Document ID: 13845
Including Attribute 26
The layout of Remote Authentication Dial In User Service (RADIUS) packets for authentication and accounting is described in RFCs 2138 and 2139. This document provides an example of the breakdown of packets in an exchange between a RADIUS client and a RADIUS server, which includes sending vendor-specific attribute 26, and our vendor code 9 (Cisco). The RADIUS client is rtpkrb.rtp.cisco.com and rtp-pinecone.rtp.cisco.com is the RADIUS server. In the following exchange:
- rtpkrb sends an access-request to rtp-pinecone.
- rtp-pinecone sends an access-accept to rtpkrb.
- rtpkrb sends an accounting-request (start) to rtp-pinecone.
- rtp-pinecone sends an accounting-response to rtpkrb.
- rtpkrb sends an accounting-request (stop) to rtp-pinecone.
- rtp-pinecone sends an accounting-response to rtpkrb.
PktID Timestamp Size Source Node Destination Node Status Protocol ------------------------------------------------------------------------------- 1 18:14:20.355 0119 rtpkrb.rtp.cisco. rtp-pinecone.rtp. DoD UDP Frame 1 Size 119 Absolute Time Sep 21 18:14:20.355 ASCII MODE ------------------------------------------------------------------------------- 00000: 08 00 20 1a 5f 3d 00 00 0c 5c 5b 38 08 00 45 00 .. ._=...\[8..E. 00016: 00 65 04 e0 00 00 fd 11 8b da 0a 1f 01 05 ab 44 .e.............D 00032: 76 65 06 6d 06 6d 00 51 af 1b 01 09 00 49 a4 74 ve.m.m.Q.....I.t 00048: 24 e1 6f ce 77 79 88 6e e7 be 3c fe 0d a2 04 06 $.o.wy.n..<..... 00064: 0a 1f 01 05 05 06 00 00 00 12 3d 06 00 00 00 05 ..........=..... 00080: 01 06 62 69 6c 6c 1f 0b 31 30 2e 33 31 2e 31 2e ..bill..10.31.1. 00096: 35 02 12 fe 57 fc ec b1 88 e1 91 50 c2 fd de 8f 5...W......P.... 00112: 3f 69 20 cc 5c 19 97 ?i .\.. X-byte Value Meaning 42 01 access request 43 09 identifier 44-45 0049 length (X49 = 73 = byte 42-114) 46-61 Request Authenticator 62 04 Attribute 4 = NAS-IP-Address 63 06 length of attribute 64-67 0a 1f 01 05 10.31.1.5 68 05 Attribute 5 = NAS-Port 69 06 length of attribute 70-73 12 X12 = 18 (i.e. tty 18) 74 3d Attribute 61 = NAS-Port-Type 75 06 length of attribute 76-79 00 00 00 05 5 = virtual 80 01 Attribute 1 = User-Name 81 06 length of attribute 82-85 62 69 6c 6c 'bill' 86 1f Attribute 31 = Calling-Station-ID 87 0b length of attribute 88-96 31 30 2e 33 31 2e 31 2e 35 = 10.31.1.5 97 02 Attribute 2 = User-Password 98 12 length of attribute 99-114 fe 57 fc ec b1 88 e1 91 50 c2 fd de 8f 3f 69 20 = encrypted password PktID Timestamp Size Source Node Destination Node Status Protocol ------------------------------------------------------------------------------- 2 18:14:20.468 0097 rtp-pinecone.rtp. rtpkrb.rtp.cisco. DoD UDP Frame 2 Size 97 Absolute Time Sep 21 18:14:20.468 ASCII MODE ------------------------------------------------------------------------------- 00000: 00 00 0c 5c 5b 38 08 00 20 1a 5f 3d 08 00 45 00 ...\[8.. ._=..E. 00016: 00 4f 9b f1 00 00 3c 11 b5 df ab 44 76 65 0a 1f .O....<....Dve.. 00032: 01 05 06 6d 06 6d 00 3b 00 00 02 09 00 33 be f9 ...m.m.;.....3.. 00048: c7 59 9b 6f 6b ee b2 11 d4 67 38 a6 e0 72 06 06 .Y.ok....g8..r.. 00064: 00 00 00 06 1a 19 00 00 00 09 01 13 73 68 65 6c ............shel 00080: 6c 3a 70 72 69 76 2d 6c 76 6c 3d 31 35 b0 6c 39 l:priv-lvl=15.l9 00096: d9 . X-byte Value Meaning 42 02 access accept 43 09 identifier 44-45 0033 length (X22 = 51 = bytes 42-92) 46-61 Request Authenticator 62 06 Attribute 6 = Service-Type 63 06 length of attribute 64-67 00 00 00 06 6 = Administrative User 68 1a Attribute 26 = Vendor-Specific Attribute 69 19 length of attribute 70-73 09 Vendor Code 09 = Cisco 74 01 Vendor Type 75 13 Vendor length 76-92 Attribute Specific (shell:priv-lvl=15) PktID Timestamp Size Source Node Destination Node Status Protocol ------------------------------------------------------------------------------- 3 18:14:20.500 0135 rtpkrb.rtp.cisco. rtp-pinecone.rtp. DoD UDP Frame 3 Size 135 Absolute Time Sep 21 18:14:20.500 ASCII MODE ------------------------------------------------------------------------------- 00000: 08 00 20 1a 5f 3d 00 00 0c 5c 5b 38 08 00 45 00 .. ._=...\[8..E. 00016: 00 75 04 e2 00 00 fd 11 8b c8 0a 1f 01 05 ab 44 .u.............D 00032: 76 65 06 6e 06 6e 00 61 c7 33 04 0a 00 59 e9 5e ve.n.n.a.3...Y.^ 00048: ab 2b e8 46 87 27 9e ff 87 a3 68 b8 41 32 04 06 .+.F.'....h.A2.. 00064: 0a 1f 01 05 05 06 00 00 00 12 3d 06 00 00 00 05 ..........=..... 00080: 01 06 62 69 6c 6c 1f 0b 31 30 2e 33 31 2e 31 2e ..bill..10.31.1. 00096: 35 28 06 00 00 00 01 2d 06 00 00 00 01 06 06 00 5(.....-........ 00112: 00 00 07 2c 0a 30 30 30 30 30 30 30 32 29 06 00 ...,.00000002).. 00128: 00 00 00 ee d9 6d 6f .....mo X-byte Value Meaning 42 04 accounting request 43 0a identifier 44-45 0059 Length (X59 = 89 = bytes 42-130) 46-61 Request Authenticator 62 04 Attribute 4 = NAS-IP-Address 63 06 length of attribute 64-67 0a 1f 01 0f 10.31.1.5 68 05 Attribute 5 = NAS-Port 69 06 length of attribute 70-73 12 X12 = 18 (i.e. tty 18) 74 3d Attribute 61 = NAS-Port-Type 75 06 length of attribute 76-79 00 00 00 05 5 = Virtual 80 01 Attribute 1 = User-Name 81 06 length of attribute 82-85 62 69 6c 6c 'bill' 86 1f Attribute 31 = Calling-Station-Id 87 0b length of attribute 88-96 31 30 2e 33 31 2e 31 2e 35 = 10.31.1.5 97 28 Attribute 40 = Acct-Status-Type 98 06 length of attribute 99-102 00 00 00 01 '1' = Start 103 2d Attribute 45 = Acct-Authentic 104 06 length of attribute 105-108 00 00 00 01 '1' = Radius 109 06 Attribute 6 = Service-Type 110 06 length of attribute 111-114 00 00 00 07 '7' = NAS prompt 115 2c Attribute 48 = Acct-Output-Packets 116 0a length of attribute 117-124 30 30 30 30 30 30 30 32 = '2' 125 29 Attribute 41 = Acct-Delay-Time 126 06 length of attribute 127-130 00 '0' PktID Timestamp Size Source Node Destination Node Status Protocol ------------------------------------------------------------------------------- 4 18:14:20.556 0066 rtp-pinecone.rtp. rtpkrb.rtp.cisco. DoD UDP Frame 4 Size 66 Absolute Time Sep 21 18:14:20.556 ASCII MODE ------------------------------------------------------------------------------- 00000: 00 00 0c 5c 5b 38 08 00 20 1a 5f 3d 08 00 45 00 ...\[8.. ._=..E. 00016: 00 30 9c 17 00 00 3c 11 b5 d8 ab 44 76 65 0a 1f .0....<....Dve.. 00032: 01 05 06 6e 06 6e 00 1c 00 00 05 0a 00 14 74 4d ...n.n........tM 00048: d3 e8 8c 95 4d c7 2f b5 6a 1b eb e4 b5 3f 0d 0a ....M./.j....?.. 00064: 98 ba .. X-byte Value Meaning 42 05 accounting response 43 0a identifier 44-45 0014 Length (X14 = 20 = bytes 42-61) 46-61 Request Authenticator PktID Timestamp Size Source Node Destination Node Status Protocol ------------------------------------------------------------------------------- 5 18:14:23.660 0147 rtpkrb.rtp.cisco. rtp-pinecone.rtp. DoD UDP Frame 5 Size 147 Absolute Time Sep 21 18:14:23.660 ASCII MODE ------------------------------------------------------------------------------- 00000: 08 00 20 1a 5f 3d 00 00 0c 5c 5b 38 08 00 45 00 .. ._=...\[8..E. 00016: 00 81 04 f5 00 00 fd 11 8b a9 0a 1f 01 05 ab 44 ...............D 00032: 76 65 06 6e 06 6e 00 6d 86 b0 04 0b 00 65 2b 8b ve.n.n.m.....e+. 00048: 5a fb bf ab de d9 2e 47 61 ae da ff 73 84 04 06 Z......Ga...s... 00064: 0a 1f 01 05 05 06 00 00 00 12 3d 06 00 00 00 05 ..........=..... 00080: 01 06 62 69 6c 6c 1f 0b 31 30 2e 33 31 2e 31 2e ..bill..10.31.1. 00096: 35 28 06 00 00 00 02 2d 06 00 00 00 01 06 06 00 5(.....-........ 00112: 00 00 07 2c 0a 30 30 30 30 30 30 30 32 31 06 00 ...,.000000021.. 00128: 00 00 01 2e 06 00 00 00 03 29 06 00 00 00 00 6a .........).....j 00144: 81 16 29 ..) X-byte Value Meaning 42 04 accounting request 43 0b identifier 44-45 0065 Length (X65 = 101 = bytes 42-142) 46-61 Request Authenticator 62 04 Attribute 4 = NAS-IP-Address 63 06 length of attribute 64-67 0a 1f 01 0f 10.31.1.5 68 05 Attribute 5 = NAS-Port 69 06 length of attribute 70-73 12 X12 = 18 (i.e. tty 18) 74 3d Attribute 61 = NAS-Port-Type 75 06 length of attribute 76-79 00 00 00 05 5 = Virtual 80 01 Attribute 1 = User-Name 81 06 length of attribute 82-85 62 69 6c 6c 'bill' 86 1f Attribute 31 = Calling-Station-Id 87 0b length of attribute 88-96 31 30 2e 33 31 2e 31 2e 35 = 10.31.1.5 97 28 Attribute 40 = Acct-Status-Type 98 06 length of attribute 99-102 00 00 00 02 '2' = Stop 103 2d Attribute 45 = Acct-Authentic 104 06 length of attribute 105-108 00 00 00 01 '1' = Radius 109 06 Attribute 6 = Service-Type 110 06 length of attribute 111-114 00 00 00 07 '7' = NAS prompt 115 2c Attribute 44 = Acct-Session-Id 116 0a length of attribute 117-124 30 30 30 30 30 30 30 32 = '2' 125 31 Attribute 49 = Acct-Terminate-Cause 126 06 length of attribute 127-130 01 '1' = user request 131 2e Attribute 46 = Acct-Session-Time 132 06 length of attribute 133-136 00 00 00 03 '3' 137 29 Attribute 41 = Acct-Delay-Time 138 06 length of attribute 139-142 00 00 00 00 '0' PktID Timestamp Size Source Node Destination Node Status Protocol ------------------------------------------------------------------------------- 6 18:14:23.747 0066 rtp-pinecone.rtp. rtpkrb.rtp.cisco. DoD UDP Frame 6 Size 66 Absolute Time Sep 21 18:14:23.747 ASCII MODE ------------------------------------------------------------------------------- 00000: 00 00 0c 5c 5b 38 08 00 20 1a 5f 3d 08 00 45 00 ...\[8.. ._=..E. 00016: 00 30 9c 3f 00 00 3c 11 b5 b0 ab 44 76 65 0a 1f .0.?..<....Dve.. 00032: 01 05 06 6e 06 6e 00 1c 00 00 05 0b 00 14 0b 60 ...n.n.........` 00048: d2 d7 ff e4 6c f5 cb ea f1 b0 76 7d 06 b2 a0 f8 ....l.....v}.... 00064: 52 eb R. X-byte Value Meaning 42 05 accounting response 43 0b identifier 44-45 0014 Length (X14 = 20 = bytes 42-61) 46-61 Request Authenticator
Related Information
Updated: May 03, 2004 | Document ID: 13845 |