[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

RADIUS IETF Attributes Supported by the AAA Service Framework

Table 6 describes the RADIUS IETF attributes that the JUNOS AAA Service Framework supports.

Table 6: Supported RADIUS IETF Attributes

Attribute Number

Attribute Name

Description

1

User-Name
  • Name of user to be authenticated
  • Configurable username override

2

User-Password
  • Password of user to be authenticated by Password Authentication Protocol (PAP)
  • Configurable password override

4

NAS-IP-Address

IP address of the network access server (NAS) that is requesting authentication of the user

5

NAS-Port

Physical port number of the NAS that is authenticating the user

6

Service-Type

Type of service the user has requested or the type of service to be provided

8

Framed-IP-Address
  • IP address to be configured for the user
  • 0.0.0.0 or absence is interpreted as 255.255.255.254

9

Framed-IP-Netmask
  • IP network to be configured for the user when the user is a router to a network
  • Absence implies 255.255.255.255

11

Filter-ID
  • Name of the filter list for the user
  • Interpreted as input policy name

18

Reply-Message
  • Text that may be displayed to the user
  • Only the first instance of this attribute is used

22

Framed-Route

String that provides routing information to be configured for the user on the NAS; in the format:

<addr>[/<maskLen>] [<nexthop> [<cost>]] (tag <tagValue>] [distance <distValue>]

Note: The tag value is ignored when the Framed-Route attribute is used for configuring access routes.

25

Class

An arbitrary value that the NAS includes in all accounting packets for the user if supplied by the RADIUS server

27

Session-Timeout

Maximum number of consecutive seconds of service to be provided to the user before termination of the session

31

Calling-Station-ID

Indicates that the NAS can send the phone number from which the call originated

32

NAS-Identifier

Identifies the NAS originating the request

40

Acct-Status-Type

Indicates whether this Accounting-Request marks the beginning of the user service (Start), the end (Stop), or the interim (Interim-Update)

41

Acct-Delay-Time

Indicates how many seconds the client has been trying to send a particular record

42

Acct-Input-Octets

Indicates how many octets have been received from the port during the time this service has been provided

43

Acct-Output-Octets

Indicates how many octets have been sent to the port during the time this service has been provided

44

Acct-Session-ID

Unique accounting identifier that makes it easy to match start and stop records in a log file. The identifier can be in one of the following formats:

  • decimal—For example, 435264
  • description—In the generic format, jnpr interface-specifier:subscriber-session-id; For example, jnpr fastEthernet 3/2.6:1010101010101

45

Acct-Authentic

Indicates how the user was authenticated: whether by RADIUS, the NAS itself, or another remote authentication protocol

46

Acct-Session-Time

Indicates how long in seconds that the user has received service

47

Acct-Input-Packets

Indicates how many packets have been received from the port during the time this service has been provided to a framed user

48

Acct-Output-Packets

Indicates how many packets have been sent to the port in the course of delivering this service to a framed user

49

Acct-Terminate-Cause

Contains the reason the service (a PPP session) was terminated. The service can be terminated for the following reasons:

  • User Request (1)—User initiated the disconnect (log out)
  • Idle Timeout (4)—Idle timer has expired
  • Session Timeout (5)—Client reached the maximum continuous time allowed on the service or session
  • Admin Reset (6)—System administrator terminated the session
  • Port Error (8)—PVC failed; no hardware or no interface
  • NAS Error (9)—Negotiation failures, connection failures, or address lease expiration
  • NAS Request (10)—PPP challenge timeout, PPP request timeout, tunnel establishment failure, PPP bundle failure, IP address lease expiration, PPP keep-alive failure, Tunnel disconnect, or an unaccounted-for error

52

Acct-Input-Gigawords

Indicates how many times the Acct-Input-Octets counter has wrapped around 232 during the time this service has been provided. Can be present in Accounting-Request records only where the Acct-Status-Type is set to Stop or Interim-Update

53

Acct-Output-Gigawords

Indicates how many times the Acct-Output-Octets counter has wrapped around 232 in the course of delivering this service. Can be present in Accounting-Request records only where the Acct-Status-Type is set to Stop or Interim-Update

55

Event-Timestamp

Records the time that this event occurred on the NAS, in seconds, since January 1, 1970 00:00 UTC

61

NAS-Port-Type

Indicates the type of physical port the NAS is using to authenticate the user

85

Acct-Interim-Interval

Number of seconds between each interim accounting update for this session

87

NAS-Port-ID

Text string that identifies the physical interface of the NAS that is authenticating the user

88

Framed-Pool

Name of an assigned address pool to use to assign an address for the user

95

NAS-IPv6-Address

Address of the NAS that is requesting authentication of the user

96

Framed-Interface-ID

Interface identifier that is configured for the user

97

Framed-IPv6-Prefix

Prefix and corresponding route that is configured for the user

98

Login-IPv6-Host

System the user connects to when the Login-Service attribute is included

100

Framed-IPv6-Pool

Name of assigned pool used to assign an IPv6 prefix for the user

123

Delegated-IPv6-Prefix

Prefix that is delegated to the user
[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

[an error occurred while processing this directive]