Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

AAA Termination Causes and Code Values

 

When a AAA event terminates a subscriber or service session, causing a RADIUS Acct-Stop message to be issued, the RADIUS Acct-Terminate-Cause attribute (49) reports the cause or reason for the termination. This attribute is included only in RADIUS Acct-Stop messages. The termination cause is conveyed as a code value in the attribute. RFC 2866, RADIUS Accounting, defines the standard mapping between 18 code values and termination causes.

Junos OS defines a set of internal termination cause codes that are mapped to the RFC-defined code values. When a subscriber or service session is terminated, the router logs a message for the internal termination cause and logs another message for the RADIUS Acct-Terminate-Cause attribute. You can use the logged information to help monitor and troubleshoot terminated sessions.

Table 1 lists the default mapping between the internal identifier for AAA termination causes and the code values that represent them in the RADIUS Acct-Terminate-Cause attribute (49).

Note

You can remap the internal identifiers to a custom code value in the range 1 through 4,294,967,295 by using the terminate-code statement at the [edit access] hierarchy level. You can view the current mapping by issuing the show network-access terminate-code aaa detail command.

Table 1: Default Mapping Between AAA Termination Causes and Code Values

Internal AAA

Termination Cause

RADIUS Acct-Terminate-Cause Attribute

 

Code Value

RADIUS Termination Cause

deny-authentication-denied

17

Subscriber access denied due to authentication failure.

deny-no-resources

10

Subscriber access denied for reasons such as no RADIUS server exists.

deny-server-request-timeout

17

Subscriber access denied because the BNG retried the Access-Request to the authentication server for the configured number of retries without receiving a response.

service-shutdown-network-logout

6

Service session termination initiated by deactivation of a family (network), typically triggered by termination of the corresponding Layer 3 access protocol.

service-shutdown-remote-reset

10

Service session termination initiated by an external authority, such as a CoA service deactivation.

service-shutdown-subscriber-logout

Inherited from the parent subscriber session.

Overrides the default value.

This code is displayed only when you map it to a custom value.

service-shutdown-time-limit

5

Service session termination initiated because the service time limit was reached.

service-shutdown-volume-limit

10

Service session termination initiated because the service traffic volume limit was reached.

shutdown-administrative-reset

6

Admin Reset

shutdown-idle-timeout

4

Idle Timeout

shutdown-remote-reset

10

NAS Request

shutdown-session-timeout

5

Session Timeout