From: Alan T. DeKok Date: Fri, 6 Feb 2026 17:10:08 +0000 (-0500) Subject: rearrangement and reorganization X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5f0a3453ea183a01d09aeb0ae88d5cb3bf395b8d;p=thirdparty%2Ffreeradius-server.git rearrangement and reorganization split different protocols into different pages --- diff --git a/doc/antora/modules/developers/nav.adoc b/doc/antora/modules/developers/nav.adoc index 4b68bea8b67..8558b6fd717 100644 --- a/doc/antora/modules/developers/nav.adoc +++ b/doc/antora/modules/developers/nav.adoc @@ -15,9 +15,14 @@ *** xref:sbuff.adoc[String buffers] (`sbuff` s) *** xref:sbuff-parsing.adoc[Parsing with string buffers] *** xref:sbuff-ng.adoc[Sbuff issues] -** xref:rfc_attributedefs.adoc[RFCs and Attributes] -*** xref:rfc_compliance.adoc[RFC Compliance] -*** xref:rfc_attributelist.adoc[Attribute Definitions] +** xref:rfc/index.adoc[Supported RFCs] +*** xref:rfc/radius.adoc[RADIUS] +**** xref:rfc/design.adoc[Creating new Attributes] +**** xref:rfc/compliance.adoc[Compliance] +**** xref:rfc/radius_attributes.adoc[RADIUS Attribute List] +*** xref:rfc/dns.adoc[DNS] +*** xref:rfc/dhcpv4.adoc[DHCPv4] +*** xref:rfc/dhcpv6.adoc[DHCPv6] ** xref:guidelines.adoc[Documentation Guidelines] // Copyright (C) 2025 Network RADIUS SAS. Licenced under CC-by-NC 4.0. diff --git a/doc/antora/modules/developers/pages/rfc/compliance.adoc b/doc/antora/modules/developers/pages/rfc/compliance.adoc new file mode 100644 index 00000000000..cdb437a1bc9 --- /dev/null +++ b/doc/antora/modules/developers/pages/rfc/compliance.adoc @@ -0,0 +1,58 @@ += RFC Compliance + +RFC compliance is critical for ensuring that production systems are +secure, interoperable, and scalable in modern environments. Adhering +to the IETF standards provides a common language for diverse +networking hardware and software to communicate reliably. The +importance of RADIUS RFC compliance centers on four key areas: + +== Interoperability in Multi-Vendor Environments + +* De Facto Standard: RADIUS is the industry standard for centralizing + Authentication, Authorization, and Accounting (AAA). Compliance + ensures that a RADIUS server can communicate with network access + servers (NAS) like Wi-Fi access points, VPN gateways, and switches + from different manufacturers (e.g., Cisco, Aruba, Fortinet). + +* Consistent Behavior: RFCs provide documented, predictable behavior, + reducing unexpected issues when integrating new equipment into an + existing infrastructure. + +* Standardized Attributes: Standards like + https://datatracker.ietf.org/doc/html/rfc2865[RFC 2865] and + https://datatracker.ietf.org/doc/html/rfc2868[RFC 2868] define how + user attributes (e.g., VLAN assignments, tunnel protocols) are + formatted, ensuring they are correctly interpreted across the + network. + +== Security and Vulnerability Mitigation + +* Addressing Cryptographic Weaknesses: Legacy RADIUS (RFC 2865) relies + on MD5 hashing, which is now considered insecure. Recent critical + vulnerabilities like + https://www.inkbridgenetworks.com/blastradius[BlastRADIUS] + (identified in 2024) exploit these MD5 weaknesses to forge + authentication responses. + +* Protocol Evolution: Modern compliance often requires moving toward + newer standards like RadSec (RADIUS over TLS, RFC 6614), which + replaces unencrypted UDP transport with encrypted TLS. This protects + sensitive data, such as usernames and location information, from + eavesdropping and tampering. + +* Mandatory Integrity Checks: Updated standards mandate features like + the `Message-Authenticator` attribute to prevent packet forgery + attacks that were previously optional. + +== Scalability and Reliability + +* Centralised Management: Compliance allows organizations to manage + millions of users from a single point, making it suitable for large + ISPs and global enterprises. + +* Backward Compatibility: RFC-compliant systems are designed to evolve + while maintaining connections with older infrastructure, allowing + for gradual network upgrades without total system overhauls. + +// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0. +// This documentation was developed by Network RADIUS SAS. diff --git a/doc/antora/modules/developers/pages/rfc_attributedefs.adoc b/doc/antora/modules/developers/pages/rfc/design.adoc similarity index 89% rename from doc/antora/modules/developers/pages/rfc_attributedefs.adoc rename to doc/antora/modules/developers/pages/rfc/design.adoc index 2f35d845af0..9b8e4b23c81 100644 --- a/doc/antora/modules/developers/pages/rfc_attributedefs.adoc +++ b/doc/antora/modules/developers/pages/rfc/design.adoc @@ -1,7 +1,7 @@ -= RFCs and Attributes += Designing and Using Attributes The standard RADIUS attributes are listed in the -xref:rfc_attributelist.adoc[Attribute Definitions] section below. +xref:rfc/radius_attributes.adoc[Attribute Definitions] page. When creating new RADIUS dictionaries or standards, you must follow the *RADIUS Design Guidelines* document @@ -30,14 +30,6 @@ https://github.com/radext-wg/issues-and-fixes-2/wiki/[IETF RADEXT Wiki], and in the https://www.freeradius.org/rfc/issues.html[open issues] page. -.RFCs - -include::partial$rfc_radius.adoc[] - -.Related Documents (old RFCs, information, etc) - -include::partial$rfc_related.adoc[] - == More Information https://www.inkbridgenetworks.com/blog/blog-10/the-freeradius-auth-type-attribute-103[The FreeRADIUS Auth-Type attribute] diff --git a/doc/antora/modules/developers/pages/rfc/dhcpv4.adoc b/doc/antora/modules/developers/pages/rfc/dhcpv4.adoc new file mode 100644 index 00000000000..f6ec7552d17 --- /dev/null +++ b/doc/antora/modules/developers/pages/rfc/dhcpv4.adoc @@ -0,0 +1,112 @@ += DHCPv4 RFCs + +The following is a comprehensive set of tables that list all the +related RFCs. Depending on the section or feature that you are +developing, will determine which documents you need to review. + + +.Dynamic Host Control Protocol (DHCP) +[options=header, cols="20,~",autowidth] +|==== + +|RFC |Description + +|https://datatracker.ietf.org/doc/html/rfc2131[RFC 2131] |Dynamic Host Configuration Protocol + +|https://datatracker.ietf.org/doc/html/rfc2241[RFC 2241] |DHCP Options for Novell Directory Services + +|https://datatracker.ietf.org/doc/html/rfc2242[RFC 2242] |NetWare/IP Domain Name and Information + +|https://datatracker.ietf.org/doc/html/rfc2485[RFC 2485] |DHCP Option for The Open Group's User Authentication Protocol + +|https://datatracker.ietf.org/doc/html/rfc2563[RFC 2563] |DHCP Option to Disable Stateless Auto-Configuration in IPv4 Clients + +|https://datatracker.ietf.org/doc/html/rfc2610[RFC 2610] |DHCP Options for Service Location Protocol + +|https://datatracker.ietf.org/doc/html/rfc2937[RFC 2937] |The Name Service Search Option for DHCP + +|https://datatracker.ietf.org/doc/html/rfc3004[RFC 3004] |The User Class Option for DHCP +|https://datatracker.ietf.org/doc/html/rfc3011[RFC 3011] |The IPv4 Subnet Selection Option for DHCP + +|https://datatracker.ietf.org/doc/html/rfc3046[RFC 3046] |DHCP Relay Agent Information Option + +|https://datatracker.ietf.org/doc/html/rfc3118[RFC 3118] |Authentication for DHCP Messages + +|https://datatracker.ietf.org/doc/html/rfc3361[RFC 3361] |Dynamic Host Configuration Protocol (DHCP-for-IPv4) Option for Session Initiation Protocol (SIP) Servers + +|https://datatracker.ietf.org/doc/html/rfc3397[RFC 3397] |Dynamic Host Configuration Protocol (DHCP) Domain Search Option + +|https://datatracker.ietf.org/doc/html/rfc3442[RFC 3442] +|The Classless Static Route Option for Dynamic Host Configuration Protocol (DHCP) version. + +|https://datatracker.ietf.org/doc/html/rfc3495[RFC 3495] +|Dynamic Host Configuration Protocol (DHCP) Option for CableLabs Client Configuration. + +|https://datatracker.ietf.org/doc/html/rfc3679[RFC 3679] +|Unused Dynamic Host Configuration Protocol (DHCP) Option Codes. + +|https://datatracker.ietf.org/doc/html/rfc3925[RFC 3925] +|Vendor-Identifying Vendor Options for Dynamic Host Configuration Protocol version 4 (DHCPv4). + +|https://datatracker.ietf.org/doc/html/rfc4039[RFC 4039] |Rapid Commit Option for the Dynamic Host Configuration Protocol version 4 (DHCPv4). + +|https://datatracker.ietf.org/doc/html/rfc4174[RFC 4174] |The IPv4 Dynamic Host Configuration Protocol (DHCP) Option for the Internet Storage Name Service + +|https://datatracker.ietf.org/doc/html/rfc4280[RFC 4280] |Dynamic Host Configuration Protocol (DHCP) Options for Broadcast and Multicast Control Servers + +|https://datatracker.ietf.org/doc/html/rfc4388[RFC 4388] |Dynamic Host Configuration Protocol (DHCP) Leasequery + +|https://datatracker.ietf.org/doc/html/rfc4578[RFC 4578] |Dynamic Host Configuration Protocol (DHCP) Options for the Intel Preboot eXecution Environment (PXE) + +|https://datatracker.ietf.org/doc/html/rfc4702[RFC 4702] |The Dynamic Host Configuration Protocol (DHCP) Client Fully Qualified Domain Name (FQDN) Option + +|https://datatracker.ietf.org/doc/html/rfc4776[RFC 4776] |Dynamic Host Configuration Protocol (DHCPv4 and DHCPv6) Option for Civic Addresses Configuration Information + +|https://datatracker.ietf.org/doc/html/rfc4833[RFC 4833] |Timezone Options for DHCP + +|https://datatracker.ietf.org/doc/html/rfc5071[RFC 5071] |Dynamic Host Configuration Protocol Options Used by PXELINUX + +|https://datatracker.ietf.org/doc/html/rfc5192[RFC 5192] |DHCP Options for Protocol for Carrying Authentication for Network Access (PANA) Authentication Agents + +|https://datatracker.ietf.org/doc/html/rfc5223[RFC 5223] |Discovering Location-to-Service Translation (LoST) Servers Using the Dynamic Host Configuration Protocol (DHCP) + +|https://datatracker.ietf.org/doc/html/rfc5417[RFC 5417] |Control And Provisioning of Wireless Access Points (CAPWAP) Access Controller DHCP Option + +|https://datatracker.ietf.org/doc/html/rfc5678[RFC 5678] |Dynamic Host Configuration Protocol (DHCPv4 and DHCPv6) Options for IEEE 802.21 Mobility Services (MoS) Discovery + +|https://datatracker.ietf.org/doc/html/rfc5859[RFC 5859] |TFTP Server Address Option for DHCPv4 + +|https://datatracker.ietf.org/doc/html/rfc5969[RFC 5969] |IPv6 Rapid Deployment on IPv4 Infrastructures (6rd) -- Protocol Specification + +|https://datatracker.ietf.org/doc/html/rfc5986[RFC 5986] |Discovering the Local Location Information Server (LIS) + +|https://datatracker.ietf.org/doc/html/rfc6011[RFC 6011] |Session Initiation Protocol (SIP) User Agent Configuration + +|https://datatracker.ietf.org/doc/html/rfc6153[RFC 6153] |DHCPv4 and DHCPv6 Options for Access Network Discovery and Selection Function (ANDSF) Discover + +|https://datatracker.ietf.org/doc/html/rfc6225[RFC 6225] |Dynamic Host Configuration Protocol Options for Coordinate-Based Location Configuration Information + +|https://datatracker.ietf.org/doc/html/rfc6656[RFC 6656] |Description of Cisco Systems' Subnet Allocation Option for DHCPv4 + +|https://datatracker.ietf.org/doc/html/rfc6926[RFC 6926] |DHCPv4 Bulk Leasequery. + +|https://datatracker.ietf.org/doc/html/rfc7291[RFC 7291] |DHCP Options for the Port Control Protocol (PCP). + +|https://datatracker.ietf.org/doc/html/rfc7710[RFC 7710] |Captive-Portal Identification Using DHCP or Router Advertisements (RAs). + +|https://datatracker.ietf.org/doc/html/rfc7839[RFC 7839] |Access-Network-Identifier Option in DHCP. + +|https://datatracker.ietf.org/doc/html/rfc8115[RFC 8115] |DHCPv6 Option for IPv4-Embedded Multicast and Unicast IPv6 Prefixes + +|https://datatracker.ietf.org/doc/html/rfc8156[RFC 8156] |DHCPv6 Failover Protocol + +|https://datatracker.ietf.org/doc/html/rfc8357[RFC 8357] |Generalized UDP Source Port for DHCP Relay + +|https://datatracker.ietf.org/doc/html/rfc8910[RFC 8910] |Captive-Portal Identification in DHCP and Router Advertisements (RAs). + +|https://datatracker.ietf.org/doc/html/rfc8925[RFC 8925] |IPv6-Only Preferred Option for DHCPv4. + +|==== + +// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0. +// This documentation was developed by Network RADIUS SAS. diff --git a/doc/antora/modules/developers/pages/rfc/dhcpv6.adoc b/doc/antora/modules/developers/pages/rfc/dhcpv6.adoc new file mode 100644 index 00000000000..2e4ead669e0 --- /dev/null +++ b/doc/antora/modules/developers/pages/rfc/dhcpv6.adoc @@ -0,0 +1,111 @@ += DHCPv4 RFCs + +The following is a comprehensive set of tables that list all the +related RFCs. Depending on the section or feature that you are +developing, will determine which documents you need to review. + +.Dynamic Host Control Protocol for IPv6 (DHCPv6) +[options=header, cols="20,~",autowidth] +|==== + +|RFC |Description + +|https://datatracker.ietf.org/doc/html/rfc3315[RFC 3315] |Dynamic Host Configuration Protocol for IPv6 (DHCPv6). + +|https://datatracker.ietf.org/doc/html/rfc3319[RFC 3319] |Dynamic Host Configuration Protocol (DHCPv6) Options for Session Initiation Protocol (SIP) Servers. + +|https://datatracker.ietf.org/doc/html/rfc3633[RFC 3633] |IPv6 Prefix Options for Dynamic Host Configuration Protocol (DHCP) version 6 + +|https://datatracker.ietf.org/doc/html/rfc3646[RFC 3646] |DNS Configuration options for Dynamic Host Configuration Protocol for IPv6 (DHCPv6). + +|https://datatracker.ietf.org/doc/html/rfc3898[RFC 3898] |Network Information Service (NIS) Configuration Options for Dynamic Host Configuration Protocol for IPv6 (DHCPv6). + +|https://datatracker.ietf.org/doc/html/rfc4075[RFC 4075] |Simple Network Time Protocol (SNTP) Configuration Option for DHCPv6. + +|https://datatracker.ietf.org/doc/html/rfc4242[RFC 4242] |Information Refresh Time Option for Dynamic Host Configuration Protocol for IPv6 (DHCPv6). + +|https://datatracker.ietf.org/doc/html/rfc4280[RFC 4280] |Dynamic Host Configuration Protocol (DHCP) Options for Broadcast and Multicast Control Servers. + +|https://datatracker.ietf.org/doc/html/rfc4580[RFC 4580] |Dynamic Host Configuration Protocol for IPv6 (DHCPv6) Relay Agent Subscriber-ID Option. + +|https://datatracker.ietf.org/doc/html/rfc4649[RFC 4649] |Dynamic Host Configuration Protocol for IPv6 (DHCPv6) Relay Agent Remote-ID Option. + +|https://datatracker.ietf.org/doc/html/rfc4704[RFC 4704] |The Dynamic Host Configuration Protocol for IPv6 (DHCPv6) Client Fully Qualified Domain Name (FQDN) Option. + +|https://datatracker.ietf.org/doc/html/rfc4776[RFC 4776] |Dynamic Host Configuration Protocol (DHCPv4 and DHCPv6) Option for Civic Addresses Configuration Information. + +|https://datatracker.ietf.org/doc/html/rfc4833[RFC 4833] |Timezone Options for DHCP. + +|https://datatracker.ietf.org/doc/html/rfc4994[RFC 4994] |DHCPv6 Relay Agent Echo Request Option. + +|https://datatracker.ietf.org/doc/html/rfc5007[RFC 5007] |DHCPv6 Leasequery. + +|https://datatracker.ietf.org/doc/html/rfc5192[RFC 5192] |DHCP Options for Protocol for Carrying Authentication for Network Access (PANA) Authentication Agents. + +|https://datatracker.ietf.org/doc/html/rfc5223[RFC 5223] |Discovering Location-to-Service Translation (LoST) Servers Using the Dynamic Host Configuration Protocol (DHCP). + +|https://datatracker.ietf.org/doc/html/rfc5417[RFC 5417] |Control And Provisioning of Wireless Access Points (CAPWAP) Access Controller DHCP Option. + +|https://datatracker.ietf.org/doc/html/rfc5460[RFC 5460] |DHCPv6 Bulk Leasequery. + +|https://datatracker.ietf.org/doc/html/rfc5678[RFC 5678] |Dynamic Host Configuration Protocol (DHCPv4 and DHCPv6) Options for IEEE 802.21 Mobility Services (MoS) Discovery. + +|https://datatracker.ietf.org/doc/html/rfc5908[RFC 5908] |Network Time Protocol (NTP) Server Option for DHCPv6. + +|https://datatracker.ietf.org/doc/html/rfc5970[RFC 5970] |DHCPv6 Options for Network Boot. +|https://datatracker.ietf.org/doc/html/rfc5986[RFC 5986] |Discovering the Local Location Information Server (LIS). + +|https://datatracker.ietf.org/doc/html/rfc6011[RFC 6011] |Session Initiation Protocol (SIP) User Agent Configuration. + +|https://datatracker.ietf.org/doc/html/rfc6153[RFC 6153] |DHCPv4 and DHCPv6 Options for Access Network Discovery and Selection Function (ANDSF) Discovery. + +|https://datatracker.ietf.org/doc/html/rfc6225[RFC 6225] |Dynamic Host Configuration Protocol Options for Coordinate-Based Location Configuration Information. + +|https://datatracker.ietf.org/doc/html/rfc6334[RFC 6334] |Dynamic Host Configuration Protocol for IPv6 (DHCPv6) Option for Dual-Stack Lite. + +|https://datatracker.ietf.org/doc/html/rfc6355[RFC 6355] |Definition of the UUID-Based DHCPv6 Unique Identifier (DUID-UUID). + +|https://datatracker.ietf.org/doc/html/rfc6422[RFC 6422] |Relay-Supplied DHCP Options. + +|https://datatracker.ietf.org/doc/html/rfc6440[RFC 6440] |The EAP Re-authentication Protocol (ERP) Local Domain Name DHCPv6 Option. + +|https://datatracker.ietf.org/doc/html/rfc6603[RFC 6603] |Prefix Exclude Option for DHCPv6-based Prefix Delegation. + +|https://datatracker.ietf.org/doc/html/rfc6607[RFC 6607] |Virtual Subnet Selection Options for DHCPv4 and DHCPv6. + +| https://datatracker.ietf.org/doc/html/rfc6610[RFC 6610] |DHCP Options for Home Information Discovery in Mobile IPv6 (MIPv6). + +|https://datatracker.ietf.org/doc/html/rfc6731[RFC 6731] |Improved Recursive DNS Server Selection for Multi-Interfaced Nodes. + +|https://datatracker.ietf.org/doc/html/rfc6784[RFC 6784] |Kerberos Options for DHCPv6. + +|https://datatracker.ietf.org/doc/html/rfc6939[RFC 6939] |Client Link-Layer Address Option in DHCPv6. + +|https://datatracker.ietf.org/doc/html/rfc6977[RFC 6977] |Triggering DHCPv6 Reconfiguration from Relay Agents. + +|https://datatracker.ietf.org/doc/html/rfc7037[RFC 7037] |RADIUS Option for the DHCPv6 Relay Agent. + +|https://datatracker.ietf.org/doc/html/rfc7078[RFC 7078] |Distributing Address Selection Policy Using DHCPv6. + +|https://datatracker.ietf.org/doc/html/rfc7083[RFC 7083] |Modification to Default Values of SOL_MAX_RT and INF_MAX_RT. + +|https://datatracker.ietf.org/doc/html/rfc7291[RFC 7291] |DHCP Options for the Port Control Protocol (PCP). + +|https://datatracker.ietf.org/doc/html/rfc7341[RFC 7341] |DHCPv4-over-DHCPv6 (DHCP 4o6) Transport. + +|https://datatracker.ietf.org/doc/html/rfc7598[RFC 7598] |DHCPv6 Options for Configuration of Softwire Address and Port-Mapped Clients. + +|https://datatracker.ietf.org/doc/html/rfc7653[RFC 7653] |DHCPv6 Active Leasequery. + +|https://datatracker.ietf.org/doc/html/rfc7710[RFC 7710] |Captive-Portal Identification Using DHCP or Router Advertisements (RAs). + +|https://datatracker.ietf.org/doc/html/rfc7774[RFC 7774] |Multicast Protocol for Low-Power and Lossy Networks (MPL) Parameter Configuration Option for DHCPv6. + +|https://datatracker.ietf.org/doc/html/rfc7839[RFC 7839] |Access-Network-Identifier Option in DHCP. + +|https://datatracker.ietf.org/doc/html/rfc8026[RFC 8026] |Unified IPv4-in-IPv6 Softwire Customer Premises Equipment (CPE): A DHCPv6-Based Prioritization Mechanism. + +|==== + +// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0. +// This documentation was developed by Network RADIUS SAS. diff --git a/doc/antora/modules/developers/pages/rfc/dns.adoc b/doc/antora/modules/developers/pages/rfc/dns.adoc new file mode 100644 index 00000000000..aeb494e1afe --- /dev/null +++ b/doc/antora/modules/developers/pages/rfc/dns.adoc @@ -0,0 +1,17 @@ += DNS RFCs + +The following is a comprehensive set of tables that list all the +related RFCs. Depending on the section or feature that you are +developing, will determine which documents you need to review. + +.Dynamic Name Service (DNS) +[options=header, cols="20,~",autowidth] +|==== + +|RFC |Description + +|https://datatracker.ietf.org/doc/html/rfc1034[RFC 1034] |Domain names - concepts and facilities. + +|https://datatracker.ietf.org/doc/html/rfc6731[RFC 6731] |Improved Recursive DNS Server Selection for Multi-Interfaced Nodes. + +|==== diff --git a/doc/antora/modules/developers/pages/rfc/index.adoc b/doc/antora/modules/developers/pages/rfc/index.adoc new file mode 100644 index 00000000000..2f337332e29 --- /dev/null +++ b/doc/antora/modules/developers/pages/rfc/index.adoc @@ -0,0 +1,20 @@ += Supported RFCs + +FreeRADIUS supports a large number of protocols, and therefore a large +number of standards. This pages documents the RFC compliance of the +server, for each protocol. + +* xref:rfc/compliance.adoc[Comments on RFC Compliance] + +* xref:rfc/radius.adoc[RADIUS] +** xref:rfc/radius_attributes.adoc[List of Attributes] +** xref:rfc/design.adoc[Designing and creating new attributes] + +* xref:rfc/dns.adoc[DNS] + +* xref:rfc/dhcpv4.adoc[DHCPv4] + +* xref:rfc/dhcpv6.adoc[DHCPv4] + +// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0. +// This documentation was developed by Network RADIUS SAS. diff --git a/doc/antora/modules/developers/pages/rfc/radius.adoc b/doc/antora/modules/developers/pages/rfc/radius.adoc new file mode 100644 index 00000000000..32aa6791a66 --- /dev/null +++ b/doc/antora/modules/developers/pages/rfc/radius.adoc @@ -0,0 +1,156 @@ += RADIUS RFCs + +The following is a comprehensive set of tables that list all the +related RFCs. Depending on the section or feature that you are +developing, will determine which documents you need to review. + +.RADIUS Related +[options=header,cols="20,~",autowidth] +|==== + +|RFC |Description + +|https://datatracker.ietf.org/doc/html/rfc2865[RFC 2865] |Remote Authentication Dial In User Service (RADIUS) (Obsoletes https://datatracker.ietf.org/doc/html/rfc2138[RFC 2138] and https://datatracker.ietf.org/doc/html/rfc2058[RFC 2058]). + +|https://datatracker.ietf.org/doc/html/rfc2866[RFC 2866] |RADIUS Accounting +(Obsoletes https://datatracker.ietf.org/doc/html/rfc2139[RFC 2139] and https://datatracker.ietf.org/doc/html/rfc2059[RFC 2059]). + +|https://datatracker.ietf.org/doc/html/rfc2867[RFC 2867] |RADIUS Accounting Modifications for Tunnel Protocol Support (Updates https://datatracker.ietf.org/doc/html/rfc2866[RFC 2866]). + +|https://datatracker.ietf.org/doc/html/rfc2868[RFC 2868] |RADIUS Attributes for Tunnel Protocol Support (Updates https://datatracker.ietf.org/doc/html/rfc2865[RFC 2865]). + +|https://datatracker.ietf.org/doc/html/rfc2869[RFC 2869] |RADIUS Extensions + +|https://datatracker.ietf.org/doc/html/rfc2882[RFC 2882] |Network Access Servers Requirements: Extended RADIUS Practices + +|https://datatracker.ietf.org/doc/html/rfc3162[RFC 3162] |RADIUS and IPv6. + +|https://datatracker.ietf.org/doc/html/rfc3576[RFC 3576] |Dynamic Authorization Extensions to Remote Authentication Dial In User Service (RADIUS) + +|https://datatracker.ietf.org/doc/html/rfc3580[RFC 3580] |IEEE 802.1X Remote Authentication Dial In User Service (RADIUS) Usage Guidelines + +|https://datatracker.ietf.org/doc/html/rfc4072[RFC 4072] |Diameter Extensible Authentication Protocol (EAP) Application + +|https://datatracker.ietf.org/doc/html/rfc4372[RFC 4372] |Chargeable User Identity + +|https://datatracker.ietf.org/doc/html/rfc4603[RFC 4603] |Additional Values for the NAS-Port-Type Attribute + +|https://datatracker.ietf.org/doc/html/rfc4675[RFC 4675] |RADIUS Attributes for Virtual LAN and Priority Support + +|https://datatracker.ietf.org/doc/html/rfc4818[RFC 4818] |RADIUS Delegated-IPv6-Prefix Attribute. + +|https://datatracker.ietf.org/doc/html/rfc4849[RFC 4849] |RADIUS Filter Rule Attribute. + +|https://datatracker.ietf.org/doc/html/rfc5090[RFC 5090] |RADIUS Extension for Digest Authentication. + +|https://datatracker.ietf.org/doc/html/rfc5176[RFC 5176] |Dynamic Authorization Extensions to Remote Authentication Dial In User Service (RADIUS). + +|https://datatracker.ietf.org/doc/html/rfc5447[RFC 5447] |Diameter Mobile IPv6: Support for Network Access Server to Diameter Server Interaction. + +|https://datatracker.ietf.org/doc/html/rfc5580[RFC 5580] |Carrying Location Objects in RADIUS and Diameter. + +|https://datatracker.ietf.org/doc/html/rfc5607[RFC 5607] |Remote Authentication Dial-In User Service (RADIUS) Authorization for Network Access Server (NAS) Management. + +|https://datatracker.ietf.org/doc/html/rfc6911[RFC 6911] |RADIUS Attributes for IPv6 Access Networks. + +|https://datatracker.ietf.org/doc/html/rfc6929[RFC 6929] |Remote Authentication Dial In User Service (RADIUS) Protocol Extensions + +|https://datatracker.ietf.org/doc/html/rfc7600[RFC 7600] |IPv4 Residual Deployment via IPv6 - A Stateless Solution (4rd). + +|https://datatracker.ietf.org/doc/html/rfc8044[RFC 8044] |Data Types in RADIUS + +|https://datatracker.ietf.org/doc/html/rfc8045[RFC 8045] |RADIUS Extensions for IP Port Configuration and Reporting + +|https://datatracker.ietf.org/doc/html/rfc8559[RFC 8559] |Dynamic Authorization Proxying in the Remote Authentication Dial-In User Service (RADIUS) Protocol + +|https://datatracker.ietf.org/doc/html/rfc8658[RFC 8658] |RADIUS Attributes for Softwire Mechanisms Based on Address plus Port (A+P) + +|https://datatracker.ietf.org/doc/html/rfc9445[RFC 9445] |RADIUS Extensions for DHCP-Configured Services +|==== + +.Authentication Methods +[options=header, cols="20,~", autowidth] +|==== +|RFC |Description + +|https://datatracker.ietf.org/doc/html/rfc1994[RFC 1994] +|PPP Challenge Handshake Authentication Protocol (CHAP). + +|https://datatracker.ietf.org/doc/html/rfc2285[RFC 2284] +|PPP Extensible Authentication Protocol (EAP) + +|https://datatracker.ietf.org/doc/html/rfc2759[RFC 2759] +|Microsoft PPP CHAP Extensions, Version 2. + +|https://datatracker.ietf.org/doc/html/rfc3748[RFC 3748] +|Extensible Authentication Protocol (EAP). + +|https://datatracker.ietf.org/doc/html/rfc5716[RFC 5716] +|PPP EAP TLS Authentication Protocol. + +|https://datatracker.ietf.org/doc/html/rfc9190[RFC 9190] +|EAP-TLS 1.3: Using the Extensible Authentication Protocol with TLS 1.3 + +|==== + +.SNMP Related +[options=header, cols="20,~",autowidth] +|==== + +|RFC |Description + +|https://datatracker.ietf.org/doc/html/rfc1227[RFC 1227] |SNMP MUX Protocol and MIB. + +|https://datatracker.ietf.org/doc/html/rfc2169[RFC 2619] |RADIUS Authentication Server MIB. + +|https://datatracker.ietf.org/doc/html/rfc2621[RFC 2621] |RADIUS Accounting Server MIB. + +|==== + +.Vendor-Specific Attributes +[options=header, cols="20,~",autowidth] +|==== +| RFC |Description + +|https://datatracker.ietf.org/doc/html/rfc2548[RFC 2548] +|Microsoft Vendor-Specific RADIUS Attributes. + +|https://datatracker.ietf.org/doc/html/rfc4679[RFC 4679] |DSL Forum Vendor-Specific RADIUS Attributes + +|https://datatracker.ietf.org/doc/html/rfc5904[RFC 5904] |RADIUS Attributes for IEEE 802.16 Privacy Key Management Version 1 (PKMv1) Protocol Support + +|https://datatracker.ietf.org/doc/html/rfc6519[RFC 6519] |RADIUS Extensions for Dual-Stack Lite + +|https://datatracker.ietf.org/doc/html/rfc6572[RFC 6572] |RADIUS Support for Proxy Mobile IPv6 + +|https://datatracker.ietf.org/doc/html/rfc6677[RFC 6677] |Channel-Binding Support for Extensible Authentication Protocol (EAP) Methods + + +|https://datatracker.ietf.org/doc/html/rfc7055[RFC 7055] |A GSS-API Mechanism or the Extensible Authentication Protocol + +|https://datatracker.ietf.org/doc/html/rfc7155[RFC 7155] |Diameter Network Access Server Application + +|https://datatracker.ietf.org/doc/html/rfc7268[RFC 7268] |RADIUS Attributes for IEEE 802 Networks + +|https://datatracker.ietf.org/doc/html/rfc7499[RFC 7499] |Support of Fragmentation of RADIUS Packets + +|https://datatracker.ietf.org/doc/html/rfc7930[RFC 7930] |Larger Packets for RADIUS over TCP + + + +|==== + +.Unpublished drafts +[options=header, cols="20,~",autowidth] +|==== +|Document|Description + +|http://tools.ietf.org/wg/eap/draft-funk-eap-ttls-v1-01.txt[draft-funk-eap-ttls] +|EAP Tunneled TLS Authentication Protocol Version 1 (EAP-TTLSv1). + +|http://www.freeradius.org/rfc/draft-schulzrinne-sipping-radius-accounting-00.txt[draft-schulzrinne-sipping-radius-accounting] +|RADIUS accounting for SIP servers. +|==== + +// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0. +// This documentation was developed by Network RADIUS SAS. diff --git a/doc/antora/modules/developers/pages/rfc_attributelist.adoc b/doc/antora/modules/developers/pages/rfc/radius_attributes.adoc similarity index 98% rename from doc/antora/modules/developers/pages/rfc_attributelist.adoc rename to doc/antora/modules/developers/pages/rfc/radius_attributes.adoc index 9447bc70652..c18eeabcf83 100644 --- a/doc/antora/modules/developers/pages/rfc_attributelist.adoc +++ b/doc/antora/modules/developers/pages/rfc/radius_attributes.adoc @@ -1,4 +1,4 @@ -= Attribute Definitions += RADIUS Attribute Definitions This page contains a list of RADIUS attribute definitions, with links to the relevant standards. diff --git a/doc/antora/modules/developers/pages/rfc_compliance.adoc b/doc/antora/modules/developers/pages/rfc_compliance.adoc deleted file mode 100644 index 9d2a5408df8..00000000000 --- a/doc/antora/modules/developers/pages/rfc_compliance.adoc +++ /dev/null @@ -1,433 +0,0 @@ - -= RFC Compliance - -RADIUS (Remote Authentication Dial-In User Service) RFC compliance is -critical for ensuring that network access control systems are secure, -interoperable, and scalable in 2026. Adhering to these IETF standards -provides a common language for diverse networking hardware and -software to communicate reliably. The importance of RADIUS RFC -compliance centers on four key areas: - -== Interoperability in Multi-Vendor Environments - -* De Facto Standard: RADIUS is the industry standard for centralizing - Authentication, Authorization, and Accounting (AAA). Compliance - ensures that a RADIUS server can communicate with network access - servers (NAS) like Wi-Fi access points, VPN gateways, and switches - from different manufacturers (e.g., Cisco, Aruba, Fortinet). - -* Consistent Behavior: RFCs provide documented, predictable behavior, - reducing unexpected issues when integrating new equipment into an - existing infrastructure. - -* Standardized Attributes: Standards like - https://datatracker.ietf.org/doc/html/rfc2865[RFC 2865] and - https://datatracker.ietf.org/doc/html/rfc2868[RFC 2868] define how - user attributes (e.g., VLAN assignments, tunnel protocols) are - formatted, ensuring they are correctly interpreted across the - network. - -== Security and Vulnerability Mitigation - -* Addressing Cryptographic Weaknesses: Legacy RADIUS (RFC 2865) relies - on MD5 hashing, which is now considered insecure. Recent critical - vulnerabilities like BlastRADIUS (identified in 2024) exploit these - MD5 weaknesses to forge authentication responses. - -* Protocol Evolution: Modern compliance often requires moving toward - newer standards like RadSec (RADIUS over TLS, RFC 6614), which - replaces unencrypted UDP transport with encrypted TLS. This protects - sensitive data, such as usernames and location information, from - eavesdropping and tampering. - -* Mandatory Integrity Checks: Updated standards mandate features like - the Message-Authenticator attribute to prevent packet forgery - attacks that were previously optional. - -== Scalability and Reliability - -* Centralised Management: Compliance allows organizations to manage - millions of users from a single point, making it suitable for large - ISPs and global enterprises. - -* Backward Compatibility: RFC-compliant systems are designed to evolve - while maintaining connections with older infrastructure, allowing - for gradual network upgrades without total system overhauls. - -The following is a comprehensive set of tables that list all the -RADIUS and related RFCs that are required reading. Depending on the -section or feature that you are delveloping, will determine which -documents you need to review. - -.RADIUS Related -[options=header,cols="20,~",autowidth] -|==== - -|RFC |Description - -|https://datatracker.ietf.org/doc/html/rfc2865[RFC 2865] |Remote Authentication Dial In User Service (RADIUS) (Obsoletes https://datatracker.ietf.org/doc/html/rfc2138[RFC 2138] and https://datatracker.ietf.org/doc/html/rfc2058[RFC 2058]). - -|https://datatracker.ietf.org/doc/html/rfc2866[RFC 2866] |RADIUS Accounting -(Obsoletes https://datatracker.ietf.org/doc/html/rfc2139[RFC 2139] and https://datatracker.ietf.org/doc/html/rfc2059[RFC 2059]). - -|https://datatracker.ietf.org/doc/html/rfc2867[RFC 2867] |RADIUS Accounting Modifications for Tunnel Protocol Support (Updates https://datatracker.ietf.org/doc/html/rfc2866[RFC 2866]). - -|https://datatracker.ietf.org/doc/html/rfc2868[RFC 2868] |RADIUS Attributes for Tunnel Protocol Support (Updates https://datatracker.ietf.org/doc/html/rfc2865[RFC 2865]). - -|https://datatracker.ietf.org/doc/html/rfc2869[RFC 2869] |RADIUS Extensions - -|https://datatracker.ietf.org/doc/html/rfc3576[RFC 3576] |Dynamic Authorization Extensions to Remote Authentication Dial In User Service (RADIUS) - -|https://datatracker.ietf.org/doc/html/rfc3580[RFC 3580] |IEEE 802.1X Remote Authentication Dial In User Service (RADIUS) Usage Guidelines - -|https://datatracker.ietf.org/doc/html/rfc4072[RFC 4072] |Diameter Extensible Authentication Protocol (EAP) Application - -|https://datatracker.ietf.org/doc/html/rfc4372[RFC 4372] |Chargeable User Identity - -|https://datatracker.ietf.org/doc/html/rfc4603[RFC 4603] |Additional Values for the NAS-Port-Type Attribute - -|https://datatracker.ietf.org/doc/html/rfc4675[RFC 4675] |RADIUS Attributes for Virtual LAN and Priority Support - -|https://datatracker.ietf.org/doc/html/rfc4849[RFC 4849] |RADIUS Filter Rule Attribute. - -|https://datatracker.ietf.org/doc/html/rfc5090[RFC 5090] |RADIUS Extension for Digest Authentication. - -|https://datatracker.ietf.org/doc/html/rfc5176[RFC 5176] |Dynamic Authorization Extensions to Remote Authentication Dial In User Service (RADIUS). - -|https://datatracker.ietf.org/doc/html/rfc5580[RFC 5580] |Carrying Location Objects in RADIUS and Diameter. - -|https://datatracker.ietf.org/doc/html/rfc5607[RFC 5607] |Remote Authentication Dial-In User Service (RADIUS) Authorization for Network Access Server (NAS) Management. - -|https://datatracker.ietf.org/doc/html/rfc6929[RFC 6929] |Remote Authentication Dial In User Service (RADIUS) Protocol Extensions -|==== - -.Authentication -[options=header, cols="20,~", autowidth] -|==== -|RFC |Description - -|https://datatracker.ietf.org/doc/html/rfc1994[RFC 1994] -|PPP Challenge Handshake Authentication Protocol (CHAP). - -|https://datatracker.ietf.org/doc/html/rfc2285[RFC 2284] -|PPP Extensible Authentication Protocol (EAP) - -|https://datatracker.ietf.org/doc/html/rfc2716[RFC 2716] -|PPP EAP TLS Authentication Protocol. - -|https://datatracker.ietf.org/doc/html/rfc2759[RFC 2759] -|Microsoft PPP CHAP Extensions, Version 2. - -|https://datatracker.ietf.org/doc/html/rfc3748[RFC 3748] -|Extensible Authentication Protocol (EAP). -|==== - -.Dynamic Host Control Protocol (DHCP) -[options=header, cols="20,~",autowidth] -|==== - -|RFC |Description - -|https://datatracker.ietf.org/doc/html/rfc2131[RFC 2131] |Dynamic Host Configuration Protocol - -|https://datatracker.ietf.org/doc/html/rfc2241[RFC 2241] |DHCP Options for Novell Directory Services - -|https://datatracker.ietf.org/doc/html/rfc2242[RFC 2242] |NetWare/IP Domain Name and Information - -|https://datatracker.ietf.org/doc/html/rfc2485[RFC 2485] |DHCP Option for The Open Group's User Authentication Protocol - -|https://datatracker.ietf.org/doc/html/rfc2563[RFC 2563] |DHCP Option to Disable Stateless Auto-Configuration in IPv4 Clients - -|https://datatracker.ietf.org/doc/html/rfc2610[RFC 2610] |DHCP Options for Service Location Protocol - -|https://datatracker.ietf.org/doc/html/rfc2937[RFC 2937] |The Name Service Search Option for DHCP - -|https://datatracker.ietf.org/doc/html/rfc3004[RFC 3004] |The User Class Option for DHCP -|https://datatracker.ietf.org/doc/html/rfc3011[RFC 3011] |The IPv4 Subnet Selection Option for DHCP - -|https://datatracker.ietf.org/doc/html/rfc3046[RFC 3046] |DHCP Relay Agent Information Option - -|https://datatracker.ietf.org/doc/html/rfc3118[RFC 3118] |Authentication for DHCP Messages - -|https://datatracker.ietf.org/doc/html/rfc3361[RFC 3361] |Dynamic Host Configuration Protocol (DHCP-for-IPv4) Option for Session Initiation Protocol (SIP) Servers - -|https://datatracker.ietf.org/doc/html/rfc3397[RFC 3397] |Dynamic Host Configuration Protocol (DHCP) Domain Search Option - -|https://datatracker.ietf.org/doc/html/rfc3442[RFC 3442] -|The Classless Static Route Option for Dynamic Host Configuration Protocol (DHCP) version. - -|https://datatracker.ietf.org/doc/html/rfc3495[RFC 3495] -|Dynamic Host Configuration Protocol (DHCP) Option for CableLabs Client Configuration. - -|https://datatracker.ietf.org/doc/html/rfc3679[RFC 3679] -|Unused Dynamic Host Configuration Protocol (DHCP) Option Codes. - - -|https://datatracker.ietf.org/doc/html/rfc4174[RFC 4174] |The IPv4 Dynamic Host Configuration Protocol (DHCP) Option for the Internet Storage Name Service - -|https://datatracker.ietf.org/doc/html/rfc4280[RFC 4280] |Dynamic Host Configuration Protocol (DHCP) Options for Broadcast and Multicast Control Servers - -|https://datatracker.ietf.org/doc/html/rfc4388[RFC 4388] |Dynamic Host Configuration Protocol (DHCP) Leasequery - -|https://datatracker.ietf.org/doc/html/rfc4578[RFC 4578] |Dynamic Host Configuration Protocol (DHCP) Options for the Intel Preboot eXecution Environment (PXE) - -|https://datatracker.ietf.org/doc/html/rfc4702[RFC 4702] |The Dynamic Host Configuration Protocol (DHCP) Client Fully Qualified Domain Name (FQDN) Option - -|https://datatracker.ietf.org/doc/html/rfc4776[RFC 4776] |Dynamic Host Configuration Protocol (DHCPv4 and DHCPv6) Option for Civic Addresses Configuration Information - -|https://datatracker.ietf.org/doc/html/rfc4833[RFC 4833] |Timezone Options for DHCP - -|https://datatracker.ietf.org/doc/html/rfc5071[RFC 5071] |Dynamic Host Configuration Protocol Options Used by PXELINUX - -|https://datatracker.ietf.org/doc/html/rfc5192[RFC 5192] |DHCP Options for Protocol for Carrying Authentication for Network Access (PANA) Authentication Agents - -|https://datatracker.ietf.org/doc/html/rfc5223[RFC 5223] |Discovering Location-to-Service Translation (LoST) Servers Using the Dynamic Host Configuration Protocol (DHCP) - -|https://datatracker.ietf.org/doc/html/rfc5417[RFC 5417] |Control And Provisioning of Wireless Access Points (CAPWAP) Access Controller DHCP Option - -|https://datatracker.ietf.org/doc/html/rfc5678[RFC 5678] |Dynamic Host Configuration Protocol (DHCPv4 and DHCPv6) Options for IEEE 802.21 Mobility Services (MoS) Discovery - -|https://datatracker.ietf.org/doc/html/rfc5859[RFC 5859] |TFTP Server Address Option for DHCPv4 - -|https://datatracker.ietf.org/doc/html/rfc5969[RFC 5969] |IPv6 Rapid Deployment on IPv4 Infrastructures (6rd) -- Protocol Specification - -|https://datatracker.ietf.org/doc/html/rfc5986[RFC 5986] |Discovering the Local Location Information Server (LIS) - -|https://datatracker.ietf.org/doc/html/rfc6011[RFC 6011] |Session Initiation Protocol (SIP) User Agent Configuration - -|https://datatracker.ietf.org/doc/html/rfc6153[RFC 6153] |DHCPv4 and DHCPv6 Options for Access Network Discovery and Selection Function (ANDSF) Discover - -|https://datatracker.ietf.org/doc/html/rfc6225[RFC 6225] |Dynamic Host Configuration Protocol Options for Coordinate-Based Location Configuration Information - -|https://datatracker.ietf.org/doc/html/rfc6656[RFC 6656] |Description of Cisco Systems' Subnet Allocation Option for DHCPv4 - -|https://datatracker.ietf.org/doc/html/rfc6926[RFC 6926] -|DHCPv4 Bulk Leasequery. - -|https://datatracker.ietf.org/doc/html/rfc7291[RFC 7291] |DHCP Options for the Port Control Protocol (PCP). - -|https://datatracker.ietf.org/doc/html/rfc7710[RFC 7710] |Captive-Portal Identification Using DHCP or Router Advertisements (RAs). - -|https://datatracker.ietf.org/doc/html/rfc7839[RFC 7839] |Access-Network-Identifier Option in DHCP. - -|https://datatracker.ietf.org/doc/html/rfc8115[RFC 8115] |DHCPv6 Option for IPv4-Embedded Multicast and Unicast IPv6 Prefixes - -|https://datatracker.ietf.org/doc/html/rfc8156[RFC 8156] |DHCPv6 Failover Protocol - -|https://datatracker.ietf.org/doc/html/rfc8357[RFC 8357] |Generalized UDP Source Port for DHCP Relay - -|https://datatracker.ietf.org/doc/html/rfc8559[RFC 8559] |Dynamic Authorization Proxying in the Remote Authentication Dial-In User Service (RADIUS) Protocol - -|https://datatracker.ietf.org/doc/html/rfc8658[RFC 8658] |RADIUS Attributes for Softwire Mechanisms Based on Address plus Port (A+P) - -|https://datatracker.ietf.org/doc/html/rfc9445[RFC 9445] |RADIUS Extensions for DHCP-Configured Services - -|==== - -.Dynamic Name Service (DNS) -[options=header, cols="20,~",autowidth] -|==== - -|RFC |Description - -|https://datatracker.ietf.org/doc/html/rfc6731[RFC 6731] |Improved Recursive DNS Server Selection for Multi-Interfaced Nodes. - -|https://datatracker.ietf.org/doc/html/rfc3646[RFC 3646] |DNS Configuration options for Dynamic Host Configuration Protocol for IPv6 (DHCPv6). -|==== - - -.Internet Protocol (IPv4-IPv6) -[options=header, cols="20,~",autowidth] -|==== - -|RFC |Description - -|https://datatracker.ietf.org/doc/html/rfc3162[RFC 3162] |RADIUS and IPv6. - -|https://datatracker.ietf.org/doc/html/rfc4818[RFC 4818] |RADIUS Delegated-IPv6-Prefix Attribute. - -|https://datatracker.ietf.org/doc/html/rfc5447[RFC 5447] |Diameter Mobile IPv6: Support for Network Access Server to Diameter Server Interaction. - -|https://datatracker.ietf.org/doc/html/rfc6911[RFC 6911] |RADIUS Attributes for IPv6 Access Networks. - -|https://datatracker.ietf.org/doc/html/rfc7600[RFC 7600] |IPv4 Residual Deployment via IPv6 - A Stateless Solution (4rd). -|==== - -.SNMP Related -[options=header, cols="20,~",autowidth] -|==== - -|RFC |Description - -|https://datatracker.ietf.org/doc/html/rfc1227[RFC 1227] |SNMP MUX Protocol and MIB. - -|https://datatracker.ietf.org/doc/html/rfc2169[RFC 2619] |RADIUS Authentication Server MIB. - -|https://datatracker.ietf.org/doc/html/rfc2621[RFC 2621] |RADIUS Accounting Server MIB. - -|==== - -.Vendor-Specific Attributes -[options=header, cols="20,~",autowidth] -|==== -| RFC |Description - -|https://datatracker.ietf.org/doc/html/rfc2548[RFC 2548] -|Microsoft Vendor-Specific RADIUS Attributes. - -|https://datatracker.ietf.org/doc/html/rfc4679[RFC 4679] |DSL Forum Vendor-Specific RADIUS Attributes - -|https://datatracker.ietf.org/doc/html/rfc5904[RFC 5904] |RADIUS Attributes for IEEE 802.16 Privacy Key Management Version 1 (PKMv1) Protocol Support - -|https://datatracker.ietf.org/doc/html/rfc6519[RFC 6519] |RADIUS Extensions for Dual-Stack Lite - -|https://datatracker.ietf.org/doc/html/rfc6572[RFC 6572] |RADIUS Support for Proxy Mobile IPv6 - -|https://datatracker.ietf.org/doc/html/rfc6677[RFC 6677] |Channel-Binding Support for Extensible Authentication Protocol (EAP) Methods - - -|https://datatracker.ietf.org/doc/html/rfc7055[RFC 7055] |A GSS-API Mechanism or the Extensible Authentication Protocol - -|https://datatracker.ietf.org/doc/html/rfc7155[RFC 7155] |Diameter Network Access Server Application - -|https://datatracker.ietf.org/doc/html/rfc7268[RFC 7268] |RADIUS Attributes for IEEE 802 Networks - -|https://datatracker.ietf.org/doc/html/rfc7499[RFC 7499] |Support of Fragmentation of RADIUS Packets - -|https://datatracker.ietf.org/doc/html/rfc7930[RFC 7930] |Larger Packets for RADIUS over TCP - -|https://datatracker.ietf.org/doc/html/rfc8045[RFC 8045] |RADIUS Extensions for IP Port Configuration and Reporting - -|https://datatracker.ietf.org/doc/html/rfc3925[RFC 3925] -|Vendor-Identifying Vendor Options for Dynamic Host Configuration Protocol version 4 (DHCPv4). - -|https://datatracker.ietf.org/doc/html/rfc4039[RFC 4039] |Rapid Commit Option for the Dynamic Host Configuration Protocol version 4 (DHCPv4). - -|https://datatracker.ietf.org/doc/html/rfc8357[RFC 8357] |Generalized UDP Source Port for DHCP Relay. - -|https://datatracker.ietf.org/doc/html/rfc8910[RFC 8910] |Captive-Portal Identification in DHCP and Router Advertisements (RAs). - -|https://datatracker.ietf.org/doc/html/rfc8925[RFC 8925] |IPv6-Only Preferred Option for DHCPv4. - -|https://datatracker.ietf.org/doc/html/rfc1034[RFC 1034] |Domain names - concepts and facilities. - -|https://datatracker.ietf.org/doc/html/rfc3315[RFC 3315] |Dynamic Host Configuration Protocol for IPv6 (DHCPv6). - -|https://datatracker.ietf.org/doc/html/rfc3319[RFC 3319] |Dynamic Host Configuration Protocol (DHCPv6) Options for Session Initiation Protocol (SIP) Servers. - -|https://datatracker.ietf.org/doc/html/rfc3633[RFC 3633] |IPv6 Prefix Options for Dynamic Host Configuration Protocol (DHCP) version 6 - -|https://datatracker.ietf.org/doc/html/rfc3898[RFC 3898] |Network Information Service (NIS) Configuration Options for Dynamic Host Configuration Protocol for IPv6 (DHCPv6). - -|https://datatracker.ietf.org/doc/html/rfc4075[RFC 4075] |Simple Network Time Protocol (SNTP) Configuration Option for DHCPv6. - -|https://datatracker.ietf.org/doc/html/rfc4242[RFC 4242] |Information Refresh Time Option for Dynamic Host Configuration Protocol for IPv6 (DHCPv6). - -|https://datatracker.ietf.org/doc/html/rfc4280[RFC 4280] |Dynamic Host Configuration Protocol (DHCP) Options for Broadcast and Multicast Control Servers. - -|https://datatracker.ietf.org/doc/html/rfc4580[RFC 4580] |Dynamic Host Configuration Protocol for IPv6 (DHCPv6) Relay Agent Subscriber-ID Option. - -|https://datatracker.ietf.org/doc/html/rfc4649[RFC 4649] |Dynamic Host Configuration Protocol for IPv6 (DHCPv6) Relay Agent Remote-ID Option. - -|https://datatracker.ietf.org/doc/html/rfc4704[RFC 4704] |The Dynamic Host Configuration Protocol for IPv6 (DHCPv6) Client Fully Qualified Domain Name (FQDN) Option. - -|https://datatracker.ietf.org/doc/html/rfc4776[RFC 4776] |Dynamic Host Configuration Protocol (DHCPv4 and DHCPv6) Option for Civic Addresses Configuration Information. - -|https://datatracker.ietf.org/doc/html/rfc4833[RFC 4833] |Timezone Options for DHCP. - -|https://datatracker.ietf.org/doc/html/rfc4994[RFC 4994] |DHCPv6 Relay Agent Echo Request Option. - -|https://datatracker.ietf.org/doc/html/rfc5007[RFC 5007] |DHCPv6 Leasequery. - -|https://datatracker.ietf.org/doc/html/rfc5192[RFC 5192] |DHCP Options for Protocol for Carrying Authentication for Network Access (PANA) Authentication Agents. - -|https://datatracker.ietf.org/doc/html/rfc5223[RFC 5223] |Discovering Location-to-Service Translation (LoST) Servers Using the Dynamic Host Configuration Protocol (DHCP). - -|https://datatracker.ietf.org/doc/html/rfc5417[RFC 5417] |Control And Provisioning of Wireless Access Points (CAPWAP) Access Controller DHCP Option. - -|https://datatracker.ietf.org/doc/html/rfc5460[RFC 5460] |DHCPv6 Bulk Leasequery. - -|https://datatracker.ietf.org/doc/html/rfc5678[RFC 5678] |Dynamic Host Configuration Protocol (DHCPv4 and DHCPv6) Options for IEEE 802.21 Mobility Services (MoS) Discovery. - -|https://datatracker.ietf.org/doc/html/rfc5908[RFC 5908] |Network Time Protocol (NTP) Server Option for DHCPv6. - -|https://datatracker.ietf.org/doc/html/rfc5970[RFC 5970] |DHCPv6 Options for Network Boot. -|https://datatracker.ietf.org/doc/html/rfc5986[RFC 5986] |Discovering the Local Location Information Server (LIS). - -|https://datatracker.ietf.org/doc/html/rfc6011[RFC 6011] |Session Initiation Protocol (SIP) User Agent Configuration. - -|https://datatracker.ietf.org/doc/html/rfc6153[RFC 6153] |DHCPv4 and DHCPv6 Options for Access Network Discovery and Selection Function (ANDSF) Discovery. - -|https://datatracker.ietf.org/doc/html/rfc6225[RFC 6225] |Dynamic Host Configuration Protocol Options for Coordinate-Based Location Configuration Information. - -|https://datatracker.ietf.org/doc/html/rfc6334[RFC 6334] |Dynamic Host Configuration Protocol for IPv6 (DHCPv6) Option for Dual-Stack Lite. - -|https://datatracker.ietf.org/doc/html/rfc6355[RFC 6355] |Definition of the UUID-Based DHCPv6 Unique Identifier (DUID-UUID). - -|https://datatracker.ietf.org/doc/html/rfc6422[RFC 6422] |Relay-Supplied DHCP Options. - -|https://datatracker.ietf.org/doc/html/rfc6440[RFC 6440] |The EAP Re-authentication Protocol (ERP) Local Domain Name DHCPv6 Option. - -|https://datatracker.ietf.org/doc/html/rfc6603[RFC 6603] |Prefix Exclude Option for DHCPv6-based Prefix Delegation. - -|https://datatracker.ietf.org/doc/html/rfc6607[RFC 6607] |Virtual Subnet Selection Options for DHCPv4 and DHCPv6. - -| https://datatracker.ietf.org/doc/html/rfc6610[RFC 6610] |DHCP Options for Home Information Discovery in Mobile IPv6 (MIPv6). - -|https://datatracker.ietf.org/doc/html/rfc6731[RFC 6731] |Improved Recursive DNS Server Selection for Multi-Interfaced Nodes. - -|https://datatracker.ietf.org/doc/html/rfc6784[RFC 6784] |Kerberos Options for DHCPv6. - -|https://datatracker.ietf.org/doc/html/rfc6939[RFC 6939] |Client Link-Layer Address Option in DHCPv6. - -|https://datatracker.ietf.org/doc/html/rfc6977[RFC 6977] |Triggering DHCPv6 Reconfiguration from Relay Agents. - -|https://datatracker.ietf.org/doc/html/rfc7037[RFC 7037] |RADIUS Option for the DHCPv6 Relay Agent. - -|https://datatracker.ietf.org/doc/html/rfc7078[RFC 7078] |Distributing Address Selection Policy Using DHCPv6. - -|https://datatracker.ietf.org/doc/html/rfc7083[RFC 7083] |Modification to Default Values of SOL_MAX_RT and INF_MAX_RT. - -|https://datatracker.ietf.org/doc/html/rfc7291[RFC 7291] |DHCP Options for the Port Control Protocol (PCP). - -|https://datatracker.ietf.org/doc/html/rfc7341[RFC 7341] |DHCPv4-over-DHCPv6 (DHCP 4o6) Transport. - -|https://datatracker.ietf.org/doc/html/rfc7598[RFC 7598] |DHCPv6 Options for Configuration of Softwire Address and Port-Mapped Clients. - -|https://datatracker.ietf.org/doc/html/rfc7653[RFC 7653] |DHCPv6 Active Leasequery. - -|https://datatracker.ietf.org/doc/html/rfc7710[RFC 7710] |Captive-Portal Identification Using DHCP or Router Advertisements (RAs). - -|https://datatracker.ietf.org/doc/html/rfc7774[RFC 7774] |Multicast Protocol for Low-Power and Lossy Networks (MPL) Parameter Configuration Option for DHCPv6. - -|https://datatracker.ietf.org/doc/html/rfc7839[RFC 7839] |Access-Network-Identifier Option in DHCP. - -|https://datatracker.ietf.org/doc/html/rfc8026[RFC 8026] |Unified IPv4-in-IPv6 Softwire Customer Premises Equipment (CPE): A DHCPv6-Based Prioritization Mechanism. - -|==== - - -.RADIUS RFCs Informational -[options=header, cols="20,~",autowidth] -|==== - -|RFC |Description - -|https://datatracker.ietf.org/doc/html/rfc2882[RFC 2882] |Network Access Servers Requirements: Extended RADIUS Practices -|https://datatracker.ietf.org/doc/html/rfc3576[RFC 3576] |Dynamic Authorization Extensions to Remote Authentication Dial In User Service (RADIUS) -|==== - -.DRAFT Compliance -[options=header, cols="20,~",autowidth] -|==== -|Document|Description - -|http://tools.ietf.org/wg/eap/draft-funk-eap-ttls-v1-01.txt[draft-funk-eap-ttls] -|EAP Tunneled TLS Authentication Protocol Version 1 (EAP-TTLSv1). - -|http://www.freeradius.org/rfc/draft-schulzrinne-sipping-radius-accounting-00.txt[draft-schulzrinne-sipping-radius-accounting] -|RADIUS accounting for SIP servers. -|==== - -// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0. -// This documentation was developed by Network RADIUS SAS.