RADIUS attribute from rfc4679
IWF-Session
The presence of this Attribute indicates that the IWF has been
performed with respect to the subscriber's session; note that no
data field is necessary. It MAY be included in both Access-
Request and Accounting-Request packets.
A summary of the IWF-Session Attribute format is shown below. The
fields are transmitted from left to right.
0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Vendor-Type | Vendor-Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Vendor-Type
254 (0xFE) for IWF-Session
Vendor-Length
24. Table of AttributesThe following table provides a guide to which attributes may be found
in which kinds of packets, and in what quantity; note that since none
of the DSL Forum VSAs may be present in the Access-Accept, Access-
Reject or Access-Challenge packets, those columns have been omitted
from the table.
Request Acct-Request # Attribute
0-1 0-1 1 Agent-Circuit-Id
0-1 0-1 2 Agent-Remote-Id
0-1 0-1 129 Actual-Data-Rate-Upstream
0-1 0-1 130 Actual-Data-Rate-Downstream
0 0-1 131 Minimum-Data-Rate-Upstream
0 0-1 132 Minimum-Data-Rate-Downstream
0 0-1 133 Attainable-Data-Rate-Upstream
0 0-1 134 Attainable-Data-Rate-Downstream
0 0-1 135 Maximum-Data-Rate-Upstream
0 0-1 136 Maximum-Data-Rate-Downstream
0 0-1 137 Minimum-Data-Rate-Upstream-Low-Power
0 0-1 138 Minimum-Data-Rate-Downstream-Low-Power
0 0-1 139 Maximum-Interleaving-Delay-Upstream
0 0-1 140 Actual-Interleaving-Delay-Upstream
0 0-1 141 Maximum-Interleaving-Delay-Downstream
0 0-1 142 Actual-Interleaving-Delay-Downstream
0-1 0-1 144 Access-Loop-Encapsulation
0-1 0-1 254 IWF-Session
The following table defines the meaning of the above table entries.
0 This Attribute MUST NOT be present in packet.
0-1 Zero or one instances of this Attribute MAY be present in
packet.5. Security ConsiderationsThe security of these Attributes relies on an implied trust
relationship between the Access Node/DSLAM and the BRAS. The
identifiers that are inserted by the Access Node/DSLAM are
unconditionally trusted; the BRAS does not perform any validity check
on the information received. These Attributes are intended to be
used in environments in which the network infrastructure (the Access
Node/DSLAM, the BRAS, and the entire network in which those two
devices reside) is trusted and secure.As used in this document, the word "trusted" implies that
unauthorized traffic cannot enter the network except through secured
and trusted devices and that all devices internal to the network are
secure and trusted. Careful consideration should be given to the
potential security vulnerabilities that are present in this model
before deploying this option in actual networks.
The Attributes described in this document neither increase nor
decrease the security of the RADIUS protocol. For discussions of
various RADIUS vulnerabilities, see , , ,
and .6. References