[PATCH] Define and make use of the Service-Type RADIUS attribute with a value of Framed.

Alan DeKok aland at deployingradius.com
Thu Feb 18 16:05:24 PST 2016


On Feb 18, 2016, at 2:11 PM, Nick Lowe <nick.lowe at lugatech.com> wrote:
> 
> Hi Jouni,
> 
> The Service-Type attribute allows differentiation when handling auth
> to occur at a RADIUS server.
> 
> In most Enterprise-class APs, for 802.1X, a service type of Framed is
> typically used.

  Ugh.  Framed is supposed to be for PPP.  See RFC 2865 Section 5.6.

> Yes, it is the correct value to use in the RSN pre-authentication case
> as subsequent service to a client is Framed. We observe other
> commercial APs using this Service-Type in this case. I did consider
> this.

  The values for Service-Type are assigned by expert review IIRC.  That means vendors could have asked for a sane value, and gotten it.  Instead, they just picked something random...

  Alan DeKok.




More information about the Hostap mailing list