HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

381

382

383

384

385

386

387

388

389

390

Example 24 Example of a Framed-IPv6-Pool Attribute Syntax

Pool1

UserPool

With Tunneling

When the AAA server receives an Access-Request from a client that matches the user, fred-eng, it

will first attempt to match the password to the User-Password attribute value in the request and then

will check the request for a tunnel hint. If the password does not match, or there is no hint for

medium type or the hint does not specify the IP address type, the server will respond with an

Access-Reject; otherwise, the server will return the listed tunneling attribute values to the client.

fred-eng Password = "laser", Tunnel-Medium-Type = IPv4

Tunnel-Type = PPTP,

Tunnel-Medium-Type = IPv4,

Tunnel-Client-Endpoint = 192.168.127.1,

Tunnel-Server-Endpoint = 192.155.111.1,

Tunnel-Password = Michigan,

Tunnel-Private-Group-ID = engineering,

Tunnel-Assignment-ID = management,

Tunnel-Preference = first,

Tunnel-Client-Auth-ID = NET,

Tunnel-Server-Auth-ID = Michigan,

Tunnel-Type = L2TP

Attribute tags are used in the next example. If the password does not match, or there is no hint for

medium type or the hint does not specify the IP address type, the server will respond with an

Access-Reject; otherwise, the server will return the listed tunneling attribute values to the client.

Because the tunnels tagged with 1 are defined first, the client will establish a tunnel according to

those attributes, unless the client cannot use the PPTP protocol—then the attributes tagged with 2

will be used instead.

fred-eng Password="laser", Tunnel-Medium-Type = IPv4

Tunnel-Type =:1:PPTP,

Tunnel-Medium-Type =:1:IPv4,

Tunnel-Client-Endpoint =:1:192.168.127.1,

Tunnel-Server-Endpoint =:1:192.155.111.1,

Tunnel-Password =:1:Michigan,

Tunnel-Private-Group-ID =:1:engineering,

Tunnel-Assignment-ID =:1:management,

Tunnel-Preference =:1:first,

Tunnel-Client-Auth-ID =:1:NET,

Tunnel-Server-Auth-ID =:1:Michigan,

Tunnel-Type =:2:L2TP,

Tunnel-Medium-Type =:2:IPv4,

Tunnel-Client-Endpoint =:2:192.168.127.1,

Tunnel-Server-Endpoint =:2:192.170.130.1,

Tunnel-Password =:2:California,

Tunnel-Private-Group-ID =:2:engineering,

Tunnel-Assignment-ID =:2:management,

Tunnel-Preference =:2:second,

Tunnel-Client-Auth-ID =:2:NET,

Tunnel-Server-Auth-ID =:2:California

The dictionary File

The dictionary file lists dictionary translations that the server uses to parse incoming requests

and generate outgoing responses. All transactions are composed of Attribute-Value (A-V) pairs.

See Chapter 34: “Attribute-Value Pairs” (page 402) for information about the data format of A-V

pairs in RADIUS messages.

390 Configuration Files