RADIUS and IPv6 (RFC3162)
Original Publication Date: 2001-Aug-01
Included in the Prior Art Database: 2019-Feb-13
Internet Society Requests For Comment (RFCs)
B. Aboba: AUTHOR [+2]
This document specifies the operation of RADIUS (Remote Authentication Dial In User Service) when run over IPv6 as well as the RADIUS attributes used to support IPv6 network access. [STANDARDS-TRACK]
Network Working Group B. Aboba Request for Comments: 3162 Microsoft Category: Standards Track G. Zorn Cisco Systems D. Mitton Circular Logic UnLtd. August 2001
RADIUS and IPv6
Status of this Memo
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
Copyright (C) The Internet Society (2001). All Rights Reserved.
This document specifies the operation of RADIUS (Remote Authentication Dial In User Service) when run over IPv6 as well as the RADIUS attributes used to support IPv6 network access.
This document specifies the operation of RADIUS - over IPv6  as well as the RADIUS attributes used to support IPv6 network access.
Note that a NAS sending a RADIUS Access-Request may not know a-priori whether the host will be using IPv4, IPv6, or both. For example, within PPP, IPv6CP  occurs after LCP, so that address assignment will not occur until after RADIUS authentication and authorization has completed.
Therefore it is presumed that the IPv6 attributes described in this document MAY be sent along with IPv4-related attributes within the same RADIUS message and that the NAS will decide which attributes to use. The NAS SHOULD only allocate addresses and prefixes that the client can actually use, however. For example, there is no need for
Aboba, et al. Standards Track [Page 1]
RFC 3162 RADIUS and IPv6 August 2001
the NAS to reserve use of an IPv4 address for a host that only supports IPv6; similarly, a host only using IPv4 or 6to4  does not require allocation of an IPv6 prefix.
The NAS can provide IPv6 access natively, or alternatively, via other methods such as IPv6 within IPv4 tunnels  or 6over4 . The choice of method for providing IPv6 access has no effect on RADIUS usage per se, although if it is desired that an IPv6 within IPv4 tunnel be opened to a particular location, then tunnel attributes should be utilized, as described in , .
1.1. Requirements language
In this document, the key words "MAY", "MUST, "MUST NOT", "optional", "recommended", "SHOULD", and "SHOULD NOT", are to be interpreted as described in .
This Attribute indicates the identifying IPv6 Address of the NAS which is requesting authentication of the user, and SHOULD be unique to the NAS within the scope of the RADIUS server. NAS- IPv6-Address is only used in Access-Request packets. NAS-IPv6- Address and/or NAS-IP-Address MAY be present in an Access-Request packet; however, if neither attribute is present then NAS- Identifier MUST be present.
A summary of the NAS-IPv6-Address Attribute format is shown below. The fields are transmitted from left to right.
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2...