IETF Logo Mail Archive

Re: [dhcwg] DHCP interconnected to RADIUS for AAA

John Schnizlein <jschnizl@cisco.com> Tue, 11 March 2003 15:38 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA24066; Tue, 11 Mar 2003 10:38:46 -0500 (EST)
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h2BFq7O07404; Tue, 11 Mar 2003 10:52:09 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h2BFpnO07377 for <dhcwg@optimus.ietf.org>; Tue, 11 Mar 2003 10:51:49 -0500
Received: from rtp-core-1.cisco.com (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA24033 for <dhcwg@ietf.org>; Tue, 11 Mar 2003 10:37:48 -0500 (EST)
Received: from jschnizl-w2k.cisco.com (rtp-vpn1-377.cisco.com [10.82.225.121]) by rtp-core-1.cisco.com (8.12.6/8.12.6) with ESMTP id h2BFdrSd016731; Tue, 11 Mar 2003 10:39:53 -0500 (EST)
Message-Id: <4.3.2.7.2.20030311103147.00b220d8@wells.cisco.com>
X-Sender: jschnizl@wells.cisco.com
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Tue, 11 Mar 2003 10:39:51 -0500
To: Erik Nordmark <Erik.Nordmark@sun.com>
From: John Schnizlein <jschnizl@cisco.com>
Subject: Re: [dhcwg] DHCP interconnected to RADIUS for AAA
Cc: Shankar Agarwal <shankar_agarwal@net.com>, rbhibbs@pacbell.net, Dhcwg <dhcwg@ietf.org>, "Chen, Weijing" <wchen@tri.sbc.com>
In-Reply-To: <Roam.SIMC.2.0.6.1047390698.31555.nordmark@bebop.france>
References: <"Your message with ID" <3E6D2F0A.89A93D07@net.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: dhcwg-admin@ietf.org
Errors-To: dhcwg-admin@ietf.org
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Id: <dhcwg.ietf.org>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>

At 08:51 AM 3/11/2003, Erik Nordmark wrote:
>> Right now we don't have a simple username password authentication
>> mechanism for DHCP and we have something very complicated which will not
>> be used in most common deployments. In most of the cases we are happy
>> with either cleartext user name password or may be MD5 encoded username
>> password authentication. If we put this within the current DHCP
>> framework then this will help in replacing the ppp in DSL and cabel
>> modem world where username password is used to pick up the profile of
>> the user.
>
>An alternative would be to figure out how PANA and DHC would work
>together in this case.

Another alternative is to follow the AAA that controls initial access 
at layer 2 (e.g. RADIUS authentication for IEEE 802.1X) with sending
those RADIUS attributes to the DHCP server. This approach protects
the access network and separates the functions of user authentication 
from address (and other parameter) configuration. The mechanism for interworking this way is in draft-ietf-dhc-agentopt-radius-02.txt.

John

_______________________________________________
dhcwg mailing list
dhcwg@ietf.org
https://www1.ietf.org/mailman/listinfo/dhcwg

v2.29.0 | Report a Bug | By Email | System Status