



RADEXT Working Group                                          M. Grayson
Internet-Draft                                             Cisco Systems
Intended status: Informational                                J. Redmore
Expires: 29 August 2026                                        CableLabs
                                                        25 February 2026


 A syntax for the RADIUS Connect-Info attribute used in Wi-Fi networks
                      draft-grayson-connectinfo-07

Abstract

   This document describes a syntax for the Connect-Info attribute used
   with the RADIUS protocol, enabling RADIUS clients to provide RADIUS
   servers information pertaining to a user's connection with an IEEE
   802.11 wireless network.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on 29 August 2026.

Copyright Notice

   Copyright (c) 2026 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents (https://trustee.ietf.org/
   license-info) in effect on the date of publication of this document.
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.  Code Components
   extracted from this document must include Revised BSD License text as
   described in Section 4.e of the Trust Legal Provisions and are
   provided without warranty as described in the Revised BSD License.




Grayson & Redmore        Expires 29 August 2026                 [Page 1]

Internet-Draft                Connect-Info                 February 2026


Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Requirements Language . . . . . . . . . . . . . . . . . .   4
     1.2.  Terminology . . . . . . . . . . . . . . . . . . . . . . .   4
   2.  Types of Connect-Info Metrics . . . . . . . . . . . . . . . .   4
   3.  ABNF syntax for Connect-Info  . . . . . . . . . . . . . . . .   5
   4.  Encoding Recommendations  . . . . . . . . . . . . . . . . . .   8
     4.1.  Access-Request  . . . . . . . . . . . . . . . . . . . . .   8
     4.2.  Accounting-Request  . . . . . . . . . . . . . . . . . . .   9
   5.  Implementations . . . . . . . . . . . . . . . . . . . . . . .   9
   6.  Security Considerations . . . . . . . . . . . . . . . . . . .  10
   7.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  10
   8.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  10
     8.1.  Normative References  . . . . . . . . . . . . . . . . . .  10
     8.2.  Informative References  . . . . . . . . . . . . . . . . .  10
   Changelog . . . . . . . . . . . . . . . . . . . . . . . . . . . .  11
   Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . . .  11
   Contributors  . . . . . . . . . . . . . . . . . . . . . . . . . .  11
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  12

1.  Introduction

   The Connect-Info attribute is defined in [RFC2869] to enable a
   Network Access Server (NAS) to indicate to a RADIUS server "the
   nature of the user's connection".  [RFC2869] includes the
   recommendation that:

      The connection speed SHOULD be included at the beginning of the
      first Connect-Info attribute in the packet.  If the transmit and
      receive connection speeds differ, they MAY both be included in the
      first attribute with the transmit speed first (the speed the NAS
      modem transmits at), a slash (/), the receive speed, then
      optionally other information.

   The Connect-Info attribute can be sent in both Access-Request and
   Accounting-Request messages, as shown in Figure 1.

   +--------------------------------------------------------------+
   | Attribute | Request | Accept | Reject | Challenge | Acct-Req |
   +--------------------------------------------------------------+
   | Connect-  |   0-1   |   0    |   0    |     0     |    0+    |
   | Info (77) |         |        |        |           |          |
   +--------------------------------------------------------------+

   Figure 1: RFC2869 defined occurrence rules for Connect-Info attribute





Grayson & Redmore        Expires 29 August 2026                 [Page 2]

Internet-Draft                Connect-Info                 February 2026


   Many NAS implementations have implemented the Connect-Info attribute.
   Wi-Fi vendors supporting the Connect-Info attribute start the text
   field with "CONNECT" that is followed by a floating point value
   representing the maximum connection speed in Mbps.  Implementations
   follow this with text information about the IEEE 802.11 amendment
   supported, as illustrated in Figure 2.

   Connect-Info = "CONNECT 11.00 Mbps 802.11b"

             Figure 2: Example #1 Wi-Fi Connect-Info attribute

   Other implementations have extended this baseline to signal
   additional information to the RADIUS server using a slash (/)
   delimiter, as illustrated in Figure 3.

   Connect-Info = "CONNECT 54.00 Mbps / 802.11n / RSSI: 53 / Channel: 1"

             Figure 3: Example #2 Wi-Fi Connect-Info attribute

   There are use-cases that benefit from being able to share Wi-Fi
   network connection metrics between a NAS and a server, including
   where the NAS is operated by a Wi-Fi Access Network Provider (ANP)
   and the server is operated by an Identity Provider (IDP).  Reception
   of the Connect-Info attribute by a RADIUS server is intended to be
   used to assist the IDP in making authorization decisions.

   The rest of this document describes a syntax for the Connect-Info
   attribute that is simultaneously able to support existing vendor
   implementations as illustrated in Figure 2 and Figure 3, while being
   enhanced with additional optional information to support new use-
   cases and requirements.

   The techniques by which a server uses the information encoded in the
   Connect-Info attribute to assist in making authorization decisions
   are not defined in this document.  Some servers MAY define the use a
   threshold for one or more parameters received in an access-request,
   other systems MAY use historical Connect-Info records from previously
   authenticated sessions, including those in the accounting-request
   messages received from the same NAS, still other systems MAY decide
   to algorithmically combine the parameters into a new metric used when
   making authorization decisions.










Grayson & Redmore        Expires 29 August 2026                 [Page 3]

Internet-Draft                Connect-Info                 February 2026


   The examples in Figure 2 and Figure 3 together with the
   recommendation in [RFC2869] are representations of complex data
   types, as described in section 3.2.3 of [RFC6158].  Whereas section
   3.2.4 of [RFC6158] discourages the use complex data types where
   viable alternatives are available, it is argued that the present
   document does not introduce a new complex data type, rather extends
   the syntax widely used in existing implementations of the Connect-
   Info attribute that currently encode a complex data type.

1.1.  Requirements Language

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in BCP
   14 [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here.

1.2.  Terminology

   Access Network Provider (ANP):

      A Wi-Fi operator that has configured its Wi-Fi equipment to
      support inbound roaming of users.

   Identity Provider (IDP):

      An entity that authenticates end-user Wi-Fi devices onto ANP
      networks.

   Received Signal Strength Indicator (RSSI):

      A measurement of the power level that is received by an antenna
      from a wireless device.

2.  Types of Connect-Info Metrics

   The access network characteristics that can be shared between NAS and
   AAA include those that can be used to derive a quality metric of the
   performance of a Wi-Fi network.  These include characteristics
   associated with the IEEE 802.11 connection:

   *  transmit and receive bit rates,

   *  received signal strength indicator (RSSI),

   *  frame loss rate, and

   *  frame retry rate.



Grayson & Redmore        Expires 29 August 2026                 [Page 4]

Internet-Draft                Connect-Info                 February 2026


   While not uniquely associated with the IEEE 802.11 connection,
   Section 1 describes legacy implementations which include generic
   parameters concerning the configuration of the Wi-Fi network in the
   Connect-Info attribute.  These legacy parameters include:

   *  the Wi-Fi amendment [IEEE80211],

   *  the Wi-Fi channel number, and

   *  the maximum Wi-Fi transmit rate.

3.  ABNF syntax for Connect-Info

   The Augmented Backus-Naur form (ABNF) is a syntax for specifications
   defined in [RFC5234].  The proposed ABNF syntax for the text of the
   Connect-Info attribute used with Wi-Fi networks is shown below.  This
   syntax is intended to encompass current vendor implementations while
   supporting optional enhancements to support sharing of new
   parameters.

  ;---------------------------------------------------------------------
  ; Connect-Info RADIUS Attribute #77 Syntax for Wi-Fi networks
  ;---------------------------------------------------------------------

  connect-info-77   =  "CONNECT" [legacyAttributes]
                       *( DELIMITER keyValueAttribute )
                       [ DELIMITER legacyChannelNum ]
                       *( DELIMITER keyValueAttribute )

  ;---------------------------------------------------------------------
  ; Legacy attributes not linked to a specific connection
  ;---------------------------------------------------------------------

  legacyAttributes  =  1*SP MAXSPEED " Mbps" DELIMITER WIFIAMENDMENT
              ; indication of max achievable data rate together with
              ; Wi-Fi 802.11 amendment information

  legacyChannelNum  = "Channel:" *SP CHANNUM
              ; The 802.11 channel number
              ; Note - with the introduction of Wi-Fi operation in
              ; 6 GHz, the Channel Number no longer uniquely identifies
              ;  the band of operation

  ;---------------------------------------------------------------------
  ; keyValueAttributes - attributes linked to a specific connection;
  ;---------------------------------------------------------------------

  keyValueAttribute =  "RSSI:" *SP SS ["(" AGGR ")"]



Grayson & Redmore        Expires 29 August 2026                 [Page 5]

Internet-Draft                Connect-Info                 February 2026


              ; The value of Station RSSI in dBm and optionally the
              ; aggregation technique use for reporting multiple values

  keyValueAttribute =/ "TxBitRate:" *SP RATE ["(" AGGR ")"]
              ; The AP to device transmission rate in Mbps and
              ; optionally the aggregation technique use for
              ; reporting multiple values

  keyValueAttribute =/ "RxBitRate:" *SP RATE ["(" AGGR ")"]
              ; The device to AP transmission rate in Mbps and
              ; optionally the aggregation technique use for
              ; reporting multiple values

  keyValueAttribute =/ "FrameLoss:" *SP PCT ["(" AGGR ")"]
              ; The AP to device 802.11 frame loss rate experienced,
              ; encoded as an integer percentage and optionally the
              ; aggregation technique use for reporting multiple values

  keyValueAttribute =/ "FrameRetry:" *SP PCT ["(" AGGR ")"]
              ; The AP to device 802.11 frame retry rate experienced,
              ; encoded as an integer percentage and optionally the
              ; aggregation technique use for reporting multiple values

  ;---------------------------------------------------------------------
  ; keyValueAttributes - extensibility syntax.
  ;
  ; This syntax enables the syntax to be extended in the future.
  ;---------------------------------------------------------------------

  keyValueAttribute =/ 1*NO-DELIM-COLON ":"  *SP 1*NO-DELIM-COLON
              ; Syntax permitting extensibility

  ;---------------------------------------------------------------------
  ; Definitions for legacy attributes
  ;---------------------------------------------------------------------

  MAXSPEED         =  (DIGIT / (NZDIGIT DIGIT) / (NZDIGIT DIGIT DIGIT) /
                      (NZDIGIT DIGIT DIGIT DIGIT) /
                      (NZDIGIT DIGIT DIGIT DIGIT DIGIT)) "." DIGIT DIGIT
              ; Maximum AP to Device speed in Mbps, (0.00 - 99999.99),
              ; calculated as:
              ; SC * MD * CR * SS / (SYM + GD)
              ; where:
              ; SC  = Number of Data Sub-Carriers
              ; CR  = Coding Rate, e.g., 0.5 (BPSK),
              ;       0.75 (256QAM)
              ; MD  = Modulation rate (1-8),
              ;       where 2^MD = num mod'n states



Grayson & Redmore        Expires 29 August 2026                 [Page 6]

Internet-Draft                Connect-Info                 February 2026


              ; SS  = number of spatial streams
              ; SYM = symbol interval (micro-seconds)
              ; GD  = guard interval (micro-seconds)

  WIFIAMENDMENT    =  "802.11" AMENDMENT

  AMENDMENT        =  "b" / "g" / "a" / "n" / "ac" / "ax" / "be"
              ; the original 802.11 amendment

  CHANNUM          =  NZDIGIT / (NZDIGIT DIGIT) / ("1" DIGIT DIGIT) /
                      ("2" U4DIGIT DIGIT)
              ; Encoding for Channel Numbers (1 - 249)

  ;---------------------------------------------------------------------
  ; Definitions for connection orientated attributes
  ;---------------------------------------------------------------------

  SS               =  ["-"](DIGIT / (NZDIGIT DIGIT) / ("1" DIGIT DIGIT))
              ; Value of Received Signal Strength when expressed in dBm
              ; To accommodate different legacy implementations, both 41
              ; and -41 represent  -41 dBm

  RATE             =  (DIGIT / (NZDIGIT DIGIT) / (NZDIGIT DIGIT DIGIT) /
                      (NZDIGIT DIGIT DIGIT DIGIT)) ["." DIGIT]
              ; A transmit or receive rate in Mbps

  PCT              =  DIGIT / (NZDIGIT DIGIT) / "100"
              ; Percentage (0 - 100)

  AGGR             =  ALGO SP WINDOW

  ALGO             =  "MIN" / "MAX" / ("AVG" ["-" VARIANT] )/ "ACC"
              ; The algorithm used for combining multiple values:
              ; MIN = minimum value over window
              ; MAX = maximum value over window
              ; AVG = average value over window
              ; ACC = accumulated ratio over window, corresponding to
              ; ( num[N] - num[1]) / ( denom[N] - denom[1] )
              ; and where ACC only applies to loss and retry rates

  VARIANT          =  "LIN" / "EXP"
              ; LIN = linear (arithmetic) calculation
              ; EXP = exponential weighted calculation

  WINDOW           =  (DIGIT / (NZDIGIT DIGIT) / (NZDIGIT DIGIT DIGIT))
                      TIMEUNIT
              ; The time window over which the aggregation algorithm
              ; operates, measured in units of TIMEUNIT



Grayson & Redmore        Expires 29 August 2026                 [Page 7]

Internet-Draft                Connect-Info                 February 2026


  TIMEUNIT         =  "S" / "M"
              ; S = units of seconds, M = units of minutes

  DELIMITER        =  SLASH / 1*SP
              ; existing vendor delimiters

  NO-DELIM-COLON   = %x21-2e / %x30-39 / %x3b-7e
              ; any characters excluding delimiters - space (0x20) and
              ; slash (0x2f) - as well as colon (0x3a)

  SP               =  %x20
  SLASH            =  *SP %x2F *SP

  DIGIT            =  %x30-39 ; 0-9
  NZDIGIT          =  %x31-39 ; 1-9
  U4DIGIT          =  %x30-34 ; 0-4 (up to 4)

    Figure 4: ABNF definition for encoding of Connect-Info text field

4.  Encoding Recommendations

   The Connect-Info attribute value is limited to 253 bytes.  Example
   encodings using the ABNF definition are illustrated in Figure 5 and
   Figure 6, indicating that the metrics can be signaled while keeping
   the attribute size below 253 bytes.

4.1.  Access-Request

   The inclusion of the above parameters in a Connect-Info attribute
   signalled in a RADIUS Access-Request message is restricted by the
   number of IEEE 802.11 frames over which the calculation are based.
   In such cases, the transmit bit rates, receive bit rates and RSSI
   level MAY correspond to the instantaneous value of the specific
   parameter.

   Connect-Info = "CONNECT 54.00 Mbps / 802.11n / Channel: 1 / RSSI: 53"

   Connect-Info = "CONNECT 400.00 Mbps 802.11ac Channel:44 RSSI:50"

   Connect-Info = "CONNECT RSSI:56 TxBitRate:150.0 RxBitRate:150.0"

   Connect-Info = "CONNECT 400.00 Mbps 802.11ac RSSI:56 TxBitRate:150.0
                   RxBitRate:150.0"

      Figure 5: Example encodings of Connect-Info attribute in RADIUS
                           Access-Request message





Grayson & Redmore        Expires 29 August 2026                 [Page 8]

Internet-Draft                Connect-Info                 February 2026


4.2.  Accounting-Request

   The inclusion of the Connect-Info attribute signalled in a RADIUS
   Accounting-Request with Acct-Status-Type set to Start, is restricted
   by the number of IEEE 802.11 frames over which the calculation are
   based.  In such cases, the transmit bit rates, receive bit rates and
   RSSI level MAY correspond to the instantaneous value of the specific
   parameter.  In other cases where the Connect-Info attribute is
   signalled in RADIUS Accounting-Request messages with Acct-Status-Type
   set to Interim-Update or Stop, the NAS SHOULD use multiple
   measurements when calculating the reported value:

   *  the reported transmit and receive bit rates SHOULD represent the
      maximum values experienced since the last time the connect-info
      was signalled, i.e. the "ALGO" term SHOULD be set to "MAX".

   *  the received signal strength indicator (RSSI) SHOULD represent the
      average RSSI value, where the average value calculated MAY be
      either a linear average or an exponential weighted average, i.e.
      the "ALGO" term SHOULD be set to "AVG".

   *  frame loss rate and frame retry rate SHOULD represent the
      accumulated ratio, i.e. the "ALGO" term SHOULD be set to "ACC".

   Connect-Info = "CONNECT RSSI:56(AVG-LIN 10M) TxBitRate:150.0(MAX 10M)
                   RxBitRate:150.0(MAX 10M)"

   Connect-Info = "CONNECT 400.00 Mbps 802.11ac RSSI:56(AVG-LIN 600S)
                   TxBitRate:150.0(MAX 600S) RxBitRate:150.0(MAX 600S)
                   FrameLoss:3(ACC 60S) FrameRetry:6(ACC 60S)"

   Connect-Info = "CONNECT TxBitRate:150.0(MAX 30S)
                   RxBitRate:120.5(MAX 30S) RSSI:-65(AVG-LIN 30S)
                   FrameLoss:2(ACC 30S) FrameRetry:4(ACC 30S)"

      Figure 6: Example encodings of Connect-Info attribute in RADIUS
                        Accounting- Request message

5.  Implementations

   In July 2024, a proof of concept was built using modified hostapd
   code (https://w1.fi/) that is able to populate the connect-info
   attributes according to the syntax defined above.  In December 2024,
   Helium Network (www.helium.com) upgraded their deployment of 17,000
   OpenWi-Fi/OpenWRT Wi-Fi Access points to support the enhanced
   connect-info attribute.





Grayson & Redmore        Expires 29 August 2026                 [Page 9]

Internet-Draft                Connect-Info                 February 2026


6.  Security Considerations

   This document describes a syntax that enables a RADIUS client to
   provide a RADIUS server information pertaining to the operation of an
   IEEE 802.11 wireless network.  The terms agreed between the operator
   of the RADIUS client and the operator of the RADIUS server SHOULD
   include restrictions on the use of such non-personal information by
   the operator of the RADIUS server, for example limiting the use of
   such information to making RADIUS server authorization decisions and
   prohibiting a RADIUS server from disclosing information signalled in
   the Connect-Info attribute to any third-party.

7.  IANA Considerations

   This document has no IANA Actions.

8.  References

8.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <https://www.rfc-editor.org/rfc/rfc2119>.

   [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
              2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
              May 2017, <https://www.rfc-editor.org/rfc/rfc8174>.

8.2.  Informative References

   [IEEE80211]
              IEEE, "Wireless LAN Medium Access Control (MAC) and
              Physical Layer (PHY) Specifications", n.d.,
              <https://standards.ieee.org/ieee/802.11/5536/>.

   [RFC2869]  Rigney, C., Willats, W., and P. Calhoun, "RADIUS
              Extensions", RFC 2869, DOI 10.17487/RFC2869, June 2000,
              <https://www.rfc-editor.org/rfc/rfc2869>.

   [RFC5234]  Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax
              Specifications: ABNF", STD 68, RFC 5234,
              DOI 10.17487/RFC5234, January 2008,
              <https://www.rfc-editor.org/rfc/rfc5234>.

   [RFC6158]  DeKok, A., Ed. and G. Weber, "RADIUS Design Guidelines",
              BCP 158, RFC 6158, DOI 10.17487/RFC6158, March 2011,
              <https://www.rfc-editor.org/rfc/rfc6158>.



Grayson & Redmore        Expires 29 August 2026                [Page 10]

Internet-Draft                Connect-Info                 February 2026


Changelog

   *  01 - Added extensibility to ABNF and corrected syntax.  Added
      security considerations section.  Added note on TxBitRate/
      RxBitRate when included in Accounting-Request type Stop.

   *  02 - Corrected ABNF syntax definition of RATE.

   *  03 - Following RADEXT recommendation, switched to independent
      submission.  Updated ABNF to ease parsing of key/value pairs.

   *  04 - Updated ABNF i) switching from band to global operating
      class, ii) added Wi-Fi Alliance generational name support as an
      alternative to 802.11 amendment designator, iii) permit legacy
      absolute and signed representations of signal strength, and iv)
      added WAN-RTT attribute

   *  05 - Following RADEXT recommendation, switched back to IETF
      submission.  Added clarifications that information is shared to
      enable a RADIUS server to make improved authorization decisions.
      Added text about aligning with legacy implementations that do not
      adhere to RFC6158.

   *  06 - Following RADEXT feedback at IETF 124, removed non-connection
      orientated key-value pairs from the syntax definition.

   *  07 - Updated the ABNF following feedback from Iegor Sergieienkov.

Acknowledgements

   The authors would like to thank all the members of the WBA's Access
   Network Metrics project team, as well as Iegor Sergieienkov, who have
   helped review and refine the Connect-Info syntax.

Contributors

   Sri Gundavelli
   Cisco Systems
   170 West Tasman Drive
   San Jose,  95134
   United States of America
   Email: sgundave@cisco.com









Grayson & Redmore        Expires 29 August 2026                [Page 11]

Internet-Draft                Connect-Info                 February 2026


   Bruno Tomas
   Wireless Broadband Alliance
   5000 Executive Parkway, Suite 302
   San Ramon,  94583
   United States of America
   Email: bruno@wballiance.com


   Michael Sym
   Single Digits
   4 Bedford Farms Drive, Suite 210
   Bedford,  1608
   United States of America
   Email: msym@singledigits.com


   Blair Bullock
   Boldyn Networks
   Pleasanton,
   United States of America
   Email: blair.bullock@boldyn.com


   Joey Padden
   Helium
   Boulder,
   United States of America
   Email: jpadden@helium.com


Authors' Addresses

   Mark Grayson
   Cisco Systems
   10 New Square Park
   Feltham
   TW14 8HA
   United Kingdom
   Email: mgrayson@cisco.com


   Joshua Redmore
   CableLabs
   858 Coal Creek Cr.
   Louisville,  80027
   United States of America
   Email: j.redmore@cablelabs.com




Grayson & Redmore        Expires 29 August 2026                [Page 12]
