Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

X.P0028 TSG-X (PSN/PDS) China: CCSA

advertisement 
X.P0028
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
3GPP2
China: CCSA
xx-xxxx-xxx
(to be published as xxxxxx)
Contact: Rajesh Bhalla - ZTE
+1-858-554-0387 rabhalla@ztesandiego.com
Japan: TTC
xx-xxxx-xxx
TSG-X (PSN/PDS)
(to be published as xxxxxx)
Contact: Toru Owai - NEC Corporation
X.P0028
+81-3-3798-8551
t-owai@ah.jp.nec.com
Korea: TTA
xx-xxxx-xxx
(to be published as 3GPP2 X.S0028)
(to be published as xxxxxx)
Chair: Serge Manning
Sprint PCS
Address + phone number (TBD)
smanni05@sprintspectrum.com
Chair: Jin Sung Choi – LG Electronics
+82-31-450-2062
jinsungc@lge.com
North America: TIA TR-45.6
PN-3-0174
(to be published as TIA-1050)
Chair: Parviz Yagani – Cisco
Phone nb? pyegani@cisco.com
3GPP2 system to Wireless Local Area Network Interworking
i
3GPP2 TSG-X/TIA TR-45.6
X.P0028
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
3GPP2
Revision History
REVISION HISTORY
Version Content changes.
0.1
Accepted skeleton document
X31-20031208-007
Added Architecture:
X31-20031208-010R2
Incorporated RADIUS attribute table from:
X31-20040112-013
0.2
Incorporated:
X31-20040419-021-Nortel-USC-Sprint-WLAN_auth_EAP_TLS_sharedkeys.pdf
i
Date
March 15, 2004
June 7, 2004
3GPP2 TSG-X/TIA TR-45.6
X.P0028
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
3GPP2
Table of Contents
Revision History .............................................................................................................................................................i
Table of Contents.......................................................................................................................................................... ii
List of Figures.............................................................................................................................................................. iii
List of Tables ................................................................................................................................................................iv
1
Introduction .......................................................................................................................................5
1.1
Scope ...................................................................................................................................5
References .........................................................................................................................................6
2.1
Normative References .........................................................................................................6
2.2
Informative References .......................................................................................................6
2.3
3GPP2 Specifications and SDO Standards .........................................................................6
Definitions, Symbols and Abbreviations ..........................................................................................7
3.1
Definitions...........................................................................................................................7
3.2
Symbols and Abbreviations ................................................................................................7
Interworking Architecture .................................................................................................................8
4.1
Reference Model .................................................................................................................8
4.2
Network Entities .................................................................................................................9
4.3
Interfaces .............................................................................................................................9
Service description .......................................................................................................................... 10
WLAN Interworking Access........................................................................................................... 11
6.1
6.1.1
6.1.2
Network Advertisement and Selection ..............................................................................11
Functional Element x Requirements ............................................................................................... 11
MS Requirements ............................................................................................................................ 11
6.2
6.2.1
6.2.2
Service Authorization ....................................................... Error! Bookmark not defined.
Functional Element x Requirements ............................................... Error! Bookmark not defined.
MS Requirements ............................................................................ Error! Bookmark not defined.
Authentication Methods .................................................................................................................. 12
7.1
7.1.1
7.1.2
EAP-TLS with Shared Key ...............................................................................................12
Assumptions .................................................................................................................................... 12
EAP-TLS with Shared key Message flow....................................................................................... 12
7.2
MS Requirements ..............................................................................................................15
IP Connectivity ............................................................................................................................... 15
8.1
Functional Element x Requirements .................................................................................15
8.2
MS Requirements ..............................................................................................................15
Session continuity ........................................................................................................................... 15
9.1
Functional Element x Requirements .................................................................................15
9.2
MS Requirements ..............................................................................................................15
Accounting ...................................................................................................................................... 16
RADIUS attributes .......................................................................................................................... 17
2
3
4
5
6
7
8
9
10
11
ii
3GPP2 TSG-X/TIA TR-45.6
X.P0028
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
3GPP2
List of Figures
iii
3GPP2 TSG-X/TIA TR-45.6
X.P0028
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
3GPP2
List of Tables
iv
3GPP2 TSG-X/TIA TR-45.6
X.P0028
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
1
3GPP2
Introduction
The purpose of this section is to introduce the readers to the contents of the whole document.
1.1
Scope
The scope statement defines the objectives to be accomplished by the document that is being
produced.
5
3GPP2 TSG-X/TIA TR-45.6
X.P0028
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
3GPP2
2
References
2.1
Normative References
This section provides references to other specifications and standards that are necessary to implement
this document
[EDITOR: add references to: 2865,2866, ,3580]
[TLS]
[EAP-TLS]
[EAP]
[EAP-RADIUS]
[SKEYTLS]
[TLSPSK]
2.2
"The TLS Protocol", RFC 2246.
“PPP EAP-TLS Authentication protocol”, RFC 2716
“Extensible Authentication Protocol (EAP)”, RFC 2284bis-09
RFC 3579, RADIUS support for EAP
Use of Shared Keys in the TLS Protocol, draft-ietf-tls-sharedkeys-02.
Pre-Shared Key Ciphersuites for TLS, draft-eronen-tls-psk-00.txt
Informative References
This section provides references to other documents that may be useful for the reader of this
document.
2.3
3GPP2 Specifications and SDO Standards
Number of
specifications
SDO Project Number
Document Title
3GPP2:
ARIB:
CWTS:
TIA:
TTA:
6
3GPP2 TSG-X/TIA TR-45.6
X.P0028
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
3
3GPP2
Definitions, Symbols and Abbreviations
This section contains definitions, symbols and abbreviations that are used throughout the document.
3.1
Definitions
[EDITOR INSERTED DEFINITIONS:]
EAP Server
[END OF EDITOR INSERTED DEFINITIONS]
3.2
Symbols and Abbreviations
[EDITOR INSERTED ITEMS]
AP
EAP
EAPoL
MS
NAI
PMK
PRF
RADIUS
TLS
WLAN
[END OF EDITOR INSERTED ITEMS]
EAP over LAN
Pseudo random function
7
3GPP2 TSG-X/TIA TR-45.6
X.P0028
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
4
3GPP2
Interworking Architecture
[EDITOR NOTE: THE FOLLOWING INTRO SECTION NEEDS TO BE CLEANED UP]
The Phase-1 3GPP2-WLAN Interworking architecture along with its network functional entities and interfaces
supports Scenarios 1 and 2 of the four (4) Scenarios described in the stage 1 document as follows:

Scenario 1: Common billing and customer care

Scenario 2: 3GPP2 System based Access Control and Charging and Access to the Internet via the
WLAN system


Scenario 3: Access to the 3GPP2 Packet Data Services via the WLAN system
Scenario 4: Session continuity
Phase-1 3GPP2-WLAN Interworking architecture and its associated functionality will be supported in the same
timeframe as the X.P0011-D release. The support for Scenarios 3 and 4 may be provided in a later release.
4.1
Reference Model
Figure 1 shows a high-level network architecture for the support of the 3GPP2-WLAN interworking for scenario 2.
The WLAN is connected to the 3GPP2 home network either directly or via one or more intermediate broker
network(s). In this architecture model, either a cdma2000 operator or a Wireless ISP may own the WLAN. The
Mobile Station (MS) gains access to the Internet via the WLAN after it is successfully authenticated by the 3GPP2
home system. The network (functional) entities and interfaces are described in the following sections.
Figure 1 3GPP2-WLAN Interworking Architecture for Scenario 2
8
3GPP2 TSG-X/TIA TR-45.6
X.P0028
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
4.2
3GPP2
Network Entities

H-AAA: AAA in a home 3GPP2 network - The home AAA server (H-AAA) is the AAA server managed
by the 3GPP2 home operator. The AAA server authenticates and authorizes the MS for access to the
3GPP2-WLAN interworking service.

B-AAA: AAA in a broker network - A broker AAA (B-AAA) resides in a broker network. The broker
network is an intermediate network between the WLAN and 3GPP2 home network. There may be zero,
one, or more broker networks between the WLAN and the 3GPP2 Home network.

W-AAA: The AAA in the WLAN, if available, interacts with the MS’s H-AAA server, possibly through
one or more broker networks, to authenticate and authorize the MS for WLAN access.

Database - The database is in the MS’s 3GPP2 home network where authentication and subscriber service
profile information is stored.

WLAN: The Wireless Local Area Network supports 802.11 types of accesses. It may support 802.1x and/or
802.11i. The topology of the WLAN is outside the scope of this specification.
4.3
Interfaces

Interface 1 between MS and WLAN - The interface between MS and WLAN specifies the physical and link
layers protocols. The 802.11 specifications should not be affected by the 3GPP2 specifications. 3GPP2WLAN interworking may designate IEEE standards as preferred interfaces, e.g. 802.1x and 802.11i for
security mechanisms.

Interface 2 between AAA in WLAN and H-AAA - This interface is used to authenticate the MS from the
3GPP2 home system and forward requests and responses between the W-AAA and the H-AAA. The
interface should follow IETF specifications. This interface may consist of the following two interfaces in
case a broker network(s) is present.
o
An interface between W-AAA and B-AAA - This interface is used to proxy requests/responses
between W-AAA and B-AAA.
o
An interface between B-AAA and H-AAA - This interface is used to proxy requests/responses
between B-AAA and H-AAA.
9
3GPP2 TSG-X/TIA TR-45.6
X.P0028
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
5
3GPP2
Service description
[ Editor’s Note: This section contains an overview of Scenario 2
Action: Serge]
10
3GPP2 TSG-X/TIA TR-45.6
X.P0028
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
3GPP2
6
WLAN Interworking Access
6.1
Network Advertisement and Selection
6.1.1
Functional Element x Requirements
6.1.2
MS Requirements
11
3GPP2 TSG-X/TIA TR-45.6
X.P0028
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
3GPP2
7
Authentication Methods
7.1
EAP-TLS with Shared Key
The EAP-TLS [EAP-TLS] specifies how the TLS tunnel [TLS] is established using EAP [EAP]. If client
authentication is required, EAP-TLS method requires a client certificate to be available in the WLAN client. This
requirement is considered to be a major disadvantage of TLS, since public key cryptography is considered complex.
As an alternative EAP-TLS with Shared Keys[SKEYTLS] uses pre-configured or pre-existing shared secret in order
to establish the TLS tunnel. While this method does not require the management of client-side certificates, for
operators that already has PKI available, EAP-TLS with Shared Key method shall not disallow the use of EAP-TLS
with server and client certificates.
7.1.1
Assumptions
EAP-TLS with Shared key assumes the following:
 That the shared secret (SS) is available and is stored in a secure memory of the MS or in the WLAN access
client.
 The WLAN access client has the capability to communicate with the cdma2000 MS, if the shared secret is
not configured in the WLAN access client. (e.g., for reusing MN-AAA key).
 Both EAP Server and the WLAN client must be configured to use same TLS cipher suites (i.e., there is no
negotiation of TLS cipher suites). This assumption is relaxed if EAP-TLS is used with [TLSPSK].
7.1.2
EAP-TLS with Shared key Message flow
EAP-TLS with Shared key method involves elimination of public key operations during the TLS handshake, while
providing equivalent level of security using shared symmetric keys. After the initial handshake phase, the TLS uses
the symmetric keying material (referred to as TLS master secret) derived from the information exchanged during the
initial handshake. The shared key TLS method involves explicitly deriving TLS master secret from the Shared
Secret (SS). Once the TLS master secret is derived, it utilizes the built-in session caching mechanism, in the TLS
protocol. Session caching allows a TLS session to be resumed without requiring full TLS handshake. In order to
resume the “phantom” TLS session, it needs to be seeded with session ID and TLS master secret, both at the EAP
server and at the EAP client termination points.
The following diagram shows the message flows:
12
3GPP2 TSG-X/TIA TR-45.6
X.P0028
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
3GPP2
MS
WLAN
client
(R)UIM
EAP Server
(AAA)
AP
Shared Secret (SS)
available
Shared Secret (SS)
available
a
b
WLAN Access Association
EAP-Request / Identity
c
EAP-Response / Identity(NAI)
EAP-Request/
EAP-Type=EAP-TLS (TLS Start)
Access-Request
EAP-Response/Identity (NAI)
Access-Challenge
EAP-Request/EAP-Type=EAP-TLS
(TLS Start)
Seed Session ID with NAI
Derive and Seed TLS master
secret from SS
Seed Session ID with NAI
Derive and Seed TLS master
secret from SS
EAP-Response/EAP-Type=EAP-TLS
(TLS Client Hello)
d
e
f
g
Access-Request
EAP-Response/EAP-Type=EAP-TLS
(TLS Client Hello)
h
EAP-Request/EAP-Type=EAP-TLS
(TLS Server Hello, TLS change cipher
spec, TLS finished)
EAP-Response/EAP-Type=EAP-TLS
(TLS change cipher spec, TLS finished)
Access-Challenge
EAP-Request/EAP-Type=EAP-TLS
(TLS Server Hello, TLS change cipher
spec, TLS finished)
i
Access Request
EAP-Response/EAP-Type=EAP-TLS
(TLS change cipher spec, TLS finished)
j
Derive keys for WLAN access (e.g.
PMK) from TLS master secret
Derive keys for WLAN access (e.g.
PMK) from TLS master secret
Access-Accept
EAP-Success +keys
EAP-Success
Figure 2 WLAN access authentication using EAP-TLS with shared keys
13
3GPP2 TSG-X/TIA TR-45.6
k
l
X.P0028
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
3GPP2
a) Both the WLAN client and the EAP Server have access to the shared secret used for the WLAN
access service authentication. This can be one of the existing cdma2000 credential, such as MNHAAA key or separate shared secret used only for WLAN access authentication
b) MS wishing to access WLAN access service establishes an 802.11association with the WLAN
AP.
c) The WLAN AP issues an EAP Identity Request to request the user’s identity using EAP over LAN
(EAPoL)
d) The WLAN client replies with the NAI as the user’s identity (e.g., username@realm.com). The
AP encapsulates the EAP Response with the identity in a Access-Request message (RADIUS
support for EAP is specified in [EAP-RADIUS]) and forwards it to the back-end authentication
server (EAP Server) responsible for the authenticating subscribers belonging to that realm
e) The EAP Server verifies that the NAI is valid for WLAN access service and determines that EAPTLS is to be used for authentication. Otherwise, Access-Reject will be sent.
f) The EAP Server sends the EAP Request with EAP-Type as EAP-TLS in an Access-Challenge
message. The AP forwards the EAP request to the WLAN client. This starts the TLS tunnel
establishment process.
g) Upon receiving the TLS Start indication, EAP peer shall behave as though it is resuming a preexisting TLS session as specified in [SKEYTLS]. This implies that the TLS record: “TLS client
hello”, must be initialized as follows:
 session ID (32 bytes) = NAI (right-truncate if more than 32 bytes or else zero-padded to
form 32 bytes)
 random = client generated random number (32 bytes)
 cipher spec = client supported cipher suite (Note: this must pre-configured).
Furthermore, the TLS master secret is also derived as specified in [SKEYTLS] using the TLS
pseudo random function (PRF): master_secret = PRF (shared_secret, “shared secret”, seed).
The “seed” can be any value (including an empty string “”) except that it should not contain
anything computed from the shared secret)
Similarly, the EAP server also initializes the TLS record: “TLS server hello” and derives the TLS
master secret. This initialization contains a server generated 32 byte random number.
Note 1: The shared_secret takes the place of TLS standard pre-master secret that is normally
derived from the public-keys. It is filled using Shared Secret (SS) as specified in [SKEYTLS] to
result in a 48 bytes standard TLS pre-master secret.
Note 2: Initialization of the TLS records can use, previously derived master secret, if it is available
and is allowed by the operator policy.
h) Once the session cache seeding process is complete, the TLS session resumption process is
started as specified in the [EAP-TLS]. The EAP peer sends the EAP-Response with “TLS Client
Hello” handshake message. Note that the session ID is initialized to the NAI, indicating that the
TLS session resumption process is to be used. The AP forwards this message to the EAP server
using Access-Request message.
i) The EAP Server responds with an Access-Challenge containing EAP-Response with TLS server
hello, TLS change cipher spec and TLS Finished handshake TLS records, which is forwarded to
the MS by the AP.
j) The MS responds with an EAP-Response with TLS change cipher spec and TLS finished
handshake TLS records to the AP, which is forwarded to the EAP Server using Access-Request
message.
k) This completes the mutual authentication of both EAP server and the EAP peer. In case, the
client authentication fails, TLS Alert message is send to the client and the user is disconnected. In
case, the server authentication fails, the EAP peer will respond with the TLS Alert message and
the user is disconnected. Handling of various failure scenarios are specified in [EAP-TLS]. If the
mutual authentication succeeds, the server derives the needed WLAN session key (PMK).
14
3GPP2 TSG-X/TIA TR-45.6
X.P0028
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
l)
7.2
3GPP2
Similarly, the EAP peer also derives the needed WLAN session keys. The session key derivation
procedures for both EAP peer and EAP server are specified in [EAP-TLS]
After deriving the needed WLAN session key (PMK), the EAP server sends Access-Accept
message (along with the PMK in the MS-MPPE-Recv-Key attribute of RADIUS) to the AP with the
PMK and EAP success indication. The AP forwards the EAP Success indication to the EAP peer.
This completes the WLAN access authentication.
MS Requirements
[EDITOR’s note Action Kuntal to provide text]
15
3GPP2 TSG-X/TIA TR-45.6
X.P0028
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
8
3GPP2
Accounting
[Editor’s note: Lila to bring text]
16
3GPP2 TSG-X/TIA TR-45.6
X.P0028
9
1
2
3
4
5
6
Attribute
7
User Name
8
User Password
9
10
NAS-IP Address
11
12
NAS-Port
13
14
Service Type
15
16
17
Framed
IP Address
18
19
20
Framed-IP-Netmask
21
22Message
Reply
State23
24
25 Timeout
Session
26
27
Idle 28
Timeout
29
30
Termination
Action
31
Called
32 Station ID
33
Calling
34 Station ID
NAS35Identifier
36
Acct37
Status Type
Acct38
Input Octets
Acct39
Output Octets
Acct40
Session ID
41
42
Acct43
Session Time
Acct44
Input Packets
Acct45
Output Packets
Acct46
Termination
Cause
47
48
49
50
51
Acct-Input-Gigawords
52
53
Acct-Ouput54
Gigawords
55
Event Time Stamp
56
NAS Port Type
57
EAP-Message
58
3GPP2
RADIUS attributes
#
Type
Access
Req
Access
Resp
1
2
String
String
X
X
X
4
5
IP
Addr
Integer
6
Integer
X
8
IP
Addr
9
Integer
X
X
18
24
String
String
X
X
X
27
Integer
X
28
Integer
X
29
Integer
X
30
String
31
32
String
String
40
42
43
44
Integer
Integer
Integer
String
46
47
48
49
Acct
Start
Acct
Intrm
Acct
Stop
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
Integer
Integer
Integer
Integer
X
X
X
X
X
X
X
52
Integer
X
X
53
Integer
X
X
55
61
79
Integer
Integer
String
X
X
X
X
X
X
X
X
X
X
X
X
X
17
Comments
User's NAI, Case Sensitive
Must only be used if client authenticating via
UAM
IP Addr of RADIUS client
Is the Association ID between client & AP
per RFC 3580
Various Service Types used for UAM are
described in RFC 2865. Service types for
use with 1x are described in RFC 3580.
Client's IP Address. See RFC 3580 - Not
used for L2 Authenticators with 802.1x.
Attribute required for TAP & IPDR
Netmask of the user; For local use. See RFC
3580 (not used for L2 Authenticators)
Text to display to user
Opaque string from AAA in Access
Challenge
Seconds until forced session termination and
re-authentication required (may be used for
prepaid subs); See Termination-Action
Seconds of idle time before auto-termination
of session
0-Default (end of session) 1-RADIUS reauthentication
Per RFC 3580=MAC Address of NAS +
SSID (if known)
Per RFC 3580=Client's MAC Address
Alternative to NAS-IP_Address to identify
NAS
1=Start 2=Stop 3=Interim update
NAS unique ID to correlate all accounting
records in a session; May be used to correlate
with Auth Records
Session duration in seconds
1=User Request 2=Lost Carrier/Link 4=idle
timeout 5=session timeout 6=admin reset
9=NAS error 10=NAS request 11=NAS
reboot 19=Supplicant (Client) Restart
20=Re-Auth Failure; See RFC 3580 for more
info
Number of times the Acct-Input-Octets
counter has wrapped around
Number of times the Acct-Output-Octets
counter has wrapped around
Seconds since Jan 1 1970 UTC
15=Ethernet 19=802.11
Required per RFC 3579
3GPP2 TSG-X/TIA TR-45.6
X.P0028
1
Attribute
2
Message Authenticator
3
Acct Interim Interval
4
MS-MPPE-Recv-Key
5
MS-MPPE-Send-Key
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
3GPP2
#
Type
80
85
String
Integer
String
String
Access
Req
X
Access
Resp
X
X
X
X
Acct
Start
X
18
Acct
Intrm
X
Acct
Stop
X
Comments
Required per RFC 3579
Interval in seconds between Acct updates
.1x Encryption Key
.1x Encryption Key
3GPP2 TSG-X/TIA TR-45.6
Related documents
The TLS April 07, 2000, Letters to the Editor Shut your air-holes
The TLS April 07, 2000, Letters to the Editor Shut your air-holes
Steve Dennett Is Director of Industry Relations, Standards and
Steve Dennett Is Director of Industry Relations, Standards and
Session management, authentication
Session management, authentication
here. - Training for Learning and Serving
here. - Training for Learning and Serving
Download
advertisement