New Issue: RE: RADEXT WG last call on VLAN and Priority Document

["Nelson, David" <dnelson@enterasys.com>]

Submitter name: Dave Nelson
Submitter email address: dnelson@enterasys.com
Date first submitted: April 18, 2006
Reference: 
Document: VLAN & Priority Attributes
Comment type: 'T'echnical
Priority: '1' Should fix
Section: New text (maybe for Section 1.3, Attribute Interpretation)
Rationale/Explanation of issue:

An explanation of how the attributes in this document would be applied
to multi-user authentication environments, by means of "virtual ports"
is required.  The base IEEE 802 documents assume per physical port
granularity. In the absence of explanation, conflicting results may
occur.

Requested change:

Add the following text:

The semantics of the RADIUS attributes described in this
document apply to a single instance of a NAS port, or more
specifically an IEEE 802.1Q bridge port.  The underlying IEEE
802 standards, as listed in the references section, do not
recognize finer management granularity than "per port".  In 
some cases, such as with IEEE 802.11 wireless LANs, the concept
of a "virtual port" is used in place of the physical port. 
Such virtual ports are typically based on security associations
and scoped by station, or MAC address.

If a NAS implementation, conforming to this document,
supports "virtual ports", it may be possible to provision
those "virtual ports" with unique values of the attributes
described in this document allowing multiple users sharing
the same physical port to each have a unique set of authorization
parameters.  The authorization parameters are applied on a
per user basis and it is expected that there is a single user
per port, however in some cases that port may be a "virtual
port".

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>