Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    AAA Access Messages During IPCP Negotiations for Dual-Stack Subscribers

    The Ipv4-release-control RADIUS VSA attribute [26-164] can be configured to be sent in the Access-Request and Interim-Acct messages. You can use the aaa ipv4 addr-saving command to configure this attribute to be sent in the access and accounting messages and enable the PPP application to inform the RADIUS server about the released IPv4 address for dual-stack subscribers, immediately after the address is released. The following sections describe the different scenarios during the negotiation of IPCP packets for IPv4 addresses, and the transmission of access messages between the router and the AAA server.

    Access-Request Messages When an IPv4 Address is Renegotiated

    During IPCP renegotiation of IPv4 addresses, the router always includes the following RADIUS attributes in the Access-Request messages sent to the RADIUS server:

    • [1] User-Name
    • [2] User-Password
    • [4] NAS-Ip-Address
    • [5] NAS-Port
    • [25] Class
    • [44] Acct-Session-Id
    • [87] NAS-Port-Id
    • [32] NAS-Identifier
    • [26-164] Ipv4-release-control

    The other attributes that are supported for this message are optional during renegotiations.

    Access-Accept Messages When an IPv4 Address is Assigned

    When the Access-Accept message is sent from the RADIUS server after the subscriber is successfully authenticated, during the initial session establishment, this message might or might not contain the Framed-Ip-Address [8] attribute.

    When an IPv4 address is delegated to the CPE during an IPCP negotiation, the following RADIUS attributes are always included in the Access-Accept messages:

    • [8] Framed-Ip-Address
    • [9] Framed-Ip-Netmask
    • [25] Class

    The following RADIUS attributes can be optionally included in the Access-Accept messages based on the user topology settings:

    • [242] Ascend-Data-Filter (always included if the policy is defined using this attribute for clients)
    • [26-4] Primary-DNS
    • [26-5] Secondary-DNS (included if the B-RAS user's DNS server is different from the previously stored entry during IPCP negotiation)

    The following RADIUS attributes are never included in the Access-Accept messages when this functionality to optimally utilize IPv4 addresses is configured:

    • [26-65] Activate-Service
    • [242] Ascend-Data-Filter
    • [26-66] Deactivate-Service
    • [26-58] LI-Action
    • [27] Session-Timeout
    • [28] Idle-Timeout
    • [97] Framed-Ipv6-Prefix
    • [123] Delegated-Ipv6-Prefix

    Published: 2014-08-13