draft-ietf-radius-accounting-00.txt   draft-ietf-radius-accounting-01.txt 
RADIUS Working Group C Rigney RADIUS Working Group C Rigney
INTERNET-DRAFT Livingston INTERNET-DRAFT Livingston
expires in six months November 1995
RADIUS Accounting RADIUS Accounting
draft-ietf-radius-accounting-00.txt draft-ietf-radius-accounting-01.txt
Status of this Memo Status of this Memo
This document is a submission to the RADIUS Working Group of the This document is a submission to the RADIUS Working Group of the
Internet Engineering Task Force (IETF). Comments should be submitted Internet Engineering Task Force (IETF). Comments should be submitted
to the ietf-radius@livingston.com mailing list. to the ietf-radius@livingston.com mailing list.
Distribution of this memo is unlimited. Distribution of this memo is unlimited.
This document is an Internet-Draft. Internet-Drafts are working This document is an Internet-Draft. Internet-Drafts are working
skipping to change at page 1, line 28 skipping to change at page 1, line 30
and its working groups. Note that other groups may also distribute and its working groups. Note that other groups may also distribute
working documents as Internet-Drafts. working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as ``work in progress.'' material or to cite them other than as ``work in progress.''
To learn the current status of any Internet-Draft, please check the To learn the current status of any Internet-Draft, please check the
``1id-abstracts.txt'' listing contained in the Internet-Drafts Shadow ``1id-abstracts.txt'' listing contained in the Internet-Drafts Shadow
Directories on ftp.is.co.za (Africa), nic.nordu.net (Europe), Directories on on ftp.is.co.za (Africa), nic.nordu.net (Europe),
munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or
ftp.isi.edu (US West Coast). ftp.isi.edu (US West Coast).
This document expires January 15th, 1996. This document expires May 31st, 1996.
Abstract Abstract
This document describes a protocol for carrying accounting This document describes a protocol for carrying accounting
information between a Network Access Server and a shared Accounting information between a Network Access Server and a shared Accounting
Server. Server.
Table of Contents Table of Contents
1. Introduction .......................................... 1 1. Introduction .......................................... 1
1.1 Specification of Requirements ................... 2 1.1 Specification of Requirements ................... 2
1.2 Terminology ..................................... 2 1.2 Terminology ..................................... 2
2. Operation ............................................. 3 2. Operation ............................................. 4
3. Packet Format ......................................... 4 3. Packet Format ......................................... 5
4. Packet Types .......................................... 6 4. Packet Types .......................................... 8
4.1 Accounting-Request .............................. 6 4.1 Accounting-Request .............................. 8
4.2 Accounting-Response ............................. 7 4.2 Accounting-Response ............................. 10
5. Attributes ............................................ 9 5. Attributes ............................................ 12
5.1 Acct-Status-Type ................................ 10 5.1 Acct-Status-Type ................................ 13
5.2 Acct-Delay-Time ................................. 11 5.2 Acct-Delay-Time ................................. 14
5.3 Acct-Input-Octets ............................... 12 5.3 Acct-Input-Octets ............................... 15
5.4 Acct-Output-Octets .............................. 12 5.4 Acct-Output-Octets .............................. 15
5.5 Acct-Session-Id ................................. 13 5.5 Acct-Session-Id ................................. 16
5.6 Acct-Authentic .................................. 14 5.6 Acct-Authentic .................................. 17
5.7 Acct-Session-Time ............................... 15 5.7 Acct-Session-Time ............................... 18
5.8 Acct-Input-Packets .............................. 15 5.8 Acct-Input-Packets .............................. 19
5.9 Acct-Output-Packets ............................. 16 5.9 Acct-Output-Packets ............................. 19
5.10 Table of Attributes ............................. 17 5.10 Acct-Terminate-Cause ............................ 20
5.11 Table of Attributes ............................. 22
Security Considerations ...................................... 19 Security Considerations ...................................... 24
References ................................................... 19 References ................................................... 24
Acknowledgements ............................................. 19 Acknowledgements ............................................. 24
Chair's Address .............................................. 20 Chair's Address .............................................. 25
Author's Address ............................................. 20 Author's Address ............................................. 25
1. Introduction 1. Introduction
Managing dispersed serial line and modem pools for large numbers of Managing dispersed serial line and modem pools for large numbers of
users can create the need for significant administrative support. users can create the need for significant administrative support.
Since modem pools are by definition a link to the outside world, they Since modem pools are by definition a link to the outside world, they
require careful attention to security, authorization and accounting. require careful attention to security, authorization and accounting.
This can be best achieved by managing a single "database" of users, This can be best achieved by managing a single "database" of users,
which allows for authentication (verifying user name and password) as which allows for authentication (verifying user name and password) as
well as configuration information detailing the type of service to well as configuration information detailing the type of service to
deliver to the user (that is, SLIP, PPP, telnet, rlogin). deliver to the user (for example, SLIP, PPP, telnet, rlogin).
The RADIUS (Remote Authentication Dial In User Service) Internet- The RADIUS (Remote Authentication Dial In User Service) Internet-
Draft specifies the RADIUS protocol used for Authentication and Draft specifies the RADIUS protocol used for Authentication and
Authorization. This Internet-Draft extends the use of the RADIUS Authorization. This Internet-Draft extends the use of the RADIUS
protocol to cover delivery of accounting information from the Network protocol to cover delivery of accounting information from the Network
Access Server (NAS) to a RADIUS accounting server. Access Server (NAS) to a RADIUS accounting server.
Key features of RADIUS Accounting are: Key features of RADIUS Accounting are:
Client/Server Model Client/Server Model
skipping to change at page 2, line 5 skipping to change at page 2, line 5
Extensible Protocol Extensible Protocol
All transactions are comprised of variable length Attribute- All transactions are comprised of variable length Attribute-
Length-Value 3-tuples. New attribute values can be added Length-Value 3-tuples. New attribute values can be added
without disturbing existing implementations of the protocol. without disturbing existing implementations of the protocol.
Source Code Availability Source Code Availability
Livingston Enterprises is making the C source code for an example Livingston Enterprises is making the C source code for an example
RADIUS accounting server available without use restrictions. RADIUS accounting server available without use restrictions.
Other vendors have also implemented RADIUS Accounting. Other companies have also implemented RADIUS Accounting.
1.1. Specification of Requirements 1.1. Specification of Requirements
In this document, several words are used to signify the requirements In this document, several words are used to signify the requirements
of the specification. These words are often capitalized. of the specification. These words are often capitalized.
MUST This word, or the adjective "required", means that the MUST This word, or the adjective "required", means that the
definition is an absolute requirement of the specification. definition is an absolute requirement of the specification.
MUST NOT This phrase means that the definition is an absolute MUST NOT This phrase means that the definition is an absolute
skipping to change at page 2, line 32 skipping to change at page 2, line 32
different course. different course.
MAY This word, or the adjective "optional", means that this MAY This word, or the adjective "optional", means that this
item is one of an allowed set of alternatives. An item is one of an allowed set of alternatives. An
implementation which does not include this option MUST be implementation which does not include this option MUST be
prepared to interoperate with another implementation which prepared to interoperate with another implementation which
does include the option. does include the option.
1.2. Terminology 1.2. Terminology
This document uses the following term: This document uses the following terms:
service The NAS provides a service to the dial-in user, such as PPP
or Telnet.
session Each service provided by the NAS to a dial-in user
constitutes a session, with the beginning of the session
defined as the point where service is first provided and
the end of the session defined as the point where service
is ended. A user may have multiple sessions in parallel or
series if the NAS supports that, with each session
generating a separate start and stop accounting record.
silently discard silently discard
This means the implementation discards the packet without This means the implementation discards the packet without
further processing. The implementation SHOULD provide the further processing. The implementation SHOULD provide the
capability of logging the error, including the contents of capability of logging the error, including the contents of
the silently discarded packet, and SHOULD record the event the silently discarded packet, and SHOULD record the event
in a statistics counter. in a statistics counter.
2. Operation 2. Operation
skipping to change at page 3, line 22 skipping to change at page 4, line 22
been received. At the end of service delivery the client will been received. At the end of service delivery the client will
generate an Accounting Stop packet describing the type of service generate an Accounting Stop packet describing the type of service
that was delivered and optionally statistics such as elapsed time, that was delivered and optionally statistics such as elapsed time,
input and output octets, or input and output packets. It will send input and output octets, or input and output packets. It will send
that to the RADIUS Accounting server, which will send back an that to the RADIUS Accounting server, which will send back an
acknowledgement that the packet has been received. acknowledgement that the packet has been received.
The Accounting-Request (whether for Start or Stop) is submitted to The Accounting-Request (whether for Start or Stop) is submitted to
the RADIUS accounting server via the network. If no response is the RADIUS accounting server via the network. If no response is
returned within a length of time, the request is re-sent a number of returned within a length of time, the request is re-sent a number of
times. After several failed attempts, the client can also forward times. The client can also forward requests to an alternate server
requests to an alternate server in the event that the primary server or servers in the event that the primary server is down or
is down or unreachable. unreachable. An alternate server can be used either after a number
of tries to the primary server fail, or in a round-robin fashion.
Retry and fallback algorithms are the topic of current research and
are not specified in detail in this document.
It is recommended that the client continue attempting to send the It is recommended that the client continue attempting to send the
Accounting packet until it receives an acknowledgement, using some Accounting packet until it receives an acknowledgement, using some
form of backoff. It MAY elect to send the packet to an alternate form of backoff. It MAY elect to send the packet to an alternate
accounting server. The nature of the timeout algorithms to be used accounting server. The nature of the timeout algorithms to be used
are the topic of current research, and are not further specified are the topic of current research, and are not further specified
here. here.
The RADIUS accounting server MAY make requests of other servers in The RADIUS accounting server MAY make requests of other servers in
order to satisfy the request, in which case it acts as a client. order to satisfy the request, in which case it acts as a client.
If the RADIUS accounting server is unable to successfully record the If the RADIUS accounting server is unable to successfully record the
accounting packet it MUST NOT send an Accounting-Response accounting packet it MUST NOT send an Accounting-Response
acknowledgment to the client. acknowledgment to the client.
3. Packet Format 3. Packet Format
Exactly one RADIUS Accounting packet is encapsulated in the UDP Data Exactly one RADIUS Accounting packet is encapsulated in the UDP Data
field [1], where the UDP Destination Port field indicates 1646. field [1], where the UDP Destination Port field indicates 1646
(decimal).
When a reply is generated, the source and destination ports are When a reply is generated, the source and destination ports are
reversed. reversed.
A summary of the RADIUS data format is shown below. The fields are A summary of the RADIUS data format is shown below. The fields are
transmitted from left to right. transmitted from left to right.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 4, line 50 skipping to change at page 6, line 4
Identifier Identifier
The Identifier field is one octet, and aids in matching requests and The Identifier field is one octet, and aids in matching requests and
replies. replies.
Length Length
The Length field is two octets. It indicates the length of the The Length field is two octets. It indicates the length of the
packet including the Code, Identifier, Length, Authenticator and packet including the Code, Identifier, Length, Authenticator and
Attribute fields. Octets outside the range of the Length field Attribute fields. Octets outside the range of the Length field
should be treated as padding and should be ignored on reception. should be treated as padding and should be ignored on reception. If
the packet is shorter than the Length field indicates, it should be
silently discarded. The minimum length is 20 and maximum length is
4096.
Authenticator Authenticator
The Authenticator field is sixteen (16) octets. The most significant The Authenticator field is sixteen (16) octets. The most significant
octet is transmitted first. This value is used to authenticate the octet is transmitted first. This value is used to authenticate the
messages between the client and RADIUS accounting server. messages between the client and RADIUS accounting server.
Request Authenticator Request Authenticator
In Accounting-Request Packets, the Authenticator value is a 16 In Accounting-Request Packets, the Authenticator value is a 16
skipping to change at page 5, line 30 skipping to change at page 6, line 34
shared secret (where + indicates concatenation). The 16 octet MD5 shared secret (where + indicates concatenation). The 16 octet MD5
hash value is stored in the Authenticator field of the hash value is stored in the Authenticator field of the
Accounting-Request packet. Accounting-Request packet.
Note that the Request Authenticator of an Accounting-Request can Note that the Request Authenticator of an Accounting-Request can
not be done the same way as the Request Authenticator of a RADIUS not be done the same way as the Request Authenticator of a RADIUS
Access-Request, because there is no User-Password attribute in an Access-Request, because there is no User-Password attribute in an
Accounting-Request. Accounting-Request.
[Draft Note - the implementation of RADIUS Accounting in [Draft Note - the implementation of RADIUS Accounting in
Livingston's ComOS 3.1 through 3.1.3 sets the Request Livingston's ComOS 3.1 through 3.1.4 sets the Request
Authenticator to all 0's. The next release will implement the Authenticator to all 0's. A future release will implement the
method described here, after which this Note will be removed from method described here, after which this Note will be removed
the Draft.] from the Draft.]
Response Authenticator Response Authenticator
The Authenticator field in an Accounting-Response packet contains The Authenticator field in an Accounting-Response packet contains
a one-way MD5 hash calculated over a stream of octets consisting a one-way MD5 hash calculated over a stream of octets consisting
of the Accounting-Response Code, Identifier, Length, the of the Accounting-Response Code, Identifier, Length, the
Authenticator field from the Accounting-Request packet being Authenticator field from the Accounting-Request packet being
replied to, and the response attributes if any, followed by the replied to, and the response attributes if any, followed by the
shared secret. The resulting 16 octet MD5 hash value is stored in shared secret. The resulting 16 octet MD5 hash value is stored in
the Authenticator field of the Accounting-Response packet. the Authenticator field of the Accounting-Response packet.
skipping to change at page 6, line 33 skipping to change at page 8, line 33
record the accounting packet. record the accounting packet.
Any attribute valid in a RADIUS Access-Request or Access-Accept Any attribute valid in a RADIUS Access-Request or Access-Accept
packet is valid in a RADIUS Accounting-Request packet, except that packet is valid in a RADIUS Accounting-Request packet, except that
the following attributes MUST NOT be present in an Accounting- the following attributes MUST NOT be present in an Accounting-
Request: User-Password, CHAP-Password, Reply-Message, State. Request: User-Password, CHAP-Password, Reply-Message, State.
Either NAS-IP-Address or NAS-Identifier MUST be present in a Either NAS-IP-Address or NAS-Identifier MUST be present in a
RADIUS Accounting-Request. RADIUS Accounting-Request.
It SHOULD contain a NAS-Port attribute unless the service does not It SHOULD contain a NAS-Port or NAS-Port-Id attribute unless the
involve a port or the NAS does not distinguish among its ports. service does not involve a port or the NAS does not distinguish
among its ports.
A summary of the Accounting-Request packet format is shown below. A summary of the Accounting-Request packet format is shown below.
The fields are transmitted from left to right. The fields are transmitted from left to right.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Code | Identifier | Length | | Code | Identifier | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
skipping to change at page 7, line 28 skipping to change at page 9, line 42
Attributes field and requiring a new Identifier and Request Attributes field and requiring a new Identifier and Request
Authenticator. Authenticator.
Authenticator Authenticator
The Authenticator of an Accounting-Request contains a 16-octet MD5 The Authenticator of an Accounting-Request contains a 16-octet MD5
hash value calculated according to the method described in hash value calculated according to the method described in
"Request Authenticator", above. "Request Authenticator", above.
[Draft Note - the implementation of RADIUS Accounting in [Draft Note - the implementation of RADIUS Accounting in
Livingston's ComOS 3.1 through 3.1.3 sets the Request Livingston's ComOS 3.1 through 3.1.4 sets the Request
Authenticator to all 0's. The next release will implement the Authenticator to all 0's. A future release will implement the
method described here, after which this Note will be removed from method described here, after which this Note will be removed
the Draft.] from the Draft.]
Attributes Attributes
The Attributes field is variable in length, and contains a list of The Attributes field is variable in length, and contains a list of
Attributes. Attributes.
4.2. Accounting-Response 4.2. Accounting-Response
Description Description
skipping to change at page 9, line 10 skipping to change at page 12, line 10
Attributes Attributes
The Attributes field is variable in length, and contains a list of The Attributes field is variable in length, and contains a list of
zero or more Attributes. zero or more Attributes.
5. Attributes 5. Attributes
RADIUS Attributes carry the specific authentication, authorization RADIUS Attributes carry the specific authentication, authorization
and accounting details for the request and response. and accounting details for the request and response.
Some attributes MAY be listed more than once. The effect of this is Some attributes MAY be included more than once. The effect of this
attribute specific, and is specified by each such attribute is attribute specific, and is specified in each attribute
description. description.
The end of the list of attributes is indicated by the length of the The end of the list of attributes is indicated by the Length of the
RADIUS packet. RADIUS packet.
A summary of the attribute format is shown below. The fields are A summary of the attribute format is shown below. The fields are
transmitted from left to right. transmitted from left to right.
0 1 2 0 1 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value ... | Type | Length | Value ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type Type
The Type field is one octet. Up-to-date values of the RADIUS Type The Type field is one octet. Up-to-date values of the RADIUS Type
field are specified in the most recent "Assigned Numbers" RFC [2]. field are specified in the most recent "Assigned Numbers" RFC [2].
Values 192-223 are reserved for experimental use, values 224-240 Values 192-223 are reserved for experimental use, values 224-240
are reserved for implementation-specific use, and values 241-255 are reserved for implementation-specific use, and values 241-255
are reserved and should not be used. This specification concerns are reserved and should not be used. This specification concerns
the following values: the following values:
1-39 Refer to RADIUS Internet-Draft 1-39 (refer to RADIUS Internet-Draft)
40 Acct-Status-Type 40 Acct-Status-Type
41 Acct-Delay-Time 41 Acct-Delay-Time
42 Acct-Input-Octets 42 Acct-Input-Octets
43 Acct-Output-Octets 43 Acct-Output-Octets
44 Acct-Session-Id 44 Acct-Session-Id
45 Acct-Authentic 45 Acct-Authentic
46 Acct-Session-Time 46 Acct-Session-Time
47 Acct-Input-Packets 47 Acct-Input-Packets
48 Acct-Output-Packets 48 Acct-Output-Packets
49 Acct-Termination-Cause
60+ (refer to RADIUS Internet-Draft)
Length Length
The Length field is one octet, and indicates the length of this The Length field is one octet, and indicates the length of this
attribute including the Type, Length and Value fields. If an attribute including the Type, Length and Value fields. If an
attribute is received in an Accounting-Request with an invalid attribute is received in an Accounting-Request with an invalid
Length, the entire request should be silently discarded. Length, the entire request should be silently discarded.
Value Value
skipping to change at page 10, line 20 skipping to change at page 13, line 22
The format of the value field is one of four data types. The format of the value field is one of four data types.
string 0-253 octets string 0-253 octets
address 32 bit value, most significant octet first. address 32 bit value, most significant octet first.
integer 32 bit value, most significant octet first. integer 32 bit value, most significant octet first.
time 32 bit value, most significant octet first -- seconds time 32 bit value, most significant octet first -- seconds
since 00:00:00 GMT, January 1, 1970. since 00:00:00 GMT, January 1, 1970. The standard
Attributes do not use this data type but it is presented
here for possible use within Vendor-Specific attributes.
5.1. Acct-Status-Type 5.1. Acct-Status-Type
Description Description
This attribute indicates whether this Accounting-Request marks the This attribute indicates whether this Accounting-Request marks the
beginning of the user service (Start) or the end (Stop). beginning of the user service (Start) or the end (Stop).
It MAY also be used by the client to mark the start of accounting
(for example, upon booting) by specifying Accounting-On and to
mark the end of accounting (for example, just before a scheduled
reboot) by specifying Accounting-Off.
A summary of the Acct-Status-Type attribute format is shown below. A summary of the Acct-Status-Type attribute format is shown below.
The fields are transmitted from left to right. The fields are transmitted from left to right.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value | Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) | Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 10, line 39 skipping to change at page 14, line 4
A summary of the Acct-Status-Type attribute format is shown below. A summary of the Acct-Status-Type attribute format is shown below.
The fields are transmitted from left to right. The fields are transmitted from left to right.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value | Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) | Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type Type
40 for Acct-Status-Type. 40 for Acct-Status-Type.
Length Length
6 6
Value Value
The Value field is four octets. The Value field is four octets.
1 Start 1 Start
2 Stop 2 Stop
3 Accounting-On
4 Accounting-Off
5.2. Acct-Delay-Time 5.2. Acct-Delay-Time
Description Description
This attribute indicates how many seconds the client has been This attribute indicates how many seconds the client has been
trying to send this record for, and can be subtracted from the trying to send this record for, and can be subtracted from the
time of arrival on the server to find the approximate time of the time of arrival on the server to find the approximate time of the
event generating this Accounting-Request. (Network transit time event generating this Accounting-Request. (Network transit time
is ignored.) is ignored.)
Note that changing the Acct-Delay-Time causes the Identifier to
change; see the discussion under Identifier above.
A summary of the Acct-Delay-Time attribute format is shown below. A summary of the Acct-Delay-Time attribute format is shown below.
The fields are transmitted from left to right. The fields are transmitted from left to right.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value | Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) | Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 13, line 39 skipping to change at page 16, line 46
This attribute is a unique Accounting ID to make it easy to match This attribute is a unique Accounting ID to make it easy to match
start and stop records in a log file. The start and stop records start and stop records in a log file. The start and stop records
for a given session MUST have the same Acct-Session-Id. It is for a given session MUST have the same Acct-Session-Id. It is
strongly recommended that the Acct-Session-Id be a printable ASCII strongly recommended that the Acct-Session-Id be a printable ASCII
string. string.
For example, one implementation uses a string with an 8-digit For example, one implementation uses a string with an 8-digit
uppercase hexadecimal number, the first two digits increment on uppercase hexadecimal number, the first two digits increment on
each reboot (wrapping every 256 reboots) and the next 6 digits each reboot (wrapping every 256 reboots) and the next 6 digits
counting from 0 for the first person logging in after a reboot up counting from 0 for the first person logging in after a reboot up
to 2^24-1, about 16 million. Other encodings are permissible. to 2^24-1, about 16 million. Other encodings are possible.
A summary of the Acct-Session-Id attribute format is shown below. A summary of the Acct-Session-Id attribute format is shown below.
The fields are transmitted from left to right. The fields are transmitted from left to right.
0 1 2 0 1 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | String ... | Type | Length | String ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type Type
44 for Acct-Session-Id. 44 for Acct-Session-Id.
Length Length
>= 3 >= 3
String String
skipping to change at page 14, line 14 skipping to change at page 17, line 23
Type Type
44 for Acct-Session-Id. 44 for Acct-Session-Id.
Length Length
>= 3 >= 3
String String
The String field is a string of printable ASCII characters. The String field SHOULD be a string of printable ASCII characters.
5.6. Acct-Authentic 5.6. Acct-Authentic
Description Description
This attribute indicates how the user was authenticated, whether This attribute MAY be included in an Accounting-Request to
by RADIUS or by the NAS itself. Users who are delivered service indicate how the user was authenticated, whether by RADIUS, the
without being authenticated should not generate Accounting NAS itself, or another remote authentication protocol. Users who
records. are delivered service without being authenticated SHOULD NOT
generate Accounting records.
A summary of the Acct-Authentic attribute format is shown below. The A summary of the Acct-Authentic attribute format is shown below. The
fields are transmitted from left to right. fields are transmitted from left to right.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value | Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) | Value (cont) |
skipping to change at page 15, line 7 skipping to change at page 18, line 15
Length Length
6 6
Value Value
The Value field is four octets. The Value field is four octets.
1 RADIUS 1 RADIUS
2 Local 2 Local
3 Remote
5.7. Acct-Session-Time 5.7. Acct-Session-Time
Description Description
This attribute indicates how many seconds the user has received This attribute indicates how many seconds the user has received
service for, and can only be present in Accounting-Request records service for, and can only be present in Accounting-Request records
where the Acct-Status-Type is set to Stop. where the Acct-Status-Type is set to Stop.
A summary of the Acct-Session-Time attribute format is shown below. A summary of the Acct-Session-Time attribute format is shown below.
skipping to change at page 17, line 16 skipping to change at page 20, line 25
48 for Acct-Output-Packets. 48 for Acct-Output-Packets.
Length Length
6 6
Value Value
The Value field is four octets. The Value field is four octets.
5.10. Table of Attributes 5.10. Acct-Terminate-Cause
Description
This attribute indicates how the session was terminated, and can
only be present in Accounting-Request records where the Acct-
Status-Type is set to Stop.
A summary of the Acct-Terminate-Cause attribute format is shown
below. The fields are transmitted from left to right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
49 for Acct-Terminate-Cause
Length
6
Value
The Value field is four octets, containing an integer specifying
the cause of session termination, as follows:
1 User Request
2 Lost Carrier
3 Lost Service
4 Idle Timeout
5 Session Timeout
6 Admin Reset
7 Admin Reboot
8 Port Error
9 NAS Error
10 NAS Request
[Draft Note - These values are the topic of current research
and discussion and may change by the next draft depending on
implementation experience. Please contact the document editor
for an updated list.]
The termination causes are as follows:
User Request User requested termination of service, for
example with LCP Terminate or by logging out.
Lost Carrier DCD was dropped on the port.
Lost Service Service can no longer be provided; for example,
user's connection to a host was interrupted.
Idle Timeout Idle timer expired.
Session Timeout Maximum Session length timer expired.
Admin Reset Administrator reset the port or session.
Admin Reboot Administrator is ending service on the NAS, for
example prior to bringing the NAS down.
Port Error NAS detected an error on the port which required
ending the session.
NAS Error NAS detected some error (other than on the port)
which required ending the session.
NAS Request NAS ended session for a reason other than the
above. For example, a low-water mark may have
been reached or a resource-limit exceeded.
5.11. Table of Attributes
The following table provides a guide to which attributes may be found The following table provides a guide to which attributes may be found
in Accounting-Request packets. No attributes should be found in in Accounting-Request packets. No attributes should be found in
Accounting-Response packets (except possibly for Vendor-Specific). Accounting-Response packets (except possibly for Vendor-Specific).
# Attribute # Attribute
0-1 User-Name 0-1 User-Name
0 User-Password 0 User-Password
0 CHAP-Password 0 CHAP-Password
0-1 NAS-IP-Address [4] 0-1 NAS-IP-Address [4]
skipping to change at page 18, line 22 skipping to change at page 23, line 19
0-1 Framed-AppleTalk-Zone 0-1 Framed-AppleTalk-Zone
1 Acct-Status-Type 1 Acct-Status-Type
0-1 Acct-Delay-Time 0-1 Acct-Delay-Time
0-1 Acct-Input-Octets 0-1 Acct-Input-Octets
0-1 Acct-Output-Octets 0-1 Acct-Output-Octets
1 Acct-Session-Id 1 Acct-Session-Id
0-1 Acct-Authentic 0-1 Acct-Authentic
0-1 Acct-Session-Time 0-1 Acct-Session-Time
0-1 Acct-Input-Packets 0-1 Acct-Input-Packets
0-1 Acct-Output-Packets 0-1 Acct-Output-Packets
0-1 Acct-Terminate-Cause
0 CHAP-Challenge
0-1 NAS-Port-Id
0-1 Port-Limit
[4] An Accounting-Request MUST contain either a NAS-IP-Address or a [4] An Accounting-Request MUST contain either a NAS-IP-Address or a
NAS-Identifier, and it is permitted (but not recommended) for it to NAS-Identifier, and it is permitted (but not recommended) for it to
contain both. contain both.
The following table defines the meaning of the above table entries. The following table defines the meaning of the above table entries.
0 This attribute MUST NOT be present 0 This attribute MUST NOT be present
0+ Zero or more instances of this attribute MAY be present. 0+ Zero or more instances of this attribute MAY be present.
0-1 Zero or one instance of this attribute MAY be present. 0-1 Zero or one instance of this attribute MAY be present.
skipping to change at page 20, line 28 skipping to change at page 25, line 28
Questions about this memo can also be directed to: Questions about this memo can also be directed to:
Carl Rigney Carl Rigney
Livingston Enterprises Livingston Enterprises
6920 Koll Center Parkway, Suite 220 6920 Koll Center Parkway, Suite 220
Pleasanton, California 94566 Pleasanton, California 94566
EMail: cdr@livingston.com EMail: cdr@livingston.com
This document expires January 15th, 1996. This document expires May 31st, 1996.
 End of changes. 41 change blocks. 
55 lines changed or deleted 175 lines changed or added

This html diff was produced by rfcdiff 1.34. The latest version is available from http://tools.ietf.org/tools/rfcdiff/