS Attribute Space
  - From: Randy Bush <randy@psg.com>
- Re: Extending RADIUS Attribute Space
  - From: Jari Arkko <jari.arkko@piuha.net>

Prev by Date: RE: Extending RADIUS Attribute Space
Next by Date: RE: Strawman RADIUSEXT WG charter
Previous by thread: RE: Extending RADIUS Attribute Space
Next by thread: Re: Extending RADIUS Attribute Space
Index(es):
- Date
- Thread