Diameter is an authentication, authorization, and accounting protocol for computer networks. The Diameter base protocol is defined by RFC ( Obsoletes: RFC ) and .. RFC , Diameter Network Access Server Application. RFC (part 1 of 4): Diameter Network Access Server Application. Diameter Network Access Server Application (NASREQ, RFC ). • Diameter Base Accounting (RFC ). • Diameter Extensible Authentication Protocol.
|Published (Last):||19 August 2010|
|PDF File Size:||13.36 Mb|
|ePub File Size:||7.68 Mb|
|Price:||Free* [*Free Regsitration Required]|
Network Working Group P. Calhoun Request for Comments: Standards Track Cisco Systems Inc.
Please refer to the current edition of the “Internet Official Protocol Standards” STD 1 for the standardization state and status of this protocol. Distribution of this memo is unlimited. When combined with the Diameter Base protocol, Transport Profile, and Extensible Authentication Protocol specifications, this application specification satisfies typical network access services requirements. Initial deployments of the Diameter protocol are expected to include legacy systems.
This is achieved by including the RADIUS attribute space to eliminate the need to perform many attribute translations.
In this sense, this document extends the Base Diameter protocol. Table of Contents 1.
Diameter Session Reauthentication or Reauthorization. Call and Session Information. First, this document describes the operation of a Diameter NAS application.
Then it defines the Diameter message Command-Codes. The following sections list the AVPs used in these messages, grouped by common usage.
RFC – part 1 of 4
These are session identification, authentication, authorization, tunneling, and accounting. The authorization AVPs are further broken down by service type. Additionally, the following terms and acronyms are used in this application: The service may be a network connection or a value-added service such as terminal emulation [ NASModel ].
A design prior to PPP. VPN Virtual Private Network – In this document, this term is used to describe access services that use tunneling diametre. Information about diammeter call, the identity of the user, and the user’s authentication information are packaged into a Diameter AA-Request AAR message and sent to a server.
Depending on the Auth-Request-Type AVP, the Diameter protocol allows authorization-only 405 that contain no authentication information from the client. This capability goes beyond the Call Check capabilities described in section 5.
As a result, service cannot be ffc as a result of a response to an authorization-only request without introducing a significant security vulnerability.
It is not clear whether these translations can be accomplished without adding significant security vulnerabilities. Note that the return of an unsupportable Accounting-Realtime-Required value [ BASE ] would result in a failure to establish the session.
The failure of a reauthentication exchange will terminate the service. The server will respond with an AAA message to specify the new service parameters. Diameter Session Termination When a NAS receives an indication that a user’s session is being disconnected by the client e.
This will ensure that any resources maintained on the servers are freed appropriately.
Diamete Command Codes are as follows: A request for authorization will include some AVPs defined in section 6. It is possible for a single session to be authorized first and then for an authentication request to follow.
If authorization rfd requested, a successful response will include the authorization AVPs appropriate for the service being provided, as defined in section 6. For example, for pre-paid services, the Diameter server that originally authorized a session may need some confirmation that the user is still using the services.