Name
Class
Synopsis
Attribute Number |
25 |
Length |
3 or more octets |
Value |
STRING |
Allowed in |
Access-Accept |
Prohibited in |
Access-Request, Access-Reject, Access-Challenge |
Presence in Packet |
Not required |
Maximum Iterations |
Unlimited |
The Class
attribute mainly exists to
funnel identification and property information to the accounting
systems of RADIUS implementations. The RFC mandates that the
Class
attribute is completely and totally vendor
and implementation specific, and also dictates that the RADIUS client
not even attempt to act on or interpret the
information stored within that attribute.
While the value of this attribute is a string, the RFC dictates that the gear treat the value of that string is a contiguous set of data, or a set of “undistinguished octets.” That is to say, the RADIUS client must not expect any boundaries or spaces in the data.
Effectively, this attribute mainly groups and “classifies” connection information. Accounting data is often used to predict demand, determine load, and plan for the future. Although categorized information may be of no use at the present, when the only concern is authenticating, it may prove useful down the road to accounting users.
Get RADIUS now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.