Configuring How RADIUS Attributes Are Used for Subscriber Access
You can specify the attributes RADIUS ignores in RADIUS
Access-Accept messages, and the attributes RADIUS excludes from specified
message types.
To configure the attributes RADIUS ignores
or excludes:
- Specify that you want to configure RADIUS.
- [edit access profile isp-bos-metro-fiber-basic]
- user@host# edit radius
- Specify that you want to configure how
RADIUS attributes are ignored or excluded.
- [edit access profile isp-bos-metro-fiber-basic radius]
- user@host# edit attributes
- Specify the attributes you want RADIUS
to ignore when the attributes are in Access-Accept messages. See Table 1 for the attributes you can
configure.
- [edit access profile isp-bos-metro-fiber-basic radius attributes]
- user@host# set ignore input-filter output-filter
- Configure RADIUS to exclude the specified
attribute from the specified RADIUS message type. See Table 2 for the attributes and message
type combinations you can configure.
- [edit access profile isp-bos-metro-fiber-basic radius attributes]
- user@host# set exclude input-filter output-filter
You use the ignore statement to configure the router
to ignore a particular attribute in RADIUS Access-Accept messages.
By default, the router processes the attributes received from the
external AAA server. Table 1 lists
the attributes supported in the ignore statement.
Table 1: Attributes That Can Be Ignored in RADIUS Accept-Accept Messages
CLI Entry
|
Attibute Name
|
Attribute Number
|
framed-ip-netmask
|
Framed-Ip-Netmask
|
RADIUS attribute 9
|
input-filter
|
Ingress-Policy-Name
|
Juniper VSA 26–10
|
logical-system:routing-instance
|
Virtual-Router
|
Juniper VSA 26–1
|
output-filter
|
Egress-Policy-Name
|
Juniper VSA 26–11
|
You use the exclude statement to configure the router
to exclude the specified attributes from the specified type of RADIUS
message. Not all attributes appear in all types of RADIUS messages—the
CLI indicates the RADIUS message type. By default, the router includes
the specified attributes in RADIUS Access-Request, Acct-On, Acct-Off,
Acct-Start, and Acct-Stop messages. Table 2 lists the attributes and message types supported in the exclude statement.
Table 2: Attributes That Can Be Excluded from RADIUS Messages
CLI Entry
|
Attibute Name
|
Attribute Number
|
Supported Message Type
|
accounting-authentic
|
Acct-Authentic
|
RADIUS attribute 45
|
Accounting-On
Accounting-Off
|
accounting-delay-time
|
Acct-Delay-Time
|
RADIUS attribute 41
|
Accounting-On
Accounting-Off
|
accounting-session-id
|
Acct-Session-Id
|
RADIUS attribute 44
|
Access-Request
Accounting-On
Accounting-Off
Accounting-Stop
|
accounting-terminate-cause
|
Acct-Terminate-Cause
|
RADIUS attribute 49
|
Accounting-Off
|
called-station-id
|
Called-Station-Id
|
RADIUS attribute 30
|
Access-Request
Accounting-Start
Accounting-Stop
|
calling-station-id
|
Calling-Station-Id
|
RADIUS attribute 31
|
Access-Request
Accounting-Start
Accounting-Stop
|
class
|
Class
|
RADIUS attribute 25
|
Accounting-Start
Accounting-Stop
|
dhcp-gi-address
|
DHCP-GI-Address
|
Juniper VSA 26–57
|
Access-Request
Accounting-Start
Accounting-Stop
|
dhcp-mac-address
|
DHCP-MAC-Address
|
Juniper VSA 26–56
|
Access-Request
Accounting-Start
Accounting-Stop
|
event-timestamp
|
Event-Timestamp
|
RADIUS attribute 55
|
Accounting-On
Accounting-Off
Accounting-Start
Accounting-Stop
|
framed-ip-address
|
Framed-IP-Address
|
RADIUS attribute 8
|
Accounting-Start
Accounting-Stop
|
framed-ip-netmask
|
Framed-IP-Netmask
|
RADIUS attribute 9
|
Accounting-Start
Accounting-Stop
|
input-filter
|
Ingress-Policy-Name
|
Juniper VSA 26–10
|
Accounting-Start
Accounting-Stop
|
input-gigapackets
|
Acct-Input-Gigapackets
|
Juniper VSA 26–42
|
Accounting-Stop
|
input-gigawords
|
Acct-Input-Gigawords
|
RADIUS attribute 52
|
Accounting-Stop
|
interface-description
|
Interface-Desc
|
Juniper VSA 26–53
|
Access-Request
Accounting-Start
Accounting-Stop
|
nas-identifier
|
NAS-Identifier
|
RADIUS attribute 32
|
Access-Request
Accounting-on
Accounting-off
Accounting-Start
Accounting-Stop
|
nas-port
|
NAS-Port
|
RADIUS attribute 5
|
Access-Request
Accounting-Start
Accounting-Stop
|
nas-port-id
|
NAS-Port_Id
|
RADIUS attribute 87
|
Access-Request
Accounting-Start
Accounting-Stop
|
nas-port-type
|
NAS-Port-Type
|
RADIUS attribute 61
|
Access-Request
Accounting-Start
Accounting-Stop
|
output-filter
|
Egress-Policy-Name
|
Juniper VSA 26–11
|
Accounting-Start
Accounting-Stop
|
ouput-gigapackets
|
Acct-Output-Gigapackets
|
Juniper VSA 26–43
|
Accounting-Stop
|
output-gigawords
|
Acct-Output-Gigawords
|
RADIUS attribute 53
|
Accounting-Stop
|
Published: 2009-07-16
