2.2.1.13 MS-AFW-Protection-Level

MS-AFW-Protection-Level is a VSA, as specified in section 2.2.1. It is used as a hint for dynamic selection of a preconfigured IPsec policy by the endpoint requesting access.

The fields of MS-AFW-Protection-Level MUST be set as follows:

Vendor-Type: An 8-bit unsigned integer that MUST be set to 0x31.

Vendor-Length: An 8-bit unsigned integer that MUST be set to 6.

Attribute-Specific Value: A 32-bit unsigned integer in network byte order that MUST indicate the protection level that the RADIUS server authorizes for the endpoint. It MUST be set to one of the following values.

Value

Meaning

0x00000001

Indicates that the certificate payload specified in the [MS-HCEP] response can be used for signing data.

0x00000002

Indicates that the certificate payload in the HCEP response can be used for signing and encrypting data.

For more information about MS-AFW-Protection-Level, see sections 3.2.5.2.7 and 3.3.5.2.7.