| Article Index |
|---|
| RADIUS/Diameter Protocol Interactions |
| Page 2 |
| Page 3 |
| Page 4 |
| Page 5 |
| Page 6 |
| Page 7 |
| All Pages |
Page 7 of 7
9.4. Prohibited RADIUS Attributes
The following RADIUS attributes MUST NOT appear in a Diameter
message. Instead, they are translated to other Diameter AVPs or
handled in some special manner. The rules for the treatment of the
attributes are discussed in sections 9.1, 9.2, and 9.6.
Attribute Description Defined Nearest Diameter AVP
-----------------------------------------------------------------
3 CHAP-Password RFC 2865 CHAP-Auth Group
26 Vendor-Specific RFC 2865 Vendor Specific AVP
29 Termination-Action RFC 2865 Authorization-Lifetime
40 Acct-Status-Type RFC 2866 Accounting-Record-Type
42 Acct-Input-Octets RFC 2866 Accounting-Input-Octets
43 Acct-Output-Octets RFC 2866 Accounting-Output-Octets
47 Acct-Input-Packets RFC 2866 Accounting-Input-Packets
48 Acct-Output-Packets RFC 2866 Accounting-Output-Packets
49 Acct-Terminate-Cause RFC 2866 Termination-Cause
52 Acct-Input-Gigawords RFC 2869 Accounting-Input-Octets
53 Acct-Output-Gigawords RFC 2869 Accounting-Output-Octets
80 Message-Authenticator RFC 2869 none - check and discard
9.5. Translatable Diameter AVPs
In general, Diameter AVPs that are not RADIUS compatible have code
values greater than 255. The table in the section above shows the
AVPs that can be converted into RADIUS attributes.
Another problem may occur with Diameter AVP values that may be more
than 253 octets in length. Some RADIUS attributes (including but not
limited to (8)Reply-Message, (79)EAP-Message, and (77)Connect-Info)
allow concatenation of multiple instances to overcome this
limitation. If this is not possible, a Result-Code of
DIAMETER_INVALID_AVP_LENGTH should be returned.
9.6. RADIUS Vendor Specific Attributes
RADIUS supports the inclusion of Vendor Specific Attributes (VSAs)
through the use of attribute 26. The recommended format [RADIUS] of
the attribute data field includes a 4 octet vendor code followed by a
one octet vendor type field and a one octet length field. The last
two fields MAY be repeated.
A system communicating between Diameter and RADIUS MAY have specific
knowledge of vendor formats, and MAY be able to translate between the
two formats. However, given the deployment of many RADIUS vendor
formats that do not follow the example format in RFC 2865 [RADIUS],
(e.g., those that use a longer vendor type code) the translations in
the next two sections will not work in general for those VSAs. RFC
2865 states that a robust implementation SHOULD support the field as
undistinguished octets.
Systems that don't have vendor format knowledge MAY discard such
attributes without knowing a suitable translation. An alternative
format is under consideration [VSA], which proposes encodings that
would preserve the native information and not require vendor
knowledge in the gateway system.
The following sections are an example for translating RADIUS VSAs
that use the example RADIUS format, and Diameter VSAs that have type
codes less than 255, and value field lengths less than 252.
9.6.1. Forwarding a Diameter Vendor Specific AVP as a RADIUS VSA
For Type codes less than 255, the value field length MUST be less
than 252 or the AVP will be discarded. The RADIUS VSA attribute
should consist of the following fields;
RADIUS Type = 26, Vendor Specific Attribute
RADIUS Length = total length of attribute (header + data)
RADIUS Vendor code = Diameter Vendor code
RADIUS Vendor type code = low order byte of Diameter AVP code
RADIUS Vendor data length = length of Diameter data
If the Diameter AVP code is greater than 255, then the RADIUS
speaking code may use a Vendor specific field coding, if it knows one
for that vendor. Otherwise, the AVP will be ignored. If it is
flagged as Mandatory, a "DIAMETER_AVP_UNSUPPORTED" Result-Code will
be returned, and the RADIUS message will not be sent.
9.6.2. Forwarding a RADIUS VSA as a Diameter Vendor Specific AVP
The Diameter AVP will consist of the following fields:
Diameter Flags: V=1, M=0, P=0
Diameter Vendor code = RADIUS VSA Vendor code
Diameter AVP code = RADIUS VSA Vendor type code
Diameter AVP length = length of AVP (header + data)
Diameter Data = RADIUS VSA vendor data
Note that the VSAs are considered optional by RADIUS rules, and this
specification does not set the Mandatory flag. If an implementor
desires a VSA be made mandatory because it represents a required
service policy, the RADIUS gateway should have a process to set the
bit on the Diameter side.
If the RADIUS receiving code knows of vendor specific field
interpretations for the specific vendor, it may employ them to parse
an extended AVP code or data length. Otherwise the recommended
standard fields will be used.
Nested Multiple vendor data fields MUST be expanded into multiple
Diameter AVPs.
