||The Event-Timestamp attribute is used to minimize the
effect of network replay attacks. RFC5176 recommends incorporating this attribute when
not using more complex security measures to encrypt the RADIUS packet data. The DA controller does not process Disconnect Request
or CoA requests that do not include this attribute. The timestamp sent in this
attribute must be within 300 seconds of the current time for the request to be
processed. Response frames to either Disconnect request or CoA requests contain this
||When one or more of these attributes are included in
either Disconnect request or request frames they must be included unedited in the
responses to those packets.
||The Message-Authenticator attribute is used to both
authenticate and integrity check RADIUS packets. It is used in lieu of more complex
security measures to authorize and/or encrypt the RADIUS control packets. The DA
controller does not process packets with invalid Message-Authenticator attribute
||The Error-Cause attribute is used to give the DA Initiator
more information regarding the cause of the failure to process either a Disconnect
request or a CoA request. The DA controller uses this attribute when it responds with
the Disconnect-Request-NAK or the Change-Of-Authorization-NAK messages.
||The Enterasys Auth-Client-Type vendor-specific attribute
(VSA) is used to indicate which authentication client sessions are to be affected by
either the CoA or Disconnect Requests. The vendor ID used for this VSA is the IANA
assigned private enterprise number for Enterasys—5624. The Enterasys attribute type
number for this attribute is 1. Valid values are: 1- dot1x, 2-pwa, 3-macauth, 4-cep,
5-radsnoop, 6-auto-tracking and 7-quarantine-agent.
||The interface index of the port that a session is connected to. Representation of
port 5 in standalone switches will be like this: 1005, stack port 3:5 will be 3005,
and vpex port 100:5 will be like this NAS-Port = 101005.
||See Dynamic Access Control Lists (ACL).
||EXTREME-VSA 232 String