Extending Dictionary Files with E-Series Parameters
In addition to supporting standard RADIUS attributes, the E-series router supports E-series-specific attributes. These attributes must be introduced to the Merit AAA server. It is necessary to use the RADIUS attributes for both Merit AAA server-E-series router integration and Merit AAA server-E-series router-SDX integration.
The Merit AAA server package supplied by Juniper Networks is already customized for the SDX application and E-series routers. The extensions described below must be used only for Merit AAA servers that are not supplied by Juniper Networks.
In such a case, move to the configuration directory of the Merit AAA installation, and edit the dictionary file. Append the dictionary file by the E-series-specific attributes in the following way:
# Juniper Networks Inc.# E-series ExtensionsJuniper.attr Virtual-Router-Name 1 string (1, 0, 0)Juniper.attr Address-Pool-Name 2 string (1, 0, 0)Juniper.attr Local-Loopback 3 string (1, 0, 0)Juniper.attr Primary-DNS 4 ipaddr (1, 0, 0)Juniper.attr Secondary-DNS 5 ipaddr (1, 0, 0)Juniper.attr Primary-WINS 6 ipaddr (1, 0, 0)Juniper.attr Secondary-WINS 7 ipaddr (1, 0, 0)Juniper.attr Tunnel-Virtual-Router 8 string (1, 0, 0)Juniper.attr Tunnel-Password 9 string (1, 0, 0)Juniper.attr Ingress-Policy-Name 10 string (1, 0, 0)Juniper.attr Egress-Policy-Name 11 string (1, 0, 0)Juniper.attr Ingress-Statistics 12 integer (1, 0, 0)Juniper.attr Egress-Statistics 13 integer (1, 0, 0)Juniper.attr Atm-Service-Category 14 integer (1, 0, 0)Juniper.attr Atm-PCR 15 integer (1, 0, 0)Juniper.attr Atm-SCR 16 integer (1, 0, 0)Juniper.attr Atm-MBS 17 integer (1, 0, 0)Juniper.attr Cli-Initial-Access-Level 18 string (1, 0, 0)Juniper.attr Cli-Allow-All-VR-Access 19 integer (1, 0, 0)Juniper.attr Alternate-Cli-Access-Level 20 string (1, 0, 0)Juniper.attr Alternate-Cli-Vrouter-Name 21 string (1, 0, 0)Juniper.attr Sa-Validate 22 integer (1, 0, 0)Juniper.attr Igmp-Enable 23 integer (1, 0, 0)Juniper.attr Pppoe-Description 24 string (1, 0, 0)Juniper.attr Redirect-VR-Name 25 string (1, 0, 0)Juniper.attr Qos-Profile-Name 26 string (1, 0, 0)Juniper.attr Pppoe-Max-Sessions 27 integer (1, 0, 0)Juniper.attr Pppoe-Url 28 string (1, 0, 0)Juniper.attr Qos-Profile-Interface-Type 29 integer (1, 0, 0)Juniper.attr Tunnel-Nas-Port-Method 30 integer (1, 0, 0)Juniper.attr Service-Bundle 31 string (1, 0, 0)Juniper.attr Tunnel-Tos 32 integer (1, 0, 0)Juniper.attr Tunnel-Maximum-Sessions 33 integer (1, 0, 0)Juniper.attr Framed-Ip-Route-Tag 34 string (1, 0, 0)Juniper.attr Tunnel-Dialout-Number 35 string (1, 0, 0)Juniper.attr Ppp-Username 36 string (1, 0, 0)Juniper.attr Ppp-Password 37 string (1, 0, 0)Juniper.attr Ppp-Authenticate-Protocol 38 integer (1, 0, 0)Juniper.attr Tunnel-Minimum-Bps 39 integer (1, 0, 0)Juniper.attr Tunnel-Maximum-Bps 40 integer (1, 0, 0)Juniper.attr Tunnel-Bearer-Type 41 integer (1, 0, 0)Juniper.attr Input-Gigapkts 42 integer (1, 0, 0)Juniper.attr Output-Gigapkts 43 integer (1, 0, 0)Juniper.attr Tunnel-Interface-Id 44 string (1, 0, 0)Juniper.attr Ipv6-Virtual-Router 45 string (1, 0, 0)Juniper.attr Ipv6-Local-Interface 46 string (1, 0, 0)Juniper.attr Ipv6-Primary-DNS 47 string (1, 0, 0)Juniper.attr Ipv6-Secondary-DNS 48 string (1, 0, 0)Juniper.attr Sdx-Service-Name 49 string (1, 0, 0)Juniper.attr Sdx-Session-Volume-Quota 50 string (1, 0, 0)Juniper.attr Tunnel-Disconnect-Cause-Info 51 string (1, 0, 0)# Ingress-Statistics ValuesJuniper.value Ingress-Statistics False 0Juniper.value Ingress-Statistics True 1# Egress-Statistics ValuesJuniper.value Egress-Statistics False 0Juniper.value Egress-Statistics True 1# Atm-Service-Category ValuesJuniper.value Atm-Service-Category UBR 1Juniper.value Atm-Service-Category UBRPCR 2Juniper.value Atm-Service-Category nrtVBR 3Juniper.value Atm-Service-Category CBR 4# Cli-Allow-All-VR-Access ValuesJuniper.value Cli-Allow-All-VR-Access False 0Juniper.value Cli-Allow-All-VR-Access True 1# Sa-Validate ValuesJuniper.value Sa-Validate False 0Juniper.value Sa-Validate True 1# Igmp-Enable ValuesJuniper.value Igmp-Enable False 0Juniper.value Igmp-Enable True 1# Qos-Profile-Interface-Type ValuesJuniper.value Qos-Profile-Interface-Type IP 1Juniper.value Qos-Profile-Interface-Type ATM 2Juniper.value Qos-Profile-Interface-Type HDLC 3Juniper.value Qos-Profile-Interface-Type ETHERNET 4Juniper.value Qos-Profile-Interface-Type SERVER-PORT 5Juniper.value Qos-Profile-Interface-Type ATM-1483 6Juniper.value Qos-Profile-Interface-Type FRAME-RELAY 7Juniper.value Qos-Profile-Interface-Type MPLS-MINOR 8Juniper.value Qos-Profile-Interface-Type CBF 9Juniper.value Qos-Profile-Interface-Type IP-TUNNEL 10Juniper.value Qos-Profile-Interface-Type VLAN-SUB 11Juniper.value Qos-Profile-Interface-Type PPPOE-SUB 12# Tunnel-Nas-Port-Method ValuesJuniper.value Tunnel-Nas-Port-Method none 0Juniper.value Tunnel-Nas-Port-Method CISCO-CLID 1# Ppp-Authenticate-ProtocolJuniper.value Ppp-Authenticate-Protocol None 0Juniper.value Ppp-Authenticate-Protocol PAP 1Juniper.value Ppp-Authenticate-Protocol CHAP 2Juniper.value Ppp-Authenticate-Protocol PAP-CHAP 3Juniper.value Ppp-Authenticate-Protocol CHAP-PAP 4# Tunnel-Bearer-TypeJuniper.value Tunnel-Bearer-Type None 0Juniper.value Tunnel-Bearer-Type ANALOG 1Juniper.value Tunnel-Bearer-Type DIGITAL 2The next step defines the Juniper Networks E-series router as the network access server (NAS) to be recognized by the Merit AAA server. This involves the extension of the vendor file. The vendor file is located in /opt/UMC/radius/etc.
The vendor file contains a list of zero or more vendor entries. Each vendor entry contains a vendor name and a vendor number. Each entry optionally contains an interim way of mapping external (with respect to the RADIUS server) attribute numbers to internal (with respect to the RADIUS server) vendor-specific attributes. This optional mapping is used on RADIUS requests and responses. The following lines must be added, where every line starting with the character "#" indicates a comment:
# Juniper Networks Inc. extensions ERX-VSA.attr ERX-VSA.value 4874 Juniper