The RADIUS client can request RADIUS attributes, such as the "Framed-IP-Address", from an external RADIUS server and provide these, for example, to a PPPoE server in order to authenticate them at PPPoE, PPTP or L2TP servers.
Note: For more information about RADIUS attributes, see the following technical documents:
The device transmits the following attributes in access request messages:
| ID: | Name | Meaning | Possible values in LCOS |
|---|---|---|---|
| 1 | User-Name | The name entered by the user. | Used with 802.1X WLAN, PPPoE server, L2TP, PPTP, VPN |
| 2 | User-Password | The password entered by the user. | Used with 802.1X WLAN, PPPoE server, L2TP, PPTP, VPN |
| 4 | NAS-IP-Address | Specifies the IPv4 address of the device requesting access for a user. | <IPv4 address of the device> |
| 6 | Service-Type | Specifies the type of service that the device requests or expects as a response. |
|
| 7 | Framed-Protocol | Specifies the protocol to be used. | PPP |
| 8 | Framed-IP-Address | Specifies the IP address that is assigned to the client. | <IP address of the client> |
| 26 | Vendor 2356(LCS) ID 2 | MAC address of the client if authentication using the MAC address is enabled. In contrast to the Calling-Station-Id, this value is transmitted as a 6-byte binary string. This attribute only exists for the login mode Authenticate with name, password and MAC address. | <MAC address of the client> |
| 30 | Called-Station-Id | Specifies the identifier of the called station (e.g. the VPN server). |
|
| 31 | Calling-Station-Id | Specifies the identifier of the calling station (e.g. the VPN client). |
|
| 32 | NAS identifier | Specifies the name of the device being managed by the RADIUS server. | <Device-Name> |
| 61 | NAS-Port-Type | Specifies the physical port through which the device authenticates the user. |
|
| 64 | Tunnel-Type | Defines the tunneling protocol which will be used for the session. |
|
| 65 | Tunnel-Medium-Type | Defines the transport medium over which the tunneled session will be established. |
|
| 81 | Tunnel-Private-Group-ID | Defines the group ID if the session is tunneled. |
|
| 87 | NAS-Port-Id | Description of the interface over which the client is connected to your device. This may be a physical and a logical interface. | For example
|
| 95 | NAS-IPv6-Address | Specifies the IPv6 address of the device requesting access for a user. | <IPv6-address of the device> |
| 96 | Framed-Interface-ID | This attribute conveys the IPv6 interface identifier that should be configured for the user in the IPv6CP. | |
| 97 | Framed-IPv6-Prefix | Prefix, which is sent to the user via router advertisements. | |
| 99 | Framed-IPv6-Route | This attribute conveys the route to be used for this user. The device supplements the IPv6 routing table with this route and the next hop to this user. | |
| 100 | Framed-IPv6-Pool | This indicates the IPv6 pool from which a prefix is to be taken for the user. The IPv6 pool is referenced by its name and must be present under . | |
| 123 | Delegated-IPv6-Prefix | Prefix, which is sent to the user via DHCPv6 prefix delegation. | |
| 177 | Mobility-Domain-ID | Identifies the mobility domain where the client is located. | |
| 181 | WLAN-HESSID | Contains the HESSID of the 802.11u SSID. | |
| 182 | WLAN-Venue-Info | Contains information about the category of the site. | This is configured under . |
| 183 | WLAN-Venue-Language | Contains information about the language of the site. | This is configured under . |
| 184 | WLAN-Venue-Name | Contains the name of the site (venue name). | This is configured under . |
| 186 | WLAN-Pairwise-Cipher | Contains information about the pairwise key used by the client and AP. | |
| 187 | WLAN-Group-Cipher | Contains information about the group key used by the client and AP. | |
| 188 | WLAN-AKM-Suite | Contains information about the access management (authentication and key management) between the client and AP. | |
| 189 | WLAN-Group-Mgmt-Cipher | Contains information about the group management key/cipher used to secure a connection via RSNA (robust security network association) between an AP and mobile client. | |
| 190 | WLAN-RF-Band | Contains information about the frequency band used by the client. |
Note: In addition to these attributes, there is an almost endless variety of manufacturer-specific attributes. LCOS allows these attributes to be used once they have been defined. See User-defined attributes
An example for a PPP user test with IPv6 in the FreeRADIUS is as follows:
test Cleartext-Password := "1234"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IPv6-Prefix = "fec0:1:2400:1::/64",
Delegated-IPv6-Prefix = "fec0:1:2400:1100::/56",
Framed-IP-Address = 172.16.3.33,
The user test in a dual-stack PPP session receives the IPv4 address 172.16.3.33, the prefix fec0:1:2400:1::/64 via router advertisement, and the prefix fec0:1:2400:1100::/56 via DHCPv6 prefix delegation.
The following vendor-specific RADIUS attributes use the IANA Private Enterprise Number "3561" of the Broadband Forum. The remaining entries are LANCOM-specific attributes!
| ID: | Name | Meaning | Possible values in LCOS |
|---|---|---|---|
| 1 | ADSL-Agent-Circuit-Id, Vendor 3561 | Specifies the interface of the device being managed by the RADIUS server. Only transmitted if agent-relay info is included in the PPPoED packet (see PPPoE snooping). | <Device interface> |
| 2 | ADSL-Agent-Remote-Id, Vendor 3561 | Specifies the identifier of the device being managed by the RADIUS server. Only transmitted if agent-relay info is included in the PPPoED packet (see PPPoE snooping). | <Device identifier> |
| 16 | LCS-Orig-NAS-Identifier, Vendor 2356 | NAS-identifier of the original access point in WLC mode. | <Device-Name> |
| 17 | LCS-Orig-NAS-IP-Address, Vendor 2356 | NAS IP address of the original access point in WLC mode. | <IPv4 address of the device> |
| 18 | LCS-Orig-NAS-IPv6-Address, Vendor 2356 | NAS IPv6 address of the original access point in WLC mode. | <IPv6-address of the device> |
Note: An overview of the attributes used to support RADIUS with IKEv2 is available under RADIUS support for IKEv2.
