| Internet-Draft | Connect-Info | February 2026 |
| Grayson & Redmore | Expires 6 August 2026 | [Page] |
This document describes a syntax for the Connect-Info attribute used with the RADIUS protocol, enabling RADIUS clients to provide RADIUS servers information pertaining to a user's connection with an IEEE 802.11 wireless network.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 6 August 2026.¶
Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
The Connect-Info attribute is defined in [RFC2869] to enable a Network Access Server (NAS) to indicate to a RADIUS server "the nature of the user's connection". [RFC2869] includes the recommendation that:¶
The connection speed SHOULD be included at the beginning of the first Connect-Info attribute in the packet. If the transmit and receive connection speeds differ, they MAY both be included in the first attribute with the transmit speed first (the speed the NAS modem transmits at), a slash (/), the receive speed, then optionally other information.¶
but where the definition of "speed" is not defined in [RFC2869].¶
The Connect-Info attribute can be sent in both Access-Request and Accounting-Request messages, as shown in Figure 1.¶
+--------------------------------------------------------------+ | Attribute | Request | Accept | Reject | Challenge | Acct-Req | +--------------------------------------------------------------+ | Connect- | 0-1 | 0 | 0 | 0 | 0+ | | Info (77) | | | | | | +--------------------------------------------------------------+
Many NAS implementations have implemented the Connect-Info attribute. Wi-Fi vendors supporting the Connect-Info attribute start the text field with "CONNECT" that is followed by a floating point value representing the maximum connection speed in Mbps. Implementations follow this with text information about the IEEE 802.11 amendment supported, as illustrated in Figure 2.¶
Connect-Info = "CONNECT 11.00 Mbps 802.11b"
Other implementations have extended this baseline to signal additional information to the RADIUS server using a slash (/) delimiter, as illustrated in Figure 3. Note, these examples together with the recommendation in [RFC2869] are illustrations of complex data types, as described in section 3.2.3 of [RFC6158].¶
Connect-Info = "CONNECT 54.00 Mbps / 802.11n / RSSI: 53 / Channel: 1"
There are use-cases that benefit from being able to share Wi-Fi network connection metrics between a NAS and a server, including where the NAS is operated by an Access Network Provider (ANP) and the server is operated by an Identity Provider (IDP). Reception of the Connect-Info attribute by a RADIUS server is intended to be used to assist the IDP in making authorization decisions.¶
The rest of this document describes a syntax for the Connect-Info attribute that is simultaneously able to support existing, complex data type, vendor implementations as illustrated in Figure 2 and Figure 3, while being enhanced with additional optional information to support new use-cases and requirements.¶
Whereas [RFC6158] discourages the introduction of new complex data types where viable alternatives exist, it is argued that the present document does not introduce a new complex data type, rather extends the syntax widely used in existing implementations of the Connect-Info attribute that currently encode a complex data type.¶
Note, the techniques by which a server uses the information encoded in the Connect-Info attribute to assist in making authorization decisions are not defined in this document. Some servers MAY define the use a threshold for one or more parameters received in an access-request, other systems MAY use historical Connect-Info records from previously authenticated sessions, including those in the accounting-request messages received from the same NAS, still other systems MAY decide to algorithmically combine the parameters into a new metric used when making authorization decisions.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
Access Network Provider (ANP):¶
A Wi-Fi operator that has configured its Wi-Fi equipment to support inbound roaming of users.¶
Identity Provider (IDP):¶
An entity that authenticates end-user Wi-Fi devices onto ANP networks.¶
Received Signal Strength Indicator (RSSI):¶
A measurement of the power level that is received by an antenna from a wireless device.¶
The access network characteristics that can be shared between NAS and AAA include those that can be used to derive a quality metric of the performance of a Wi-Fi network. These include characteristics associated with the IEEE 802.11 connection:¶
transmit and receive bit rates,¶
received signal strength indicator (RSSI),¶
frame loss rate, and¶
frame retry rate.¶
The inclusion of the above parameters in a Connect-Info attribute signalled in a RADIUS Access-Request message, or RADIUS Accounting-Request with Acct-Status-Type set to Start, is restricted by the number of IEEE 802.11 frames over which the calculation are based. In such cases, the transmit bit rates, receive bit rates and RSSI level MAY correspond to the instantaneous value of the specific parameter. In other cases, e.g., where the Connect-Info attribute is signalled in RADIUS Accounting-Request messages with Acct-Status-Type set to Interim-Update or Stop, the NAS SHOULD use multiple measurements when calculating the reported value:¶
the reported transmit and receive bit rates SHOULD represent the maximum values experienced since the last time the connect-info was signalled.¶
the received signal strength indicator (RSSI) SHOULD represent the average RSSI value, where the average value calculated MAY be either a linear average or an exponential weighted average.¶
frame loss rate and frame retry rate SHOULD represent the average rates, where the average value calculated MAY be either a linear average or an exponential weighted average.¶
While not uniquely associated with the IEEE 802.11 connection, Section 1 describes legacy implementations which include generic parameters concerning the configuration of the Wi-Fi network in the Connect-Info attribute. These legacy parameters include:¶
The Augmented Backus-Naur form (ABNF) is a syntax for specifications defined in [RFC5234]. The proposed ABNF syntax for the text of the Connect-Info attribute used with Wi-Fi networks is shown below. This syntax is intended to encompass current vendor implementations while supporting optional enhancements to support sharing of new parameters.¶
;---------------------------------------------------------------------
; Connect-Info RADIUS Attribute #77 Syntax for Wi-Fi networks
;---------------------------------------------------------------------
connect-info-77 = "CONNECT" [legacyAttributes]
*( DELIMITER keyValueAttribute )
;---------------------------------------------------------------------
; Legacy attributes not linked to a specific connection
;---------------------------------------------------------------------
legacyAttributes = 1*SP MAXSPEED " Mbps" DELIMITER
WIFIGEN [DELIMITER "Channel:" *SP CHANNUM]
; indication of max achievable
; data rate together with Wi-Fi
; 802.11 generation information
; and optional channel number
;---------------------------------------------------------------------
; keyValueAttributes - attributes linked to a specific connection;
;---------------------------------------------------------------------
keyValueAttribute = "RSSI:" *SP SS ["(" ALG ")"]
; The value of Station RSSI in
; dBm and optionally the
; algorithm used in calculating
; the average
keyValueAttribute =/ "TxBitRate:" *SP RATE
; The maximum TxRate used by the
; AP to send to the device in
; Mbps
keyValueAttribute =/ "RxBitRate:" *SP RATE
; The maximum RxRate used by the
; AP to send to the device in
; Mbps
keyValueAttribute =/ "FrameLoss:" *SP PCT ["(" ALG ")"]
; The downlink 802.11 frame loss
; rate experienced, encoded as
; an integer percentage and
; optionally the algorithm used
; in calculating the average
keyValueAttribute =/ "FrameRetry:" *SP PCT ["(" ALG ")"]
; The downlink 802.11 frame retry
; rate experienced, encoded as
; an integer percentage and
; optionally the algorithm used
; in calculating the average
;---------------------------------------------------------------------
; keyValueAttributes - extensibility syntax.
;
; This syntax enables the syntax to be extended in the future.
;---------------------------------------------------------------------
keyValueAttribute =/ 1*NO-DELIM-COLON ":" *SP 1*NO-DELIM-COLON
; Syntax permitting
; extensibility
;---------------------------------------------------------------------
; Definitions for legacy attributes
;---------------------------------------------------------------------
MAXSPEED = (DIGIT / (NZDIGIT DIGIT) / (NZDIGIT DIGIT DIGIT) /
(NZDIGIT DIGIT DIGIT DIGIT) /
(NZDIGIT DIGIT DIGIT DIGIT DIGIT)) "." DIGIT DIGIT
; Maximum AP to Device speed in Mbps,
; (0.00 - 99999.99), calculated as:
; SC * MD * CR * SS / (SYM + GD)
; where:
; SC = Number of Data Sub-Carriers
; CR = Coding Rate, e.g., 0.5 (BPSK),
; 0.75 (256QAM)
; MD = Modulation rate (1-8),
; where 2^MD = num mod'n states
; SS = number of spatial streams
; SYM = symbol interval (micro-seconds)
; GD = guard interval (micro-seconds)
WIFIGEN = "802.11" AMENDMENT
AMENDMENT = "b" / "g" / "a" / "n" / "ac" / "ax" / "be"
; the original 802.11 amendment
CHANNUM = NZDIGIT / (NZDIGIT DIGIT) / ("1" DIGIT DIGIT) /
("2" U4DIGIT DIGIT)
; Encoding for Channel Numbers (1 - 249)
; Note - with the introduction of Wi-Fi operation
; in 6 GHz, the Channel Number no longer uniquely
; identifies the band of operation
;---------------------------------------------------------------------
; Definitions for connection orientated attributes
;---------------------------------------------------------------------
SS = ["-"] (DIGIT / (NZDIGIT DIGIT) / ("1" DIGIT DIGIT))
; Value of Received Signal Strength when expressed
; in dBm. To accommodate different legacy
; implementations, both 41 and -41 represent
; -41 dBm
RATE = (DIGIT / (NZDIGIT DIGIT) / (NZDIGIT DIGIT DIGIT) /
(NZDIGIT DIGIT DIGIT DIGIT)) ["." DIGIT]
; A transmit/receive rate in Mbps
PCT = DIGIT / (NZDIGIT DIGIT) / "100"
; Percentage (0 - 100)
ALG = "LIN" [ DURATION ]
; LIN indicates the averaging algorithm used
; is a linear average
ALG =/"EXP" [ WEIGHT ]
; EXP indicates the averaging algorithm used
; is an exponential moving average
DURATION = (DIGIT / (NZDIGIT DIGIT) / (NZDIGIT DIGIT DIGIT))
"S"
; The duration in seconds over which the
; averaging algorithm operates
WEIGHT = NZDIGIT
; where the exponential weighting is 2^WEIGHT
DELIMITER = SLASH / 1*SP
; existing vendor delimiters
NO-DELIM-COLON = %x21-2e / %x30-39 / %x3b-7e
; any characters excluding delimiters - space
; (0x20) and slash (0x2f) - as well as colon (0x3a)
SP = %x20
SLASH = *SP %x2F *SP
DIGIT = %x30-39 ; 0-9
NZDIGIT = %x31-39 ; 1-9
U4DIGIT = %x30-34 ; 0-4 (up to 4)
The Connect-Info attribute value is limited to 253 bytes. Example encodings using the ABNF definition are illustrated in Figure 5, indicating that the metrics can be signaled while keeping the attribute size below 253 bytes.¶
Connect-Info = "CONNECT 54.00 Mbps / 802.11n / Channel: 1 / RSSI: 53"
Connect-Info = "CONNECT 400.00 Mbps 802.11ac Channel:44 RSSI:50"
Connect-Info = "CONNECT RSSI:56(LIN600) TxBitRate:150.0 RxBitRate:150.0"
Connect-Info = "CONNECT 400.00 Mbps 802.11ac RSSI:56 TxBitRate:150.0
RxBitRate:150.0 FrameLoss:3(EXP) FrameRetry:6(EXP)"
In July 2024, a proof of concept was built using modified hostapd code (https://w1.fi/) that is able to populate the connect-info attributes according to the syntax defined above. In December 2024, Helium Network (www.helium.com) upgraded their deployment of 17,000 OpenWi-Fi/OpenWRT Wi-Fi Access points to support the enhanced connect-info attribute.¶
This document describes a syntax that enables a RADIUS client to provide a RADIUS server information pertaining to the operation of an IEEE 802.11 wireless network. The terms agreed between the operator of the RADIUS client and the operator of the RADIUS server SHOULD include restrictions on the use of such non-personal information by the operator of the RADIUS server, for example limiting the use of such information to making RADIUS server authorization decisions and prohibiting a RADIUS server from disclosing information signalled in the Connect-Info attribute to any third-party.¶
This document has no IANA Actions.¶
01 - Added extensibility to ABNF and corrected syntax. Added security considerations section. Added note on TxBitRate/RxBitRate when included in Accounting-Request type Stop.¶
02 - Corrected ABNF syntax definition of RATE.¶
03 - Switched to independent submission. Updated ABNF to ease parsing of key/value pairs.¶
04 - Updated ABNF i) switching from band to global operating class, ii) added Wi-Fi Alliance generational name support as an alternative to 802.11 amendment designator, iii) permit legacy absolute and signed representations of signal strength, and iv) added WAN-RTT attribute¶
05 - Added clarifications that information is shared to enable a RADIUS server to make improved authorization decisions. Switched back to IETF submission. Added text about aligning with legacy implementations that do not adhere to RFC6158.¶
06 - Following RADEXT feedback at IETF 124, removed non-connection orientated key-value pairs from the syntax definition.¶
The authors would like to thank all the members of the WBA's Access Network Metrics project team who have helped review and refine the Connect-Info syntax.¶