Versionen im Vergleich

Alte Version 3

changes.mady.by.user LANCOM Redaktion

Gespeichert am

verglichen mit

Neue Version Aktuell

changes.mady.by.user LANCOM Redaktion

Gespeichert am

Schlüssel

  • Diese Zeile wurde hinzugefügt.
  • Diese Zeile wurde entfernt.
  • Formatierung wurde geändert.
Seiteneigenschaften



Information:
In addition to the standard RADIUS attributes described in RFC 2865 and RFC 2866, LANCOM Systems provides vendor-specific attributes (VSAs) which are returned to RADIUS clients in RADIUS response messages. The following table contains a listing of
the
the LANCOM-specific RADIUS VSAs.
The LANCOM vendor ID is 2356.
When operating an external RADIUS server, it must be capable of passing vendor-specific attributes to the LANCOM router. The following file supplies the attributes as a FreeRADIUS dictionary:
View file
name
Image Removed
lancom.dictionary
height150

Identifier
Attribute name
Attribute ID
Attribute type
Extensions
MeaningUsed by the following LCOS module
ATTRIBUTELCS-Traffic-Limit
1
integer
Image Removed
Image Added
Defines the data volume in bytes after which the device automatically ends the session. This value is useful for volume-limited accounts. If this attribute is missing in the authentication response, it is assumed that no volume limit applies. A traffic limit of 0 is interpreted as an account which is principally valid, however with a used-up volume budget. The device does not start a session in this case.

Should the traffic limit be higher than the 4 GiB that can be represented here, use the attribute 'LCS-Traffic-Limit-Gigawords'.		Public Spot
ATTRIBUTELCS-Mac-Address
2
string
Image Removed
Image Added
MAC address of your devicePublic Spot
ATTRIBUTELCS-Redirection-URL
3
string
Image Removed
Image Added
This can contain any URL that is offered as an additional link on the start page. This can be the start page of the user or a page with additional information about the user account.Public Spot
ATTRIBUTELCS-Comment
4
string
Image Removed
Image Added
Contains the comment about the user account.Public Spot
ATTRIBUTELCS-Account-End
5
integer
Image Removed
Image Added
Defines an absolute point in time (measured in seconds since January 1, 1970 0:00:00) after which the account becomes invalid. If this attribute is missing, an unlimited account is assumed. The device does not start a session if its internal clock has not been set, or the given point in time is in the past.Public Spot
ATTRIBUTELCS-WPA-Passphrase
6
string
Image Removed
Image Added
Contains the WPA passphrase for the user account (WLAN client MAC address). Is used in conjunction with LEPS (LANCOM Enhanced Passphrase Security).WLAN (LEPS)
ATTRIBUTELCS-PbSpotUserName
7
string
Image Removed
Image Added
Contains the name of a Public Spot user for auto-login. Auto-login refers to the table of MAC authenticated users who are automatically assigned usernames by the server.Public Spot
ATTRIBUTELCS-TxRateLimit
8
integer
Image Removed
Image Added
Defines the maximum downstream rate in kbps. This restriction may be combined with the corresponding Public Spot function.Public Spot
ATTRIBUTELCS-RxRateLimit
9
integer
Image Removed
Image Added
Defines the maximum upstream rate in kbps. This restriction may be combined with the corresponding Public Spot function.Public Spot
ATTRIBUTELCS-Access-Rights
11
integer
Image Removed
Image Added
Access rights given to a device administrator for the RADIUS-based login.Device login
ATTRIBUTELCS-Function-Rights
12
integer
Image Removed
Image Added
Privileges given to a device administrator for the RADIUS-based login.Device login
ATTRIBUTELCS-Advertisement-URL
13
string
Image Removed
Image Added
Specifies a comma-separated list of advertisement URLs.Public Spot
ATTRIBUTELCS-Advertisement-Interval
14
integer
Image Removed
Image Added
Specifies the interval in minutes after which the Public Spot reroutes a user to an advertisement URL. With an interval of 0 forwarding occurs directly after login.Public Spot
ATTRIBUTELCS-Traffic-Limit-Gigawords
15
integer
Image Removed
Image Added
Contains the upper 32 bits of the traffic limit.Public Spot
ATTRIBUTELCS-Orig-NAS-Identifier
16
string
Image Removed
Image Added
For forwarded RADIUS requests, this contains the original NAS identifier (prior to the forwarding).RADIUS server
ATTRIBUTELCS-Orig-NAS-IP-Address
17
ipaddr
Image Removed
Image Added
For forwarded RADIUS requests, this contains the original IPv4 NAS address (prior to the forwarding).RADIUS server
ATTRIBUTELCS-Orig-NAS-IPv6-Address
18
ipv6addr
Image Removed
Image Added
For forwarded RADIUS requests, this contains the original IPv6 NAS address (prior to the forwarding).RADIUS server
ATTRIBUTELCS-IKEv2-Local-Password
19
string
has_tag,encrypt=2Contains the local PSK used in the context of IKEv2. This attribute is transmitted in an encrypted state.VPN / IKEv2
ATTRIBUTELCS-IKEv2-Remote-Password
20
string
has_tag,encrypt=2Contains the remote PSK used as a part of IKEv2. This attribute is transmitted in an encrypted state.VPN / IKEv2
ATTRIBUTELCS-DNS-Server-IPv4-Address
21
ipaddr
Image Removed
Image Added
Contains the IPv4 DNS servers announced via Config Payload as a part of IKEv2.VPN / IKEv2
ATTRIBUTELCS-VPN-IPv4-Rule
22
string
Image Removed
Image Added
Contains the IPv4 network rule(s) used as a part of IKEv2.
Example: 10.1.1.0/24,10.2.0.0/16 * 172.32.0.0/12		VPN / IKEv2
ATTRIBUTELCS-VPN-IPv6-Rule
23
string
Image Removed
Image Added
Contains the IPv6 network rule(s) used as a part of IKEv2.
Example: 2001:db8:1::/48 * 2001:db8:6::/48		VPN / IKEv2
ATTRIBUTELCS-Routing-Tag
24
integer
Image Removed
Image Added
Contains the routing tag used to connect to the remote site as a part of IKEv2.VPN / IKEv2, PPP, L2TP, etc.
ATTRIBUTELCS-IKEv2-IPv4-Route
25
string
Image Removed
Image Added
Contains the IPv4 route(s) announced via Config Payload as a part of IKEv2.
Example: 192.168.1.0/24		VPN / IKEv2
ATTRIBUTELCS-IKEv2-IPv6-Route
26
string
Image Removed
Image Added
Contains the IPv6 route(s) announced via Config Payload as a part of IKEv2.
Example: 2001:db8::/64		VPN / IKEv2