Name

Class

Synopsis

Attribute Number

25

Length

3 or more octets

Value

STRING

Allowed in

Access-Accept

Prohibited in

Access-Request, Access-Reject, Access-Challenge

Presence in Packet

Not required

Maximum Iterations

Unlimited

The Class attribute mainly exists to funnel identification and property information to the accounting systems of RADIUS implementations. The RFC mandates that the Class attribute is completely and totally vendor and implementation specific, and also dictates that the RADIUS client not even attempt to act on or interpret the information stored within that attribute.

While the value of this attribute is a string, the RFC dictates that the gear treat the value of that string is a contiguous set of data, or a set of “undistinguished octets.” That is to say, the RADIUS client must not expect any boundaries or spaces in the data.

Effectively, this attribute mainly groups and “classifies” connection information. Accounting data is often used to predict demand, determine load, and plan for the future. Although categorized information may be of no use at the present, when the only concern is authenticating, it may prove useful down the road to accounting users.

Get RADIUS now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.