[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: NAS-Port-Type and sub-types?



Bernard Aboba writes...
 
> a. What is a NAS-Port-Type anyway?  My understanding is 
> that this attribute is mostly used to enable the RADIUS 
> server to execute link-specific policy (e.g. If 
> NAS-Port-Type="IEEE 802.11" Then Profile = 802.11-Profile).
> So my answer is that it represents link type information 
> that a RADIUS server administrator will find useful.

It may also be useful in accounting messages, if the provider is billing at
different rates for different "speeds and feeds". 
 
> b. What is the appropriate granularity for NAS-Port-Type?
> In some cases, values are more granular than a link type 
> (e.g. 3 values for ISDN), in others a single value applies 
> to multiple link technologies (e.g. Wireless -- Other).

There are two answers.  One answer is based on the granularity needed to
apply the correct policy.  The second answer is based on the granularity
needed for accurate billing.  Of course, these answers are likely to vary
from operator to operator.

> c. How should we handle new IEEE 802 technologies going forward?
> IEEE 802 is not only creating new link technologies (e.g. IEEE 
> 802.16, 802.20, etc.) they are also developing new authentication
> schemes within those technologies (e.g. IEEE 802.11r, IEEE 802.1af,
> etc.).   So how does a NAS indicate that an Access-Request is for 
> IEEE 802.11s or IEEE 802.11r rather than just IEEE 802.11, or IEEE
> 802.1af, rather than IEEE 802.3/IEEE 802.1X-2004?  Allocating a 
> NAS-Port-Type value does not seem like a good fit for that kind of 
> differentiation. 
 
This goes back to the "network selection" problem, and the discussion of
using NAS-Port-Type for that purpose.  If all RADIUS ever sees from these
technologies is EAP traffic, does it matter?  If we are to add new
authentication methods to RADIUS, as we did with Digest Auth, then it may
matter.

Glen Kramer writes...

> It's not clear what the NAS port number would be. The protocol 
> defines a port value as a 32-bit field. This isn't big enough 
> for a MAC address. But since the logical links are virtual and 
> dynamically assigned, it doesn't make lots of sense to me to 
> report a link as either "link index 12" or "LLID 13".

NAS-Port makes sense for RAS Servers and Switches; things with "ports".  It
doesn?t work for shared media (e.g. Ethernet or EPON); things with "taps".

Frank Effenberger writes...
 
> Bottom-line - it appears that they have been handing out these
> values with very little care for doing a clean job. I'm not
> sure what use this information is even put to... 
> 
> You might mention that observation, and ask for some more 
> clarification.

It might be a service to the Internet community to provide some guidance
these assignments.  I say guidance, because I don't think there can be
hard-and-fast rules.


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>