[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Final call for consensus poll for IANA #409959 NAS-Port-Type value request

To: Alper Yegin <alper.yegin@yegin.org>
Subject: Re: Final call for consensus poll for IANA #409959 NAS-Port-Type value request
From: Alan DeKok <aland@deployingradius.com>
Date: Mon, 23 May 2011 10:59:32 +0200
Cc: 'Stefan Winter' <stefan.winter@restena.lu>, "'Sanchez, Mauricio $HP Networking$'" <mauricio.sanchez@hp.com>, radiusext@ops.ietf.org
In-reply-to: <001201cc18e3$faf75de0$f0e619a0$@yegin@yegin.org>
References: <9BC2F7926B33FE4AB10D69891D58FC1C5C72F203A9@GVW0671EXC.americas.hpqcorp.net> <9BC2F7926B33FE4AB10D69891D58FC1C5C72F204E4@GVW0671EXC.americas.hpqcorp.net> <4DD37259.9010005@restena.lu> <001201cc18e3$faf75de0$f0e619a0$@yegin@yegin.org>
User-agent: Thunderbird 2.0.0.24 (Macintosh/20100228)

Alper Yegin wrote:
> Historically, the NAS-port-type is associated with the L1/L2 port over
> which the âaccessâ service is provided. But with the new use of RADIUS,
> this view is no longer applicable.

  I'm not sure how the second sentence follows from the first.

> Again, consider a Mobile IP Home
> Agent node implementing RADIUS client for AAAing the MNâs registration
> requests. The L1/L2 port that receives the MN registration request has
> no significance, and it can be one of many types. Here, our thinking is,
> the âlogicalâ port is the âMobile IP Home Agentâ, and that has nothing
> to do with the L1/L2 port.

  Then how do we refer to the L1/L2 port?  Or is it even relevant?

  RFC 2865 says:

      An Access-Request SHOULD contain a NAS-Port or NAS-Port-Type
      attribute or both unless the type of access being requested does
      not involve a port or the NAS does not distinguish among its
      ports.

  So if the service being offered (Mobile IP) does not involve a port,
then the *standard* RADIUS solution is to not use NAS-Port-Type.
Instead, something else can be used.  Possibly Service-Type, or maybe
another attribute.

  This has been done for ~15 years with administrative logins.  The
administative login request contains "Service-Type = Administrative",
and often *no* NAS-Port-Type.

  Alan DeKok.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

References:
- Final call for consensus poll for IANA #409959 NAS-Port-Type value request
  - From: "Sanchez, Mauricio (HP Networking)" <mauricio.sanchez@hp.com>
- RE: Final call for consensus poll for IANA #409959 NAS-Port-Type value request
  - From: "Sanchez, Mauricio (HP Networking)" <mauricio.sanchez@hp.com>
- Re: Final call for consensus poll for IANA #409959 NAS-Port-Type value request
  - From: Stefan Winter <stefan.winter@restena.lu>
- RE: Final call for consensus poll for IANA #409959 NAS-Port-Type value request
  - From: "Alper Yegin" <alper.yegin@yegin.org>

Prev by Date: RE: Final call for consensus poll for IANA #409959 NAS-Port-Type value request
Next by Date: AD review of draft-ietf-radext-crypto-agility-requirements-06.txt
Previous by thread: RE: Final call for consensus poll for IANA #409959 NAS-Port-Type value request
Next by thread: Re: Final call for consensus poll for IANA #409959 NAS-Port-Type value request
Index(es):
- Date
- Thread