New Issue: RE: RADEXT WG last call on VLAN and Priority Document
"Nelson, David" <dnelson@enterasys.com> Tue, 18 April 2006 22:41 UTC
Envelope-to: radiusext-data@psg.com
Delivery-date: Tue, 18 Apr 2006 22:42:10 +0000
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: New Issue: RE: RADEXT WG last call on VLAN and Priority Document
Date: Tue, 18 Apr 2006 18:41:51 -0400
Message-ID: <3CFB564E055A594B82C4FE89D21565602191EB@MABOSEVS2.ets.enterasys.com>
Thread-Topic: New Issue: RE: RADEXT WG last call on VLAN and Priority Document
Thread-Index: AcZfTy8S8DV2oohdS1q8e/Rq1+Z5ewD6SipQ
From: "Nelson, David" <dnelson@enterasys.com>
To: radiusext@ops.ietf.org
Submitter name: Dave Nelson Submitter email address: dnelson@enterasys.com Date first submitted: April 18, 2006 Reference: Document: VLAN & Priority Attributes Comment type: 'T'echnical Priority: '1' Should fix Section: New text (maybe for Section 1.3, Attribute Interpretation) Rationale/Explanation of issue: An explanation of how the attributes in this document would be applied to multi-user authentication environments, by means of "virtual ports" is required. The base IEEE 802 documents assume per physical port granularity. In the absence of explanation, conflicting results may occur. Requested change: Add the following text: The semantics of the RADIUS attributes described in this document apply to a single instance of a NAS port, or more specifically an IEEE 802.1Q bridge port. The underlying IEEE 802 standards, as listed in the references section, do not recognize finer management granularity than "per port". In some cases, such as with IEEE 802.11 wireless LANs, the concept of a "virtual port" is used in place of the physical port. Such virtual ports are typically based on security associations and scoped by station, or MAC address. If a NAS implementation, conforming to this document, supports "virtual ports", it may be possible to provision those "virtual ports" with unique values of the attributes described in this document allowing multiple users sharing the same physical port to each have a unique set of authorization parameters. The authorization parameters are applied on a per user basis and it is expected that there is a single user per port, however in some cases that port may be a "virtual port". -- to unsubscribe send a message to radiusext-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://psg.com/lists/radiusext/>
- New Issue: RE: RADEXT WG last call on VLAN and Pr… Nelson, David