New Attribute Support

Table 1. New CoA Attribute Support
Name Description Defining RFC
Event-Timestamp The Event-Timestamp attribute is used to minimize the effect of network replay attacks. RFC5176 recommends incorporating this attribute when not using more complex security measures to encrypt the RADIUS packet data. The DA controller does not process Disconnect Request or CoA requests that do not include this attribute. The timestamp sent in this attribute must be within 300 seconds of the current time for the request to be processed. Response frames to either Disconnect request or CoA requests contain this attribute. RFC2869
Proxy-State When one or more of these attributes are included in either Disconnect request or request frames they must be included unedited in the responses to those packets. RFC2865
Message-Authenticator The Message-Authenticator attribute is used to both authenticate and integrity check RADIUS packets. It is used in lieu of more complex security measures to authorize and/or encrypt the RADIUS control packets. The DA controller does not process packets with invalid Message-Authenticator attribute values. RFC2869
Error-Cause The Error-Cause attribute is used to give the DA Initiator more information regarding the cause of the failure to process either a Disconnect request or a CoA request. The DA controller uses this attribute when it responds with the Disconnect-Request-NAK or the Change-Of-Authorization-NAK messages. RFC5176
Enterasys Auth-Client-Type The Enterasys Auth-Client-Type vendor-specific attribute (VSA) is used to indicate which authentication client sessions are to be affected by either the CoA or Disconnect Requests. The vendor ID used for this VSA is the IANA assigned private enterprise number for Enterasys—5624. The Enterasys attribute type number for this attribute is 1. Valid values are: 1- dot1x, 2-pwa, 3-macauth, 4-cep, 5-radsnoop, 6-auto-tracking and 7-quarantine-agent. N/A
NAS-Port The interface index of the port that a session is connected to. Representation of port 5 in standalone switches will be like this: 1005, stack port 3:5 will be 3005, and vpex port 100:5 will be like this NAS-Port = 101005. RFC2865
Extreme-Policy-ACL See User-based Dynamic Access Control Lists (ACL). EXTREME-VSA 232 String