Issue: Vlan-00 allowing hints in request messages

["Sanchez, Mauricio (PNB Roseville)" <mauricio.sanchez@hp.com>]

Submitter name: Mauricio Sanchez
Submitter email address: mauricio.sanchez@hp.com
Date first submitted: March 6, 2006
Reference: 
Document: draft-ietf-radext-vlan-00.txt
Comment type: T
Priority: 2
Section: Table in section 3, individual attributes
Rationale/Explanation of issue: Draft-ietf-radext-vlan-00 does not allow
the new attributes to be sent in ACCESS-REQUEST messages.  If allowed,
attributes in the REQUEST message could serve as 'hints' to the RADIUS
server during the decision making process. 
Requested change:  Allow attributes to be sent ACCESS-REQUEST message
Proposed changes to the document. 

- Descriptions of individual attribute descriptions would be changed to
allow attributes in access request, as follows:
Multiple <attr_name> attributes MAY be included in an Access-Request,
Access-Accept or CoA-Request packet; this attribute MUST NOT be sent
within an Access-Challenge, Access-Reject, Disconnect-Request,
Disconnect-ACK, Disconnect-NAK, CoA-ACK, or CoA-NAK.

-Table in section 3 would be changed to:

   Access-   Access-  Access-  Access-    CoA-
   Request   Accept   Reject   Challenge  Req     #    Attribute
       0+      0+       0        0        0+    TBD  Egress-VLANID
       0-1     0-1      0        0        0-1   TBD  Ingress-Filters
       0+      0+       0        0        0+    TBD  Egress-VLAN-Name
       0-1     0-1      0        0        0-1   TBD  User-Priority-Table


--------------------------------------------
Mauricio Sanchez, CISSP
Network Security Architect
Procurve Networking Business
Hewlett Packard
8000 Foothills Boulevard, ms 5555
Roseville CA, 95747-5557

916.785.1910 Tel
916.785.1815 Fax
mauricio.sanchez@hp.com
--------------------------------------------   


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>