CCIE Enterprise Wireless (v1.0) – 4.3 Wireless security and Network access policies – 4.3.c RADIUS attributes

Posted on Posted in Cisco ISE AAA, radius attributes

RADIUS Internet Engineering Task Force (IETF) attributes are the original set of 255 standard attributes that are used to communicate AAA information between a client and a server. The IETF attributes are standard and the attribute data is predefined. All clients and servers that exchange AAA information using IETF attributes must agree on attribute data such as the exact meaning of the attributes and the general bounds of the values for each attribute.

Each RADIUS packet contains the following information:

  • Code—The code field is one octet; it identifies one of the following types of RADIUS packets:
    • Access-Request (1)
    • Access-Accept (2)
    • Access-Reject (3)
    • Accounting-Request (4)
    • Accounting-Response (5)
  • Identifier—The identifier field is one octet; it helps the RADIUS server match requests and responses and detect duplicate requests.
  • Length—The length field is two octets; it specifies the length of the entire packet.
  • Authenticator—The authenticator field is 16 octets. The most significant octet is transmitted first; it is used to authenticate the reply from the RADIUS server. The two types of authenticators are:
    • Request-Authentication: Available in Access-Request and Accounting-Request packets.
    • Response-Authenticator: Available in Access-Accept, Access-Reject, Access-Challenge, and Accounting-Response packets.


radius attributes can be used in an authentication policy








Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.