WLAN%20Attributes - PowerPoint PPT Presentation

About This Presentation
Title:

WLAN%20Attributes

Description:

Used to limit time that PMK can be cached after a pre-authentication. ... UTF-8 encoding of the SSID that the user is trying to access. Usage ... – PowerPoint PPT presentation

Number of Views:13
Avg rating:3.0/5.0
Slides: 7
Provided by: eapke
Learn more at: https://www.ietf.org
Category:

less

Transcript and Presenter's Notes

Title: WLAN%20Attributes


1
WLAN Attributes
  • Monday July 10, 2005
  • Draft-aboba-radext-wlan-03.txt
  • Bernard Aboba
  • IETF 66, Montreal, Canada

2
Attributes
  • RADIUS attributes already defined in RFC 4072
  • EAP-Key-Name (102)
  • Included only for completeness
  • Attributes defined in draft-ietf-eap-keying
  • EAP-Peer-ID
  • EAP-Server-ID
  • Attributes for use with 802.11i
  • Allowed-SSID
  • Allowed-Called-Station-Id
  • Preauth-Timeout
  • SSID
  • Attributes for use with IEEE 802.11r
  • Mobility-Domain-ID

3
Preauth-Timeout Attribute
  • Problems
  • RFC 3580 Pre-authentication requests only
    differentiated by absence of SSID in
    Called-Station-Id attribute. Need an explicit
    way to indicate pre-authentication.
  • IEEE 802.11i Session-Timeout attribute is
    overloaded. Used to limit time that PMK can be
    cached after a pre-authentication. As a result,
    the maximum session time/re-authentication time
    cannot be independently specified.
  • Example What if I only want to allow
    pre-authentication state to persist for 5
    minutes, but I want to re-authenticate every 2
    hours?
  • Type
  • Integer
  • Definition
  • Maximum number of seconds which
    pre-authentication state (e.g. 802.11i PMKSA) is
    kept by the NAS.
  • Usage
  • MAY be sent in an Access-Request to provide a
    hint and indicate a pre-authentication request.
  • MAY be sent in an Access-Accept
  • If both Session-Timeout and Preauth-Timeout are
    present, Session-Timeout refers to maximum
    session time after session is started.

4
SSID Attribute
  • Problem
  • In RFC 3580 the SSID is included in the
    Called-Station-Id attribute along with the NAS
    MAC address.
  • This makes it difficult for RADIUS servers to
    determine policy based on the SSID.
  • Example If SSIDGuest then ProfileGUEST
  • Type
  • String
  • Definition
  • UTF-8 encoding of the SSID that the user is
    trying to access.
  • Usage
  • MAY be sent in an Access-Request or an
    Accounting-Request.

5
Issues
  • Minimum attribute length for EAP-Key-Name
  • RFC 4072 indicates a minimum length of 2
  • How does server decide to send Peer-ID or
    Server-ID?
  • For privacy reasons, server should probably not
    send these attributes unless they are necessary

6
Feedback?
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "WLAN%20Attributes" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!