Network Working Group B. Aboba Request for Comments: 3162 Microsoft Category: Standards Track G. Zorn Cisco Systems D. Mitton Circular Logic UnLtd. August 2001 RADIUS and IPv6
Status of this Memo
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for
improvements. Plea refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2001). All Rights Rerved.
Abstract
This document specifies the operation of RADIUS (Remote
tubecup com
Authentication Dial In Ur Service) when run over IPv6 as well as
the RADIUS attributes ud to support IPv6 network access.
1. Introduction
This document specifies the operation of RADIUS [4]-[8] over IPv6
[13] as well as the RADIUS attributes ud to support IPv6 network
access.
Note that a NAS nding a RADIUS Access-Request may not know a-priori whether the host will be using IPv4, IPv6, or both. For example,
within PPP, IPv6CP [11] occurs after LCP, so that address assignment will not occur until after RADIUS authentication and authorization
has completed.
Therefore it is presumed that the IPv6 attributes described in this
document MAY be nt along with IPv4-related attributes within the
same RADIUS message and that the NAS will decide which attributes to u. The NAS SHOULD only allocate address and prefixes that the
client can actually u, however. For example, there is no need for Aboba, et al. Standards Track [Page 1]
the NAS to rerve u of an IPv4 address for a host that only
supports IPv6; similarly, a host only using IPv4 or 6to4 [12] does
not require allocation of an IPv6 prefix.
The NAS can provide IPv6 access natively, or alternatively, via other methods such as IPv6 within IPv4 tunnels [15] or 6over4 [14]. The
choice of method for providing IPv6 access has no effect on RADIUS
usage per , although if it is desired that an IPv6 within IPv4
tunnel be opened to a particular location, then tunnel attributes
should be utilized, as described in [6], [7].
1.1. Requirements language
In this document, the key words "MAY", "MUST, "MUST NOT", "optional", "recommended", "SHOULD", and "SHOULD NOT", are to be interpreted as
described in [1].
2. Attributes
2.1. NAS-IPv6-Address
Description
This Attribute indicates the identifying IPv6 Address of the NAS
which is requesting authentication of the ur, and SHOULD be
unique to the NAS within the scope of the RADIUS rver. NAS-
IPv6-Address is only ud in Access-Request packets. NAS-IPv6-
Address and/or NAS-IP-Address MAY be prent in an Access-Request packet; however, if neither attribute is prent then NAS-
Identifier MUST be prent.
A summary of the NAS-IPv6-Address Attribute format is shown below.
The fields are transmitted from left to right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Address
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Address
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Address
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Address
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
howoAboba, et al. Standards Track [Page 2]
Type
95 for NAS-IPv6-Address
Length
18
Address
The Address field is 16 octets.
3.2. Framed-Interface-Id
Description
This Attribute indicates the IPv6 interface identifier to be
configured for the ur. It MAY be ud in Access-Accept packets. If the Interface-Identifier IPv6CP option [11] has been
successfully negotiated, this Attribute MUST be included in an
Access-Request packet as a hint by the NAS to the rver that it
grocerywould prefer that value. It is recommended, but not required,
that the rver honor the hint.
A summary of the Framed-Interface-Id Attribute format is shown below. The fields are transmitted from left to right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Interface-Id
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Interface-Id
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+sdf
Interface-Id |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
96 for Framed-Interface-Id
Length
10
Interface-Id
The Interface-Id field is 8 octets.
Aboba, et al. Standards Track [Page 3]
2.3. Framed-IPv6-Prefix
Description
This Attribute indicates an IPv6 prefix (and corresponding route) to be configured for the ur. It MAY be ud in Access-Accept
packets, and can appear multiple times. It MAY be ud in an
aiwenAccess-Request packet as a hint by the NAS to the rver that it梅林传奇第5季
would prefer the prefix(es), but the rver is not required to
honor the hint. Since it is assumed that the NAS will plumb a
route corresponding to the prefix, it is not necessary for the
rver to also nd a Framed-IPv6-Route attribute for the same
prefix.
A summary of the Framed-IPv6-Prefix Attribute format is shown below. The fields are transmitted from left to right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Rerved | Prefix-Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Prefix
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Prefix
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+mr怎么读
Prefix
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Prefix |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
97 for Framed-IPv6-Prefix
Length
At least 4 and no larger than 20.
Rerved
This field, which is rerved and MUST be prent, is always t
to zero.
Prefix-Length
The length of the prefix, in bits. At least 0 and no larger than 128.
Aboba, et al. Standards Track [Page 4]
Prefix
The Prefix field is up to 16 octets in length. Bits outside of
the Prefix-Length, if included, must be zero.播音主持短期培训班
2.4. Login-IPv6-Host
Description
exceptionallyThis Attribute indicates the system with which to connect the
ur, when the Login-Service Attribute is included. It MAY be
ud in Access-Accept packets. It MAY be ud in an Access-
Request packet as a hint to the rver that the NAS would prefer
to u that host, but the rver is not required to honor the
hint.
A summary of the Login-IPv6-Host Attribute format is shown below.
The fields are transmitted from left to right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Address
behaves+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Address
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Address
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Address
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
98 for Login-IPv6-Host
Length
18
Aboba, et al. Standards Track [Page 5]
