1 RADIUS Protocol
This document describes how Oracle Communications Billing and Revenue Management Elastic Charging Engine (ECE) Remote Authentication Dial In User Service (RADIUS) Gateway maps the RADIUS access-control messages for the RADIUS protocol defined in RFC-2865 and RFC-2869.
See also "RADIUS Accounting Protocol".
Section Compliance
Table 1-1 lists the compliance information for the RADIUS protocol sections in RFC-2865.
Table 1-1 RFC-2865 Section Compliance
| Section Number | Section | Status | Notes |
|---|---|---|---|
|
1 |
Introduction |
Not applicable |
- |
|
1.1 |
Specification of Requirements |
Not applicable |
- |
|
1.2 |
Terminology |
Not applicable |
- |
|
2 |
Operation |
Partially supported |
- |
|
2.1 |
Challenge/Response |
Supported |
- |
|
2.2 |
Interoperation with PAP and CHAP |
Not supported |
- |
|
2.3 |
Proxy |
Not applicable |
- |
|
2.4 |
Why UDP? |
Not applicable |
- |
|
2.5 |
Retransmission Hints |
Supported |
- |
|
2.6 |
Keep-Alives Considered Harmful |
Supported |
- |
|
3 |
Packet Format |
Supported |
- |
|
4 |
Packet Types |
Supported |
- |
|
4.1 |
Access-Request |
Supported |
- |
|
4.2 |
Access-Accept |
Supported |
- |
|
4.3 |
Access-Reject |
Supported |
- |
|
4.4 |
Access-Challenge |
Supported |
- |
|
5 |
Attributes |
Supported |
- |
|
5.1 |
User-Name |
Supported |
- |
|
5.2 |
User-Password |
Supported |
- |
|
5.3 |
CHAP-Password |
Supported |
- |
|
5.4 |
NAS-IP-Address |
Supported |
- |
|
5.5 |
NAS-Port |
Supported |
- |
|
5.6 |
Service-Type |
Supported |
- |
|
5.7 |
Framed-Protocol |
Supported |
- |
|
5.8 |
Framed-IP-Address |
Supported |
- |
|
5.9 |
Framed-IP-Netmask |
Supported |
- |
|
5.10 |
Framed-Routing |
Supported |
- |
|
5.11 |
Filter-Id |
Supported |
- |
|
5.12 |
Framed-MTU |
Supported |
- |
|
5.13 |
Framed-Compression |
Supported |
- |
|
5.14 |
Login-IP-Host |
Supported |
- |
|
5.15 |
Login-Service |
Supported |
- |
|
5.16 |
Login-TCP-Port |
Supported |
- |
|
5.17 |
(unassigned) |
Supported |
- |
|
5.18 |
Reply-Message |
Supported |
- |
|
5.19 |
Callback-Number |
Supported |
- |
|
5.20 |
Callback-Id |
Supported |
- |
|
5.21 |
(unassigned) |
Supported |
- |
|
5.22 |
Framed-Route |
Supported |
- |
|
5.23 |
Framed-IPX-Network |
Supported |
- |
|
5.24 |
State |
Supported |
- |
|
5.25 |
Class |
Supported |
- |
|
5.26 |
Vendor-Specific |
Supported |
- |
|
5.27 |
Session-Timeout |
Supported |
- |
|
5.28 |
Idle-Timeout |
Supported |
- |
|
5.29 |
Termination-Action |
Supported |
- |
|
5.30 |
Called-Station-Id |
Supported |
- |
|
5.31 |
Calling-Station-Id |
Supported |
- |
|
5.32 |
NAS-Identifier |
Supported |
- |
|
5.33 |
Proxy-State |
Supported |
- |
|
5.34 |
Login-LAT-Service |
Supported |
- |
|
5.35 |
Login-LAT-Node |
Supported |
- |
|
5.36 |
Login-LAT-Group |
Supported |
- |
|
5.37 |
Framed-AppleTalk-Link |
Supported |
- |
|
5.38 |
Framed-AppleTalk-Network |
Supported |
- |
|
5.39 |
Framed-AppleTalk-Zone |
Supported |
- |
|
5.40 |
CHAP-Challenge |
Supported |
- |
|
5.41 |
NAS-Port-Type |
Supported |
- |
|
5.42 |
Port-Limit |
Supported |
- |
|
5.43 |
Login-LAT-Port |
Supported |
- |
|
5.44 |
Table of Attributes |
Supported |
- |
|
6 |
IANA Considerations |
No requirement |
- |
|
6.1 |
Definition of Terms |
No requirement |
- |
|
6.2 |
Recommended Registration Policies |
No requirement |
- |
|
7 |
Examples |
Supported |
- |
|
7.1 |
User Telnet to Specified Host |
Supported |
- |
|
7.2 |
Framed User Authenticating with CHAP |
Supported |
- |
|
7.3 |
User with Challenge-Response card |
Not supported |
- |
|
8 |
Security Considerations |
Not supported |
- |
|
9 |
Change Log |
No requirement |
- |
|
10 |
References |
No requirement |
- |
|
11 |
Acknowledgements |
No requirement |
- |
|
12 |
Chair's Address |
No requirement |
- |
|
13 |
Authors' Addresses |
No requirement |
- |
|
14 |
Full Copyright Statement |
No requirement |
- |
Table 1-2 lists the compliance information for the RADIUS protocol sections in RFC-2869.
Table 1-2 RFC-2869 Section Compliance
| Section Number | Section | Status | Notes |
|---|---|---|---|
|
1 |
Introduction |
Not applicable |
- |
|
1.1 |
Specification of Requirements |
Not applicable |
- |
|
1.2 |
Terminology |
Not applicable |
- |
|
2 |
Operation |
Partially supported |
- |
|
2.1 |
RADIUS support for Interim Accounting Updates |
Not supported |
- |
|
2.2 |
RADIUS support for Apple Remote Access Protocol |
Not supported |
- |
|
2.3 |
RADIUS Support for Extensible Authentication Protocol (EAP) |
Supported |
- |
|
2.3.1 |
Protocol Overview |
Supported |
- |
|
2.3.2 |
Retransmission |
Supported |
- |
|
2.3.3 |
Fragmentation |
Not supported |
- |
|
2.3.4 |
Examples |
Supported |
- |
|
2.3.5 |
Alternative Uses |
Supported |
- |
|
3 |
Packet Format |
Supported |
- |
|
4 |
Packet Types |
Supported |
- |
|
5 |
Attributes |
Partially supported |
- |
|
5.1 |
Acct-Input-Gigawords |
Not supported |
- |
|
5.2 |
Acct-Output-Gigawords |
Not supported |
- |
|
5.3 |
Event-Timestamp |
Not supported |
- |
|
5.4 |
ARAP-Password |
Not supported |
- |
|
5.5 |
ARAP-Features |
Not supported |
- |
|
5.6 |
ARAP-Zone-Access |
Not supported |
- |
|
5.7 |
ARAP-Security |
Not supported |
- |
|
5.8 |
ARAP-Security-Data |
Not supported |
- |
|
5.9 |
Password-Retry |
Not supported |
- |
|
5.10 |
Prompt |
Not supported |
- |
|
5.11 |
Connect-Info |
Not supported |
- |
|
5.12 |
Configuration-Token |
Not supported |
- |
|
5.13 |
EAP-Message |
Supported |
- |
|
5.14 |
Message-Authenticator |
Supported |
- |
|
5.15 |
ARAP-Challenge-Response |
Not supported |
- |
|
5.16 |
Acct-Interim-Interval |
Not supported |
- |
|
5.17 |
NAS-Port-Id |
Supported |
- |
|
5.18 |
Framed-Pool |
Not supported |
- |
|
5.19 |
Table of Attributes |
Not supported |
- |
|
6 |
IANA Considerations |
No requirement |
- |
|
7 |
Security Considerations |
Supported |
- |
|
7.1 |
Message-Authenticator Security |
Supported |
- |
|
7.2 |
EAP Security |
Supported |
- |
|
7.2.1 |
Separation of EAP server and PPP authenticator |
Not supported |
- |
|
7.2.2 |
Connection hijacking |
Not supported |
- |
|
7.2.3 |
Man in the middle attacks |
Not supported |
- |
|
7.2.4 |
Multiple databases |
Not supported |
- |
|
7.2.5 |
Negotiation attacks |
Not supported |
- |
|
8 |
References |
No requirement |
- |
|
9 |
Acknowledgements |
No requirement |
- |
|
10 |
Chair's Address |
No requirement |
- |
|
11 |
Authors' Addresses |
No requirement |
- |
|
12 |
Full Copyright Statement |
No requirement |
- |
Access-Request AVPs
Table 1-3 lists the compliance information for Access-Request attribute-value pairs (AVPs).
Table 1-3 Access-Request AVPs
| RADIUS AVP | Status | Notes |
|---|---|---|
|
User-Name |
Supported |
- |
|
User-Password |
Supported |
- |
|
CHAP-Password |
Supported |
- |
|
CHAP-Challenge |
Supported |
- |
|
NAS-IP-Address |
Supported |
- |
|
NAS-Port |
Supported |
- |
|
NAS-Port-Type |
Supported |
- |
|
NAS-Identifier |
Supported |
- |
|
Service-Type |
Supported |
- |
|
Framed-Protocol |
Supported |
- |
|
Framed-IP-Address |
Supported |
- |
|
Framed-IP-Netmask |
Supported |
- |
|
Framed-MTU |
Supported |
- |
|
Framed-Compression |
Supported |
- |
|
Login-IP-Host |
Supported |
- |
|
Callback-Number |
Supported |
- |
|
Called-Station-Id |
Supported |
- |
|
Calling-Station-Id |
Supported |
- |
|
State |
Supported |
- |
|
Proxy-State |
Supported |
- |
|
Login-LAT-Service |
Supported |
- |
|
Login-LAT-Node |
Supported |
- |
|
Login-LAT-Group |
Supported |
- |
|
Login-LAT-Port |
Supported |
- |
|
Vendor-Specific |
Supported |
- |
|
EAP-Message |
Supported |
- |
|
Message-Authenticator |
Supported |
- |
Access-Accept AVPs
Table 1-4 lists the compliance information for Access-Accept AVPs.
Table 1-4 Access-Accept AVPs
| RADIUS AVP | Status | Notes |
|---|---|---|
|
User-Name |
Supported |
- |
|
Service-Type |
Supported |
- |
|
Framed-Protocol |
Supported |
- |
|
Framed-IP-Address |
Supported |
- |
|
Framed-IP-Netmask |
Supported |
- |
|
Framed-Routing |
Supported |
- |
|
Framed-Route |
Supported |
- |
|
Framed-IPX-Network |
Supported |
- |
|
Framed-AppleTalk-Link |
Supported |
- |
|
Framed-AppleTalk-Network |
Supported |
- |
|
Framed-AppleTalk-Zone |
Supported |
- |
|
Filter-Id |
Supported |
- |
|
Framed-MTU |
Supported |
- |
|
Framed-Compression |
Supported |
- |
|
Login-IP-Host |
Supported |
- |
|
Login-Service |
Supported |
- |
|
Login-TCP-Port |
Supported |
- |
|
Reply-Message |
Supported |
- |
|
Callback-Number |
Supported |
- |
|
Callback-Id |
Supported |
- |
|
Class |
Supported |
- |
|
Session-Timeout |
Supported |
- |
|
Idle-Timeout |
Supported |
- |
|
Termination-Action |
Supported |
- |
|
State |
Supported |
- |
|
Proxy-State |
Supported |
- |
|
Login-LAT-Service |
Supported |
- |
|
Login-LAT-Node |
Supported |
- |
|
Login-LAT-Group |
Supported |
- |
|
Login-LAT-Port |
Supported |
- |
|
Port-Limit |
Supported |
- |
|
Vendor-Specific |
Supported |
- |
|
Acct-Session-Id |
Supported |
- |
|
EAP-Message |
Supported |
- |
|
Message-Authenticator |
Supported |
- |
Access-Reject AVPs
Table 1-5 lists the compliance information for Access-Reject AVPs.
Table 1-5 Access-Reject AVPs
| RADIUS AVP | Status | Notes |
|---|---|---|
|
User-Name |
Supported |
- |
|
Reply-Message |
Supported |
- |
|
Class |
Supported |
- |
|
Proxy-State |
Supported |
- |
|
Vendor-Specific |
Supported |
- |
|
Acct-Session-Id |
Supported |
- |
|
EAP-Message |
Supported |
- |
|
Message-Authenticator |
Supported |
- |
Access-Challenge AVPs
Table 1-6 lists the compliance information for Access-Challenge AVPs.
Table 1-6 Access-Challenge AVPs
| RADIUS AVP | Status | Notes |
|---|---|---|
|
Reply-Message |
Supported |
- |
|
Session-Timeout |
Supported |
- |
|
Idle-Timeout |
Supported |
- |
|
State |
Supported |
- |
|
Proxy-State |
Supported |
- |
|
Vendor-Specific |
Supported |
- |
|
EAP-Message |
Supported |
- |
|
Message-Authenticator |
Supported |
- |