[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [radext] #60: Behavior in response to CoA-Request

To: stefan.winter@restena.lu, bernard_aboba@hotmail.com
Subject: Re: [radext] #60: Behavior in response to CoA-Request
From: "radext issue tracker" <trac+radext@zinfandel.tools.ietf.org>
Date: Fri, 04 Mar 2011 09:38:51 -0000
Auto-submitted: auto-generated
Cc: radiusext@ops.ietf.org
In-reply-to: <066.213c85ddfb8f0769b494d5bb71c885dd@trac.tools.ietf.org>
References: <066.213c85ddfb8f0769b494d5bb71c885dd@trac.tools.ietf.org>
Reply-to: radiusext@ops.ietf.org

#60: Behavior in response to CoA-Request

Changes (by stefan.winter@â):

  * status:  new => closed
  * resolution:  => worksforme


Comment:

 A poll was held on the WG mailing list to determine whether Auth/Acct/CoA
 should be on separte connections (separate ports).
 The poll favoured to stay on one port for all traffic. This requires a
 RADIUS/TLS enabled DAS to implement a CoA-NAK as an indication of
 unwillingness to process CoA requests.
 This is in line with the text of the -07 draft and remains unchanged for
 -08.

 -08 will include further text regarding RADIUS Accounting. For reference,
 the text for both packet types in -08 is below:

 (4) RADIUS [RFC2865] used negative ICMP responses to a newly allocated UDP
 port to signal that a peer RADIUS server does not support reception and
 processing of the packet types in [RFC5176]. These packet types are listed
 as to be received in RADIUS/TLS implementations.  Note well: it is not
 required for an implementation to actually process these packet types.  It
 is sufficient that upon receiving such a packet, an unconditional NAK is
 sent back to indicate that the action is not supported.

 (5) RADIUS [RFC2865] used negative ICMP responses to a newly allocated UDP
 port to signal that a peer RADIUS server does not support reception and
 processing of RADIUS Accounting packets.  There is no RADIUS datagram to
 signal an Accounting NAK.  Clients may be misconfigured to send Accounting
 packets to a RADIUS/TLS server which does not wish to process their
 Accounting packet.  The server will need to silently drop the packet.  The
 client will need to deduce from the absence of replies that it is
 misconfigured; no negative ICMP response will reveal this.

-- 
---------------------------------------+------------------------------------
 Reporter:  bernard_aboba@â            |        Owner:  stefan.winter@â         
     Type:  defect                     |       Status:  closed                  
 Priority:  major                      |    Milestone:  milestone1              
Component:  radsec                     |      Version:  1.0                     
 Severity:  In WG Last Call            |   Resolution:  worksforme              
 Keywords:                             |  
---------------------------------------+------------------------------------

Ticket URL: <http://trac.tools.ietf.org/wg/radext/trac/ticket/60#comment:2>
radext <http://tools.ietf.org/radext/>


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Prev by Date: Re: [radext] #56: Review
Next by Date: Re: [radext] #22: Review
Previous by thread: Re: [radext] radsec #60 (new): Behavior in response to CoA-Request
Next by thread: RADEXT WG Last Call: "RADIUS attributes for IPv6 Access Networks"
Index(es):
- Date
- Thread