Implementation Report for RADIUS 1999/12/2 Carl Rigney, RADIUS WG Chair Included below is a list of information from February 1999 regarding 30 RADIUS implementations, in support of the requirement for two independent, interoperable implementations before acceptance of the protocol specification as a Draft Standard. This list of 11 clients and 19 servers is only a partial list of available implementations. A detailed feature list for 16 of the implementations is attached at the end. Everything in RADIUS Internet-Draft submitted for advancement to Draft Standard is available in at least two independent interoperable implementations. More than a dozen independent implementations have been tested for interoperability at two RADIUS bake-offs: Los Angeles, CA - 3/2-3/1996 Washington, DC - 12/3-5/1997 RADIUS has been deployed since 1994, and is in active use at thousands of sites. ________________ RADIUS client Company: Ascend Communications Product: TAOS 7.0.0 Contact: Aydin Edguer ________________ RADIUS client Company: Cabletron Systems, Inc. (formerly Digital Equipment Corp) Product: Network Access Software (NAS) V2.3 Contact: David Nelson ________________ RADIUS clients Company: Cisco Systems Product: CiscoSecure Global Roaming Server (GRS) - Radius Proxy Server Cisco User Control Point (UCP) - Fault-tolerant Radius Server and Radius Proxy Server (GRS) http://www.cisco.com/warp/public/728/Secure/cgrsu_ds.htm (UCP) http://www.cisco.com/warp/public/728/ucp/ucp_ds.htm Contact: Hari Harikrishnan Interoperability experience: Interoperates with Ascend, USR/3COM NASes, as well as Cisco NASs Years in existence: 2 Interoperability issues: No major issues known RADIUS Server and Client Company: Cisco Systems Product: CiscoSecure NT Contact: Michael Kuch URLs: http://www.cisco.com/warp/public/728/Secure/cacsw_ds.htm Interoperability experience: Interoperates with Ascend NAS, Shiva NAS, Cisco NAS, and Redcreek Ravlin. Years in existence: 2 Interoperability issues: No major issues known ________________ RADIUS client Company: Compatible Systems Corp. http://www.compatible.com Product: MicroRouter Family - VPN Branch office routers RISCRouter Family - Remote Access Routers IntraPort Family - VPN Servers Contact: John Gawf, Partially implementation from reference to draft RFCs and to Livingston's server code for interpretation of some options. Implemented in C. Available in our products since January 1996 Support for CHAP and PAP. Support for VPN attributes since May 1998. ________________ RADIUS client Company: Livingston Enterprises (now Lucent Technologies) Product: PortMaster Contact: Carl Rigney This is the original RADIUS client implementation by Steve Willens of Livingston Enterprises. It interoperates with all RFC-compliant RADIUS implementations we know of (more than a dozen). It was successful in both bake-offs. ________________ RADIUS client Company: Microsoft Product: Microsoft Windows NT Server 4.0 Contact: Bernard Aboba Independent Implementation based on RFC. Successfully interoperated at bake-off. RADIUS client available since 6/97. ________________ RADIUS client Company: Nokia Telecommunications Product: Eksos i20 Contact: Aarne Yla-Rotiala Implementation is based on RFCs only. ________________ RADIUS client Company: Nortel Networks Product: Versalar 5399 & 8000 Remote Access Concentrator R15 Contact: Dave Mitton ________________ RADIUS client Company Name: Redback Networks Product: SMS1000 Contact: Che-lin Ho Implemented from the RFC. Interoperability: In-house and customer tested with the following Radius servers: MERIT, Livingston, Funk Software's Steel-Belted Radius, Ascend ________________ RADIUS client Company: Xyplex Networks http://www.xyplex.com Product: MX16xx, N3K, N9K, EdgeGuardian, EdgeBlaster Contact: Kevin Bowen Independent Implementation based on RFC. Available for 3 years Servers tested against: Livingston, Merit, Steel-Belted Radius (Funk Software) ________________________________________________________________________ RADIUS server Company: Alcatel Telecom (Belgium) Product: Service Management Center (SMC) 2.1 Contact: Marc De Vries The SMC has been available since Q4 1996 and is typically used by Telcos and network providers reselling access ports to service providers. Platforms are DEC Alpha and SUN clusters running SMC server software and an Oracle RDBMS. The user interface consists of MS Windows based GUIs. Implementation consists of own source code, starting from RADIUS draft-05 at the time. Along the line, support has been added or updated for - RADIUS RFC 2138/2139 - Extension drafts from the RADIUS WG - Vendor-Specific implementations (Ascend, Cisco, Alcatel, USR, ...); URL: http://www.alcatel.com/telecom/asd/keytech/adsl/smc/ _________________ RADIUS server Company: Ascend Communications Product: NavisRadius 1.3 Contact: Aydin Edguer ________________ RADIUS server Company: Bay Networks Product: BaySecure Access Control RADIUS server Contact: Dave Mitton The BaySecure Access Control RADIUS server is an OEM implementation of Funk Software's Steel-Belted RADIUS implementation. ________________ RADIUS Server Company: Cabletron Systems, Inc. (formerly Digital Equipment Corp) Product: Cabletron RADIUS Server (Digital Remote Access Security) V2.3C Contact: David Nelson ________________ RADIUS server Company: Cisco Systems Product: CiscoSecure Global Roaming Server (GRS) - Radius Proxy Server Cisco User Control Point (UCP) - Fault-tolerant Radius Server and Radius Proxy Server (GRS) http://www.cisco.com/warp/public/728/Secure/cgrsu_ds.htm (UCP) http://www.cisco.com/warp/public/728/ucp/ucp_ds.htm Contact: Hari Harikrishnan Interoperability experience: Interoperates with Ascend, USR/3COM NASs as well as Cisco NASs Years in existence: 2 Interoperability issues: No major issues known ________________ RADIUS server Company: Cisco Systems Product: CiscoSecure NT Contact: Michael Kuch URLs: http://www.cisco.com/warp/public/728/Secure/cacsw_ds.htm Interoperability experience: Interoperates with Ascend NAS, Shiva NAS, Cisco NAS, and Redcreek Ravlin. Years in existence: 2 Interoperability issues: No major issues known ________________ RADIUS server (with test client) Company: CRYPTOCard Inc. Product: easyRADIUS v3.5 Contact: Alan DeKok Partially based on Cistron (www.cistron.nl), which was in turn based on Livingston 1.16. ________________ RADIUS server Company: Cyno Technologies Product: MacRADIUS 1.1v8 Contact: Ward Willats ________________ RADIUS server Company: Databus Inc. Product: evprog.9810272307 (internal to AT&T) Contact: Barney Wolff This RADIUS server is for AT&T internal use only, but it is in daily heavy use. It was done entirely from scratch except that it used the radius.h file, unchanged, from the Ascend distribution. ________________ RADIUS server Company: HappySize, Inc. Product: fullflex RADIUS server 1.2.0 (build 3333) Contact: ________________ RADIUS server Company: IEA Software, Inc. http://www.iea-software.com Product: RadiusNT Enterprise 2.5 Contact: Dale E. Reed Jr. Implementation originally based on Livingston RADIUS server 1.16. A majority of the current code was completely re-written based on the RFC. Successful at both bake-offs. RadiusNT has been available for about four years for the Windows NT platform. It has been widely tested with most Major NAS vendors. ________________ RADIUS server Company: Livingston Enterprises Inc. (now Lucent Technologies Inc.) Product: RADIUS Server 2.1 Contact: Carl Rigney RADIUS Server 2.1 is based on the original RADIUS Server 1.16 implementation by Steve Willens of Livingston Enterprises in 1992. It interoperates with all RFC-compliant RADIUS implementations. It was successful in both bake-offs. ________________ RADIUS server Company: Lucent Technologies Inc. Product: Port Authority 2.1 Contact: Richard Perlman Based originally on Microsoft Commercial Internet Services RADIUS Server. Successful at the second RADIUS bake-off. ________________ RADIUS server (with test RADIUS clients) Company: Merit Network, Incorporated http://www.merit.edu/aaa/ Product: Merit AAA Server Contact: John Vollbrecht Based on Livingston 1.5 server, heavily modified and extended. Successful interoperation at the December 1997 bakeoff. Implemented in C for UNIX platforms. Available since 1994 ________________ RADIUS server Company: Microsoft http://www.microsoft.com Product: Microsoft Internet Authentication Service Contact: Ashwin Palekar Took part in second bake-off successfully. First released with NT4 option pack. RADIUS proxy capabilities released as a part of Microsoft MCIS release. Next release NT5. No known interoperability issues. ________________ RADIUS server Company: Microsoft Product: Microsoft Windows NT Server 4.0 Contact: Bernard Aboba Independent Implementation based on RFC. Successfully interoperated at bake-off. RADIUS server available since 9/97. ________________ RADIUS server Company: Novell, Inc. Product: BorderManager Authentication Service Contact: Steve Grau Developed from scratch using the RFCs. We were at the second bake-off and experienced good interoperability. Also, many customers are using the product with a good variety of access servers and firewalls including products from: 3Com, Ascend, Checkpoint, Cisco, Lucent, Shiva, and others. We also support vendor extensions, and interoperation with a heterogeneous collection of RADIUS clients in one environment. BorderManager Authentication Service operates on NetWare 4, NetWare 5, and Windows NT 4. It integrates with Novell Directory Services (NDS) to provide consolidated administration of users with other network services managed via NDS. The product has been available since August of 1997. http://www.novell.com/bordermanager/bmas/. _________________ RADIUS Server Company: Secure Computing Corporation http://www.safeword.com/ Product: The SafeWord RADIUS Server Contact: Bob Bosen, bbosen@safeword.com Derives from the Livingston reference implementation 1.16, with heavy referencing to RFC 2138. We have conducted our own, Internet-based, independent interoperability certification exercises, and published all of the results at http://www.safeword.com/safeword/prod/clients/radius/rclients.htm We maintain an automated interoperability facility 24 hrs/day on the Internet, which you can read about at http://www.safeword.com/sw44demo.htm ________________ ________________________________________________________________________ Feature support ________________________________________________________________________ Y means that feature is supported in the RADIUS implementation NOW, N means it is not. No fair saying you'll be adding it later, it has to be in your implementation that's already done and being used somewhere, although beta or experimental software counts as in use, as long as its actually running. Note that not all values of a given attribute need to be supported, if the NAS only supports PPP but not SLIP, that counts as supporting the Framed-Protocol attribute. Note that Accounting is informational so its attributes are not listed here, but the Accounting packet codes *are* included in the RADIUS RFC, so they are listed here. Proxy Features are only relevant for servers. ________________ Company name: Alcatel Telecom Product Name: Service Management Center (A1135 SMC) Product Version: 2.1 __ Proxy supported: Y Server can forward an access-request to another RADIUS server Y Server can receive an access-accept, reject, or challenge and forward to a RADIUS client Y Server copies all Proxy-States from request to response when replying to request Y Server strips its own Proxy-State from response before forwarding to client __Packet Types supported: Y Access-Request Y Access-Accept Y Access-Reject Y Access-Challenge Y Accounting-Request Y Accounting-Response __ Attributes supported: Y User-Name Y User-Password up to 16 characters long Y User-Password up to 128 characters long (encrypted as described in RFC 2138) Y CHAP-Password Y NAS-IP-Address Y NAS-Port Y Service-Type Y Framed-Protocol Y Framed-IP-Address Y Framed-IP-Netmask Y Framed-Routing Y Filter-Id Y Framed-MTU Y Framed-Compression Y Login-IP-Host Y Login-Service Y Login-TCP-Port Y Reply-Message Y Callback-Number Y Callback-Id Y Framed-Route Y Framed-IPX-Network Y State Y Class (for a Client this means it sends Class from access-accepts in its accounting-requests Y Vendor-Specific Y Session-Timeout Y Idle-Timeout Y Termination-Action Y Called-Station-Id Y Calling-Station-Id Y NAS-Identifier Y Proxy-State Y Login-LAT-Service Y Login-LAT-Node Y Login-LAT-Group Y Framed-AppleTalk-Link Y Framed-AppleTalk-Network Y Framed-AppleTalk-Zone N CHAP-Challenge Y NAS-Port-Type Y Port-Limit Y Login-LAT-Port __ Features supported: Y Identifier (in packet header) Y Request Authenticator Y Response Authenticator Y Challenge Response Y Supports PAP Y Supports CHAP ________________ Company name: Ascend Communications Product Name: NavisRadius Product Version: 1.3 __ Proxy supported: Y Server can forward an access-request to another RADIUS server Y Server can receive an access-accept, reject, or challenge and forward to a RADIUS client Y Server copies all Proxy-States from request to response when replying to request Y Server strips its own Proxy-State from response before forwarding to client __Packet Types supported: Y Access-Request Y Access-Accept Y Access-Reject Y Access-Challenge Y Accounting-Request Y Accounting-Response __ Attributes supported: Y User-Name Y User-Password up to 16 characters long Y User-Password up to 128 characters long (encrypted as described in RFC 2138) Y CHAP-Password Y NAS-IP-Address Y NAS-Port Y Service-Type Y Framed-Protocol Y Framed-IP-Address Y Framed-IP-Netmask Y Framed-Routing Y Filter-Id Y Framed-MTU Y Framed-Compression Y Login-IP-Host Y Login-Service Y Login-TCP-Port Y Reply-Message Y Callback-Number Y Callback-Id Y Framed-Route Y Framed-IPX-Network Y State Y Class (for a Client this means it sends Class from access-accepts in its accounting-requests Y Vendor-Specific Y Session-Timeout Y Idle-Timeout Y Termination-Action Y Called-Station-Id Y Calling-Station-Id Y NAS-Identifier Y Proxy-State Y Login-LAT-Service Y Login-LAT-Node Y Login-LAT-Group Y Framed-AppleTalk-Link Y Framed-AppleTalk-Network Y Framed-AppleTalk-Zone Y CHAP-Challenge Y NAS-Port-Type Y Port-Limit Y Login-LAT-Port __ Features supported: Y Identifier (in packet header) Y Request Authenticator Y Response Authenticator Y Challenge Response Y Supports PAP Y Supports CHAP ________________ Company name: Ascend Communications Product Name: TAOS Product Version: 7.0.0 __ Proxy supported: n/a __Packet Types supported: Y Access-Request Y Access-Accept Y Access-Reject Y Access-Challenge Y Accounting-Request Y Accounting-Response __ Attributes supported: Y User-Name Y User-Password up to 16 characters long Y User-Password up to 128 characters long (encrypted as described in RFC 2138) Y CHAP-Password Y NAS-IP-Address Y NAS-Port Y Service-Type Y Framed-Protocol Y Framed-IP-Address Y Framed-IP-Netmask Y Framed-Routing Y Filter-Id Y Framed-MTU Y Framed-Compression Y Login-IP-Host Y Login-Service Y Login-TCP-Port Y Reply-Message N Callback-Number N Callback-Id Y Framed-Route Y Framed-IPX-Network Y State Y Class (for a Client this means it sends Class from access-accepts in its accounting-requests Y Vendor-Specific Y Session-Timeout Y Idle-Timeout N Termination-Action Y Called-Station-Id Y Calling-Station-Id N NAS-Identifier N Proxy-State N Login-LAT-Service N Login-LAT-Node N Login-LAT-Group N Framed-AppleTalk-Link N Framed-AppleTalk-Network N Framed-AppleTalk-Zone N CHAP-Challenge Y NAS-Port-Type N Port-Limit N Login-LAT-Port __ Features supported: Y Identifier (in packet header) Y Request Authenticator Y Response Authenticator Y Challenge Response Y Supports PAP Y Supports CHAP ________________ Company name: Cabletron Systems, Inc. (formerly Digital Equipment Corp) Product Name: Network Access Software (NAS) Product Version: V2.3 __ Proxy supported: n/a __Packet Types supported: Y Access-Request Y Access-Accept Y Access-Reject Y Access-Challenge Y Accounting-Request Y Accounting-Response __ Attributes supported: Y User-Name Y User-Password up to 16 characters long Y User-Password up to 128 characters long (encrypted as described in RFC 2138) Y CHAP-Password Y NAS-IP-Address Y NAS-Port Y Service-Type Y Framed-Protocol Y Framed-IP-Address N Framed-IP-Netmask N Framed-Routing N Filter-Id Y Framed-MTU N Framed-Compression Y Login-IP-Host Y Login-Service Y Login-TCP-Port Y Reply-Message Y Callback-Number Y Callback-Id N Framed-Route N Framed-IPX-Network Y State Y Class (for a Client this means it sends Class from access-accepts in its accounting-requests Y Vendor-Specific Y Session-Timeout Y Idle-Timeout N Termination-Action N Called-Station-Id N Calling-Station-Id N NAS-Identifier N Proxy-State Y Login-LAT-Service Y Login-LAT-Node Y Login-LAT-Group N Framed-AppleTalk-Link N Framed-AppleTalk-Network N Framed-AppleTalk-Zone N CHAP-Challenge N NAS-Port-Type N Port-Limit Y Login-LAT-Port __ Features supported: Y Identifier (in packet header) Y Request Authenticator Y Response Authenticator Y Challenge Response Y Supports PAP Y Supports CHAP ________________ Company name: Cabletron Systems, Inc. (formerly Digital Equipment Corp) Product Name: Cabletron RADIUS Server (Digital Remote Access Security) Product Version: V2.3C Contact: David Nelson __ Proxy supported: N Server can forward an access-request to another RADIUS server N Server can receive an access-accept, reject, or challenge and forward to a RADIUS client N Server copies all Proxy-States from request to response when replying to request N Server strips its own Proxy-State from response before forwarding to client __Packet Types supported: Y Access-Request Y Access-Accept Y Access-Reject Y Access-Challenge Y Accounting-Request Y Accounting-Response __ Attributes supported: Y User-Name Y User-Password up to 16 characters long Y User-Password up to 128 characters long (encrypted as described in RFC 2138) Y CHAP-Password Y NAS-IP-Address Y NAS-Port Y Service-Type Y Framed-Protocol Y Framed-IP-Address Y Framed-IP-Netmask Y Framed-Routing Y Filter-Id Y Framed-MTU Y Framed-Compression Y Login-IP-Host Y Login-Service Y Login-TCP-Port Y Reply-Message Y Callback-Number Y Callback-Id Y Framed-Route Y Framed-IPX-Network Y State Y Class (for a Client this means it sends Class from access-accepts in its accounting-requests Y Vendor-Specific Y Session-Timeout Y Idle-Timeout N Termination-Action N Called-Station-Id N Calling-Station-Id Y NAS-Identifier N Proxy-State Y Login-LAT-Service Y Login-LAT-Node Y Login-LAT-Group Y Framed-AppleTalk-Link Y Framed-AppleTalk-Network Y Framed-AppleTalk-Zone N CHAP-Challenge N NAS-Port-Type N Port-Limit Y Login-LAT-Port __ Features supported: Y Identifier (in packet header) Y Request Authenticator Y Response Authenticator Y Challenge Response Y Supports PAP Y Supports CHAP ________________ Company name: CRYPTOCard Inc. Product Name: easyRADIUS Product Version: 3.5 __ Proxy supported: N Server can forward an access-request to another RADIUS server N Server can receive an access-accept, reject, or challenge and forward to a RADIUS client Y Server copies all Proxy-States from request to response when replying to request N Server strips its own Proxy-State from response before forwarding to client __Packet Types supported: Y Access-Request Y Access-Accept Y Access-Reject Y Access-Challenge Y Accounting-Request Y Accounting-Response __ Attributes supported: Y User-Name Y User-Password up to 16 characters long Y User-Password up to 128 characters long (encrypted as described in RFC 2138) Y CHAP-Password Y NAS-IP-Address Y NAS-Port Y Service-Type Y Framed-Protocol Y Framed-IP-Address Y Framed-IP-Netmask Y Framed-Routing Y Filter-Id Y Framed-MTU Y Framed-Compression Y Login-IP-Host Y Login-Service Y Login-TCP-Port Y Reply-Message Y Callback-Number Y Callback-Id Y Framed-Route Y Framed-IPX-Network Y State Y Class (for a Client this means it sends Class from access-accepts in its accounting-requests Y Vendor-Specific Y Session-Timeout Y Idle-Timeout Y Termination-Action Y Called-Station-Id Y Calling-Station-Id Y NAS-Identifier Y Proxy-State Y Login-LAT-Service Y Login-LAT-Node Y Login-LAT-Group N Framed-AppleTalk-Link N Framed-AppleTalk-Network N Framed-AppleTalk-Zone Y CHAP-Challenge Y NAS-Port-Type Y Port-Limit Y Login-LAT-Port __ Features supported: Y Identifier (in packet header) Y Request Authenticator Y Response Authenticator Y Challenge Response Y Supports PAP Y Supports CHAP ________________ Company name: Cyno Technologies Product Name: MacRADIUS Product Version: 1.1v8 __ Proxy supported: N Server can forward an access-request to another RADIUS server N Server can receive an access-accept, reject, or challenge and forward to a RADIUS client Y Server copies all Proxy-States from request to response when replying to request N Server strips its own Proxy-State from response before forwarding to client __Packet Types supported: Y Access-Request Y Access-Accept Y Access-Reject N Access-Challenge Y Accounting-Request Y Accounting-Response __ Attributes supported: Y User-Name Y User-Password up to 16 characters long Y User-Password up to 128 characters long (encrypted as described in RFC 2138) Y CHAP-Password Y NAS-IP-Address Y NAS-Port Y Service-Type Y Framed-Protocol Y Framed-IP-Address Y Framed-IP-Netmask Y Framed-Routing Y Filter-Id Y Framed-MTU Y Framed-Compression Y Login-IP-Host Y Login-Service Y Login-TCP-Port Y Reply-Message Y Callback-Number Y Callback-Id Y Framed-Route Y Framed-IPX-Network Y State Class (for a Client this means it sends Class from access-accepts in its Y accounting-requests Y Vendor-Specific Y Session-Timeout Y Idle-Timeout Y Termination-Action Y Called-Station-Id Y Calling-Station-Id Y NAS-Identifier Y Proxy-State Y Login-LAT-Service Y Login-LAT-Node Y Login-LAT-Group Y Framed-AppleTalk-Link Y Framed-AppleTalk-Network Y Framed-AppleTalk-Zone Y CHAP-Challenge Y NAS-Port-Type Y Port-Limit Y Login-LAT-Port __ Features supported: N Identifier (in packet header) Y Request Authenticator Y Response Authenticator N Challenge Response Y Supports PAP Y Supports CHAP __ Proxy supported: Y Server can forward an access-request to another RADIUS server Y Server can receive an access-accept, reject, or challenge and forward to a RADIUS client Y Server copies all Proxy-States from request to response when replying to request Y Server strips its own Proxy-State from response before forwarding to client __Packet Types supported: Y Access-Request Y Access-Accept Y Access-Reject Y Access-Challenge Y Accounting-Request Y Accounting-Response __ Attributes supported: Y User-Name Y User-Password up to 16 characters long Y User-Password up to 128 characters long (encrypted as described in RFC 2138) Y CHAP-Password Y NAS-IP-Address Y NAS-Port Y Service-Type Y Framed-Protocol Y Framed-IP-Address N Framed-IP-Netmask N Framed-Routing Y Filter-Id N Framed-MTU N Framed-Compression Y Login-IP-Host Y Login-Service Y Login-TCP-Port Y Reply-Message N Callback-Number N Callback-Id Y Framed-Route N Framed-IPX-Network Y State Y Class (for a Client this means it sends Class from access-accepts in its accounting-requests Y Vendor-Specific Y Session-Timeout Y Idle-Timeout N Termination-Action Y Called-Station-Id Y Calling-Station-Id Y NAS-Identifier Y Proxy-State N Login-LAT-Service N Login-LAT-Node N Login-LAT-Group N Framed-AppleTalk-Link N Framed-AppleTalk-Network N Framed-AppleTalk-Zone Y CHAP-Challenge Y NAS-Port-Type Y Port-Limit N Login-LAT-Port __ Features supported: Y Identifier (in packet header) Y Request Authenticator Y Response Authenticator ? Challenge Response Y Supports PAP Y Supports CHAP ________________ Company: HappySize, Inc. Product Name: fullflex RADIUS server 1.2.0 (build 3333) __ Proxy supported: N Server can forward an access-request to another RADIUS server N Server can receive an access-accept, reject, or challenge and forward to a RADIUS client Y Server copies all Proxy-States from request to response when replying to request N Server strips its own Proxy-State from response before forwarding to client __Packet Types supported: Y Access-Request Y Access-Accept Y Access-Reject N Access-Challenge Y Accounting-Request Y Accounting-Response __ Attributes supported: Y User-Name Y User-Password up to 16 characters long Y User-Password up to 128 characters long (encrypted as described in RFC 2138) Y CHAP-Password Y NAS-IP-Address Y NAS-Port Y Service-Type Y Framed-Protocol Y Framed-IP-Address Y Framed-IP-Netmask Y Framed-Routing Y Filter-Id Y Framed-MTU Y Framed-Compression Y Login-IP-Host Y Login-Service Y Login-TCP-Port Y Reply-Message Y Callback-Number Y Callback-Id Y Framed-Route Y Framed-IPX-Network Y State Y Class (for a Client this means it sends Class from access-accepts in its accounting-requests Y Vendor-Specific Y Session-Timeout Y Idle-Timeout Y Termination-Action Y Called-Station-Id Y Calling-Station-Id Y NAS-Identifier Y Proxy-State Y Login-LAT-Service Y Login-LAT-Node Y Login-LAT-Group Y Framed-AppleTalk-Link Y Framed-AppleTalk-Network Y Framed-AppleTalk-Zone Y CHAP-Challenge Y NAS-Port-Type Y Port-Limit Y Login-LAT-Port __ Features supported: Y Identifier (in packet header) Y Request Authenticator Y Response Authenticator N Challenge Response Y Supports PAP Y Supports CHAP ________________ Company Name: IEA Software, Inc. Product Name: RadiusNT Enterprise Product Version: 2.5 __ Proxy supported: Y Server can forward an access-request to another RADIUS server Y Server can receive an access-accept, reject, or challenge and forward to a RADIUS client Y Server copies all Proxy-States from request to response when replying to request Y Server strips its own Proxy-State from response before forwarding to client __Packet Types supported: Y Access-Request Y Access-Accept Y Access-Reject Y Access-Challenge Y Accounting-Request Y Accounting-Response __ Attributes supported: Y User-Name Y User-Password up to 16 characters long Y User-Password up to 128 characters long (encrypted as described in RFC 2138) Y CHAP-Password Y NAS-IP-Address Y NAS-Port Y Service-Type Y Framed-Protocol Y Framed-IP-Address Y Framed-IP-Netmask Y Framed-Routing Y Filter-Id Y Framed-MTU Y Framed-Compression Y Login-IP-Host Y Login-Service Y Login-TCP-Port Y Reply-Message Y Callback-Number Y Callback-Id Y Framed-Route Y Framed-IPX-Network Y State Y Class (for a Client this means it sends Class from access-accepts in its accounting-requests Y Vendor-Specific Y Session-Timeout Y Idle-Timeout Y Termination-Action Y Called-Station-Id Y Calling-Station-Id Y NAS-Identifier Y Proxy-State Y Login-LAT-Service Y Login-LAT-Node Y Login-LAT-Group Y Framed-AppleTalk-Link Y Framed-AppleTalk-Network Y Framed-AppleTalk-Zone Y CHAP-Challenge Y NAS-Port-Type Y Port-Limit Y Login-LAT-Port __ Features supported: Y Identifier (in packet header) Y Request Authenticator Y Response Authenticator Y Challenge Response Y Supports PAP Y Supports CHAP ________________ Company name: Livingston Enterprises Product Name: PortMaster Product Version: 3.7 __ Proxy supported: (n/a) __Packet Types supported: Y Access-Request Y Access-Accept Y Access-Reject Y Access-Challenge Y Accounting-Request Y Accounting-Response __ Attributes supported: Y User-Name Y User-Password up to 16 characters long Y User-Password up to 128 characters long (encrypted as described in RFC 2138) Y CHAP-Password Y NAS-IP-Address Y NAS-Port Y Service-Type Y Framed-Protocol Y Framed-IP-Address Y Framed-IP-Netmask Y Framed-Routing Y Filter-Id Y Framed-MTU Y Framed-Compression Y Login-IP-Host Y Login-Service Y Login-TCP-Port Y Reply-Message Y Callback-Number Y Callback-Id Y Framed-Route Y Framed-IPX-Network Y State Y Class (for a Client this means it sends Class from access-accepts in its accounting-requests Y Vendor-Specific Y Session-Timeout Y Idle-Timeout Y Termination-Action Y Called-Station-Id Y Calling-Station-Id N NAS-Identifier N Proxy-State (n/a) N Login-LAT-Service N Login-LAT-Node N Login-LAT-Group N Framed-AppleTalk-Link N Framed-AppleTalk-Network N Framed-AppleTalk-Zone N CHAP-Challenge Y NAS-Port-Type Y Port-Limit N Login-LAT-Port __ Features supported: Y Identifier (in packet header) Y Request Authenticator Y Response Authenticator Y Challenge Response Y Supports PAP Y Supports CHAP ________________ Company name: Livingston Enterprises Product Name: RADIUS Server Product Version: 2.1 __ Proxy supported: Y Server can forward an access-request to another RADIUS server Y Server can receive an access-accept, reject, or challenge and forward to a RADIUS client Y Server copies all Proxy-States from request to response when replying to request Y Server strips its own Proxy-State from response before forwarding to client __Packet Types supported: Y Access-Request Y Access-Accept Y Access-Reject Y Access-Challenge Y Accounting-Request Y Accounting-Response __ Attributes supported: Y User-Name Y User-Password up to 16 characters long Y User-Password up to 128 characters long (encrypted as described in RFC 2138) Y CHAP-Password Y NAS-IP-Address Y NAS-Port Y Service-Type Y Framed-Protocol Y Framed-IP-Address Y Framed-IP-Netmask Y Framed-Routing Y Filter-Id Y Framed-MTU Y Framed-Compression Y Login-IP-Host Y Login-Service Y Login-TCP-Port Y Reply-Message Y Callback-Number Y Callback-Id Y Framed-Route Y Framed-IPX-Network Y State Y Class (for a Client this means it sends Class from access-accepts in its accounting-requests Y Vendor-Specific Y Session-Timeout Y Idle-Timeout Y Termination-Action Y Called-Station-Id Y Calling-Station-Id Y NAS-Identifier Y Proxy-State Y Login-LAT-Service Y Login-LAT-Node Y Login-LAT-Group Y Framed-AppleTalk-Link Y Framed-AppleTalk-Network Y Framed-AppleTalk-Zone Y CHAP-Challenge Y NAS-Port-Type Y Port-Limit Y Login-LAT-Port __ Features supported: Y Identifier (in packet header) Y Request Authenticator Y Response Authenticator Y Challenge Response Y Supports PAP Y Supports CHAP ________________ Company name: Merit Network, Inc. Product Name: Merit AAA Server Product Version: 3.6B __ Proxy supported: Y Server can forward an access-request to another RADIUS server Y Server can receive an access-accept, reject, or challenge and forward to a RADIUS client Y Server copies all Proxy-States from request to response when replying to request N Server strips its own Proxy-State from response before forwarding to client __Packet Types supported: Y Access-Request Y Access-Accept Y Access-Reject Y Access-Challenge Y Accounting-Request Y Accounting-Response __ Attributes supported: Y User-Name Y User-Password up to 16 characters long Y User-Password up to 128 characters long (encrypted as described in RFC 2138) Y CHAP-Password Y NAS-IP-Address Y NAS-Port Y Service-Type Y Framed-Protocol Y Framed-IP-Address Y Framed-IP-Netmask Y Framed-Routing Y Filter-Id Y Framed-MTU Y Framed-Compression Y Login-IP-Host Y Login-Service Y Login-TCP-Port Y Reply-Message Y Callback-Number Y Callback-Id Y Framed-Route Y Framed-IPX-Network Y State Y Class (for a Client this means it sends Class from access-accepts in its accounting-requests Y Vendor-Specific Y Session-Timeout Y Idle-Timeout Y Termination-Action Y Called-Station-Id Y Calling-Station-Id Y NAS-Identifier Y Proxy-State Y Login-LAT-Service Y Login-LAT-Node Y Login-LAT-Group Y Framed-AppleTalk-Link Y Framed-AppleTalk-Network Y Framed-AppleTalk-Zone Y CHAP-Challenge Y NAS-Port-Type Y Port-Limit Y Login-LAT-Port __ Features supported: Y Identifier (in packet header) Y Request Authenticator Y Response Authenticator Y Challenge Response Y Supports PAP Y Supports CHAP ________________ Company name: Microsoft Corporation Product Name: Internet Authentication Service Product Version: Windows NT4.0/Windows 2000 __ Proxy supported: Y Server can forward an access-request to another RADIUS server Y Server can receive an access-accept, reject, or challenge and forward to a RADIUS client Y Server copies all Proxy-States from request to response when replying to request Y Server strips its own Proxy-State from response before forwarding to client __Packet Types supported: Y Access-Request Y Access-Accept Y Access-Reject Y Access-Challenge Y Accounting-Request Y Accounting-Response __ Attributes supported: Y User-Name Y User-Password up to 16 characters long Y User-Password up to 128 characters long (encrypted as described in RFC 2138) Y CHAP-Password Y NAS-IP-Address Y NAS-Port Y Service-Type Y Framed-Protocol Y Framed-IP-Address Y Framed-IP-Netmask Y Framed-Routing Y Filter-Id Y Framed-MTU Y Framed-Compression Y Login-IP-Host Y Login-Service Y Login-TCP-Port Y Reply-Message Y Callback-Number Y Callback-Id Y Framed-Route Y Framed-IPX-Network Y State Y Class (for a Client this means it sends Class from access-accepts in its accounting-requests Y Vendor-Specific Y Session-Timeout Y Idle-Timeout Y Termination-Action Y Called-Station-Id Y Calling-Station-Id Y NAS-Identifier Y Proxy-State Y Login-LAT-Service Y Login-LAT-Node Y Login-LAT-Group Y Framed-AppleTalk-Link Y Framed-AppleTalk-Network Y Framed-AppleTalk-Zone Y CHAP-Challenge Y NAS-Port-Type Y Port-Limit Y Login-LAT-Port __ Features supported: Y Identifier (in packet header) Y Request Authenticator Y Response Authenticator Y Challenge Response Y Supports PAP Y Supports CHAP ________________ Company: Nortel Networks Product Name: Versalar 5399 & 8000 Remote Access Concentrator Product Version: R15 __ Proxy supported: N Server can forward an access-request to another RADIUS server N Server can receive an access-accept, reject, or challenge and forward to a RADIUS client N Server copies all Proxy-States from request to response when replying to request N Server strips its own Proxy-State from response before forwarding to client __Packet Types supported: Y Access-Request Y Access-Accept Y Access-Reject Y Access-Challenge Y Accounting-Request Y Accounting-Response __ Attributes supported: Y User-Name Y User-Password up to 16 characters long Y User-Password up to 128 characters long (encrypted as described in RFC 2138) Y CHAP-Password Y NAS-IP-Address Y NAS-Port Y Service-Type Y Framed-Protocol Y Framed-IP-Address Y Framed-IP-Netmask Y Framed-Routing Y Filter-Id Y Framed-MTU Y Framed-Compression Y Login-IP-Host Y Login-Service Y Login-TCP-Port Y Reply-Message Y Callback-Number Y Callback-Id Y Framed-Route Y Framed-IPX-Network Y State Y Class (for a Client this means it sends Class from access-accepts in its accounting-requests Y Vendor-Specific Y Session-Timeout Y Idle-Timeout Y Termination-Action Y Called-Station-Id Y Calling-Station-Id Y NAS-Identifier N Proxy-State Y Login-LAT-Service Y Login-LAT-Node N Login-LAT-Group N Framed-AppleTalk-Link N Framed-AppleTalk-Network N Framed-AppleTalk-Zone Y CHAP-Challenge Y NAS-Port-Type Y Port-Limit N Login-LAT-Port __ Features supported: Y Identifier (in packet header) Y Request Authenticator Y Response Authenticator Y Challenge Response Y Supports PAP Y Supports CHAP ________________ Company Name: Novell, Inc. Product Name: BorderManager Authentication Service __ Proxy supported: ? Server can forward an access-request to another RADIUS server ? Server can receive an access-accept, reject, or challenge and forward to a RADIUS client ? Server copies all Proxy-States from request to response when replying to request ? Server strips its own Proxy-State from response before forwarding to client __ Packet Types supported: Y Access-Request Y Access-Accept Y Access-Reject Y Access-Challenge Y Accounting-Request Y Accounting-Response __ Attributes supported: Y User-Name Y User-Password up to 16 characters long Y User-Password up to 128 characters long (encrypted as described in draft) Y CHAP-Password Y NAS-IP-Address Y NAS-Port Y Service-Type Y Framed-Protocol Y Framed-IP-Address Y Framed-IP-Netmask Y Framed-Routing Y Filter-Id Y Framed-MTU Y Framed-Compression Y Login-IP-Host Y Login-Service Y Login-TCP-Port Y Reply-Message Y Callback-Number Y Callback-Id Y Framed-Route Y Framed-IPX-Network Y State Y Class Y Vendor-Specific Y Session-Timeout Y Idle-Timeout Y Termination-Action Y Called-Station-Id Y Calling-Station-Id Y NAS-Identifier Y Proxy-State Y Login-LAT-Service Y Login-LAT-Node Y Login-LAT-Group Y Framed-AppleTalk-Link Y Framed-AppleTalk-Network Y Framed-AppleTalk-Zone Y CHAP-Challenge Y NAS-Port-Type Y Port-Limit Y Login-LAT-Port __ Features supported: Y Identifier (in packet header) Y Request Authenticator Y Response Authenticator Y Challenge Response Y Supports PAP Y Supports CHAP ________________________________________________________________________