| PANA, Protocol for Carrying Authentication for Network Access |
|
|
Description | Glossary | RFCs | Publications | Obsolete RFCs |
| Protocol suite: | TCP/IP. |
| Protocol type: | Application layer protocol. |
| Port: | 716 (UDP). |
| MIME subtype: | |
| SNMP MIBs: | |
| Working groups: | pana, Protocol for carrying Authentication for Network Access. |
| Links: |
| MAC header | IP header | UDP header | PANA header | Data ::: |
PANA header:
| 00 | 01 | 02 | 03 | 04 | 05 | 06 | 07 | 08 | 09 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| reserved | Message length | ||||||||||||||||||||||||||||||
| Flags | Message type | ||||||||||||||||||||||||||||||
| Session identifier | |||||||||||||||||||||||||||||||
| Sequence number | |||||||||||||||||||||||||||||||
| AVP [] ::: | |||||||||||||||||||||||||||||||
reserved.
16 bits.
Always cleared to zero.
MUST be ignored by the receiver.
Message length. 16 bits.
Size of the message header and data in bytes.
Flags. 16 bits.
| 00 | 01 | 02 | 03 | 04 | 05 | 06 | 07 | 08 | 09 | 10 | 11 | 12 | 13 | 14 | 15 |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| R | S | C | A | P | I | 0 | |||||||||
R, request. 1 bit.
If set, the message is a request. Otherwise, the message is an answer.S, start. 1 bit.
If set, the message is the first PANA-Auth-Request or PANA-Auth-Answer in authentication and authorization phase. Otherwise, this bit MUST be cleared.C, complete. 1 bit.
If set, the message is the last PANA-Auth-Request or PANA-Auth-Answer in authentication and authorization phase. Otherwise, this bit MUST be cleared.A, re-Authentication. 1 bit.
If set, the message is a PANA-Notification-Request or PANA-Notification-Answer to initiate re-authentication. Otherwise, this bit MUST be cleared.P, ping. 1 bit.
If set, the message is a PANA-Notification-Request or PANA-Notification-Answer for liveness test. Otherwise, this bit MUST be cleared.I, IP Reconfiguration. 1 bit.
If set, this bit indicates that the PaC is required to perform IP address reconfiguration after successful authentication and authorization phase to configure an IP address that is usable for exchanging data traffic across EP. This bit is set by the PAA only for PANA-Auth-Request messages in the authentication and authorization phase. Otherwise, this bit MUST be cleared.reserved. 10 bits.
Always cleared to zero. MUST be ignored by the receiver.
Message type. 16 bits.
Session identifier. 32 bits.
Sequence number. 32 bits.
PAA, PANA Authentication Agent.
(RFC 5192)
The protocol entity in the access network whose responsibility it is to verify the credentials provided by a PANA
client (PaC) and authorize network access to the access device.
The PAA and the EAP authenticator (and optionally the EAP server) are colocated in the same node.
PaC, PANA Client.
(RFC 5192)
The client side of the protocol that resides in the access device (e.g., laptop, PDA, etc.).
It is responsible for providing the credentials in order to prove its identity (authentication) for network access authorization.
The PaC and the EAP peer are co-located in the same access device.
RFCs:
[RFC 4016] Protocol for Carrying Authentication and Network Access (PANA) Threat Analysis and Security Requirements.
[RFC 4058] Protocol for Carrying Authentication for Network Access (PANA) Requirements.
[RFC 5191] Protocol for Carrying Authentication for Network Access (PANA).
[RFC 5192] DHCP Options for Protocol for Carrying Authentication for Network Access (PANA) Authentication Agents.
|
|
Description | Glossary | RFCs | Publications | Obsolete RFCs |