[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Review of draft-ietf-radext-vlan-02.txt



Bernard Aboba writes...

> It might be worthwhile to introduce some text to describe the
assumptions
> and what happens if they are violated.

How about this:

The semantics of the RADIUS attributes described in this document apply
to a single instance of a NAS port, or more specifically an IEEE 802.1D
bridge port.  The underlying IEEE 802 standards, upon which this work is
based, do not currently recognize finer management granularity than "per
port".  In some cases, such as with IEEE 802.11 wireless LANs, the
concept of a "virtual port" is used in place of the physical port.  Such
virtual ports are typically based on security associations and scoped by
station, or MAC address.

If a NAS implementation, conforming to this document, supports "virtual
ports", it may be possible to provision those "virtual ports" with
unique values of the attributes described in this document, on a per
authenticated user basis.  If the NAS does not support a "virtual port"
architecture, then the one user, one port, one set of authorization
parameters assumption applies.



--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>