2.2.1.13 MS-AFW-Protection-Level
MS-AFW-Protection-Level is a VSA, as specified in section 2.2.1. It is used as a hint for dynamic selection of a preconfigured IPsec policy by the endpoint requesting access.
The fields of MS-AFW-Protection-Level MUST be set as follows:
Vendor-Type: An 8-bit unsigned integer that MUST be set to 0x31.
Vendor-Length: An 8-bit unsigned integer that MUST be set to 6.
Attribute-Specific Value: A 32-bit unsigned integer in network byte order that MUST indicate the protection level that the RADIUS server authorizes for the endpoint. It MUST be set to one of the following values.
|
Value |
Meaning |
|---|---|
|
0x00000001 |
Indicates that the certificate payload specified in the [MS-HCEP] response can be used for signing data. |
|
0x00000002 |
Indicates that the certificate payload in the HCEP response can be used for signing and encrypting data. |
For more information about MS-AFW-Protection-Level, see sections 3.2.5.2.7 and 3.3.5.2.7.