AAA Termination Causes and Code Values
When a AAA event terminates a subscriber or service session, causing a RADIUS Acct-Stop message to be issued, the RADIUS Acct-Terminate-Cause attribute (49) reports the cause or reason for the termination. This attribute is included only in RADIUS Acct-Stop messages. The termination cause is conveyed as a code value in the attribute. RFC 2866, RADIUS Accounting, defines the standard mapping between 18 code values and termination causes.
Junos OS defines a set of internal termination cause codes that are mapped to the RFC-defined code values. When a subscriber or service session is terminated, the router logs a message for the internal termination cause and logs another message for the RADIUS Acct-Terminate-Cause attribute. You can use the logged information to help monitor and troubleshoot terminated sessions.
Table 1 lists the default mapping between the internal identifier for AAA termination causes and the code values that represent them in the RADIUS Acct-Terminate-Cause attribute (49).
You can remap the internal identifiers to a custom code value in the range 1 through 4,294,967,295 by using the terminate-code statement at the [edit access] hierarchy level. You can view the current mapping by issuing the show network-access terminate-code aaa detail command.
Table 1: Default Mapping Between AAA Termination Causes and Code Values
RADIUS Acct-Terminate-Cause Attribute
Subscriber access denied due to authentication failure.
Subscriber access denied for reasons such as no RADIUS server exists.
Subscriber access denied because the BNG retried the Access-Request to the authentication server for the configured number of retries without receiving a response.
Service session termination initiated by deactivation of a family (network), typically triggered by termination of the corresponding Layer 3 access protocol.
Service session termination initiated by an external authority, such as a CoA service deactivation.
Inherited from the parent subscriber session.
Overrides the default value.
This code is displayed only when you map it to a custom value.
Service session termination initiated because the service time limit was reached.
Service session termination initiated because the service traffic volume limit was reached.
Session has been terminated by a local CLI command (such as the dhcp clear binding command [I do not know the exact syntax])
Session has been idle for a period equal to or longer than the configured timeout value. This value is set with the CLI or by RADIUS attribute.
Session is terminated to allow a second session to replace the terminated session. This occurs only when both sessions are allocated the same static IP address by means of the RADIUS Framed-IP-Address attribute (8). This behavior enables a customer to reconnect with a new session after dropping off the original session, even though the original session is still up.
Session has been terminated by a remote service, such as a RADIUS Disconnect-Request or Diameter Abort-Session-Request messages.
Session has been active for a period equal to or longer than the configured timeout value. This value is set with the CLI or by RADIUS attribute.