Event-Timestamp |
The Event-Timestamp attribute is used to minimize the
effect of network replay attacks. RFC5176 recommends incorporating this attribute when
not using more complex security measures to encrypt the RADIUS packet data. The DA
controller does not process Disconnect Request or CoA requests that do not include
this attribute. The timestamp sent in this attribute must be within 300 seconds of the
current time for the request to be processed. Response frames to either Disconnect
request or CoA requests contain this attribute. |
RFC2869 |
Proxy-State |
When one or more of these attributes are included in either Disconnect request or
request frames they must be included unedited in the responses to those packets. |
RFC2865 |
Message-Authenticator |
The Message-Authenticator attribute is used to both authenticate and integrity
check RADIUS packets. It is used in lieu of more complex security measures to
authorize and/or encrypt the RADIUS control packets. The DA controller does not
process Disconnect request or CoA request frames without a Message-Authenticator
attribute. The DA controller does not process packets with invalid
Message-Authenticator attribute values. |
RFC2869 |
Error-Cause |
The Error-Cause attribute is used to give the DA Initiator more information
regarding the cause of the failure to process either a Disconnect request or a CoA
request. The DA controller uses this attribute when it responds with the
Disconnect-Request-NAK or the Change-Of-Authorization-NAK messages. |
RFC5176 |
Enterasys Auth-Client-Type |
The Enterasys Auth-Client-Type vendor-specific attribute (VSA) is used to
indicate which authentication client sessions are to be affected by either the CoA or
Disconnect Requests. The vendor ID used for this VSA is the IANA assigned private
enterprise number for Enterasys—5624. The Enterasys attribute type number for this
attribute is 1. Valid values are: 1- dot1x, 2-pwa, 3-macauth, 4-cep, 5-radsnoop,
6-auto-tracking and 7-quarantine-agent. |
N/A |