AAA Termination Causes and Code Values
When a AAA event terminates a subscriber or service session, causing a RADIUS Acct-Stop message to be issued, the RADIUS Acct-Terminate-Cause attribute (49) reports the cause or reason for the termination. This attribute is included only in RADIUS Acct-Stop messages. The termination cause is conveyed as a code value in the attribute. RFC 2866, RADIUS Accounting, defines the standard mapping between 18 code values and termination causes.
Junos OS defines a set of internal termination cause codes that are mapped to the RFC-defined code values. When a subscriber or service session is terminated, the router logs a message for the internal termination cause and logs another message for the RADIUS Acct-Terminate-Cause attribute. You can use the logged information to help monitor and troubleshoot terminated sessions.
Table 1 lists the default mapping between the internal identifier for AAA termination causes and the code values that represent them in the RADIUS Acct-Terminate-Cause attribute (49).
You can remap the internal identifiers to a custom code value in the range 1 through 4,294,967,295 by using the terminate-code statement at the [edit access] hierarchy level. You can view the current mapping by issuing the show network-access terminate-code aaa detail command.
Table 1: Default Mapping Between AAA Termination Causes and Code Values
RADIUS Acct-Terminate-Cause Attribute
RADIUS Termination Cause
Subscriber access denied due to authentication failure.
Subscriber access denied for reasons such as no RADIUS server exists.
Subscriber access denied because the BNG retried the Access-Request to the authentication server for the configured number of retries without receiving a response.
Service session termination initiated by deactivation of a family (network), typically triggered by termination of the corresponding Layer 3 access protocol.
Service session termination initiated by an external authority, such as a CoA service deactivation.
Inherited from the parent subscriber session.
Overrides the default value.
This code is displayed only when you map it to a custom value.
Service session termination initiated because the service time limit was reached.
Service session termination initiated because the service traffic volume limit was reached.