[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Issue: 802.1X dependency

To: radiusext@ops.ietf.org
Subject: Issue: 802.1X dependency
From: "Bernard Aboba" <bernard_aboba@hotmail.com>
Date: Wed, 12 Apr 2006 10:28:47 -0700
Bcc:

Description of issue: 802.1X dependency
Submitter name: Bernard Aboba
Submitter email address: aboba@internaut.com
Date first submitted: April 12th, 2006
Reference: n/a
Document: draft-ietf-radext-vlan-02
Comment type: 'E'ditorial
Priority: S
Section: Abstract, 1, 6
Rationale/Explanation of issue:

The VLAN and priority attributes are usable for provisioning of access toIEEE 802 local area networks. There is no explicit IEEE 802.1X dependencyin the document. For example, the attributes can be used with IEEE 802technologies that do not implement IEEE 802.1X, such as IEEE 802.16k.

Therefore I do not believe that IEEE 802.1X should be listed as a normativereference. Also, the goal should be larger than just supporting 802.1Xdeployments, it should be to support access to IEEE 802 local area networks.


The proposed changes are as follows:

Change the Appendix from:

"   This document proposes additional RADIUS (Remote Authentication Dial
  In User Service) attributes for dynamic Virtual LAN assignment and
  prioritization, for use by IEEE 802.1X authenticators.  These
  attributes are usable within either RADIUS or Diameter."

To:

"  This document proposes additional RADIUS (Remote Authentication Dial
  In User Service) attributes for dynamic Virtual LAN assignment and
  prioritization, for use in provisioning of access to IEEE 802 local
  area networks.  These attributes are usable within either RADIUS or
  Diameter."

Change Section 1 from:

"  IEEE 802.1X [IEEE-802.1X] provides "network port authentication" for
  IEEE 802 [IEEE-802] media, including Ethernet [IEEE-802.3], Token
  Ring and 802.11 wireless LANs [IEEE-802.11][IEEE-802.11i].

  This document describes Virtual LAN (VLAN) and re-prioritization
  attributes that may prove useful for provisioning of access to IEEE
  802 local area networks with the Remote Authentication Dialin User
  Service (RADIUS).

  While [RFC3580] enables support for VLAN assignment based on the
  tunnel attributes defined in [RFC2868], it does not provide support
  for a more complete set of VLAN functionality as defined by
  [IEEE-802.1Q].  The attributes defined in this document provide
  support within RADIUS analogous to the management variables supported
  in [IEEE-802.1Q] and MIB objects defined in [RFC4363].  In addition,
  this document enables support for a wider range of [IEEE-802.1X]
  configurations."

To:

"  This document describes Virtual LAN (VLAN) and re-prioritization
  attributes that may prove useful for provisioning of access to IEEE
  802 local area networks [IEEE-802] with the Remote Authentication
  Dialin User Service (RADIUS).

  While [RFC3580] enables support for VLAN assignment based on the
  tunnel attributes defined in [RFC2868], it does not provide support
  for a more complete set of VLAN functionality as defined by
  [IEEE-802.1Q].  The attributes defined in this document provide
  support within RADIUS analogous to the management variables supported
  in [IEEE-802.1Q] and MIB objects defined in [RFC4363].  In addition,
  this document enables support for a wider range of [IEEE-802.1X]
  configurations."

In Section 1.1, delete the definition of authenticator, since the word is nolonger used in the document.


Change the first paragraph of Section 6 from:

"  This specification describes the use of RADIUS for purposes of
  authentication, authorization and accounting in networks supporting
  [IEEE 802.1X].   Threats and security issues for this application are
  described in [RFC3579] and [RFC3580]; security issues encountered in
  roaming are described in [RFC2607]."

To:

"  This specification describes the use of RADIUS for purposes of
  authentication, authorization and accounting in IEEE 802 local area
  networks.  Threats and security issues for this application are
  described in [RFC3579] and [RFC3580]; security issues encountered in
  roaming are described in [RFC2607]."

Move the reference to 802.1X from normative to informative. Deletereferences to 802.3, 802.11 and 802.11i.




--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Prev by Date: RE: AW: Use of VLAN attributes in Accounting-Requests
Next by Date: RE: RADEXT WG Last Call on "RADIUS Delegated IPv6 Prefix Attribute"
Previous by thread: AW: Use of VLAN attributes in Accounting-Requests
Next by thread: RE: Issue: 802.1X dependency
Index(es):
- Date
- Thread