CLI Commands Used to Modify RADIUS Attributes

This section discusses the RADIUS Internet Engineering Task Force (IETF) attributes and the Juniper Networks vendor-specific attributes that you can configure using CLI commands.

For many attributes, you can configure the router to include the attribute in RADIUS messages. For more information, see Including or Excluding Attributes in RADIUS Messages.

You can also configure the router to ignore many attributes that it receives in Access-Accept messages. For more information, see Ignoring Attributes When Receiving Access-Accept Messages.

For a complete list of RADIUS attributes supported by JUNOSe software, see RADIUS IETF Attributes.

RADIUS IETF Attributes

This section describes the RADIUS IETF attributes that you can configure using CLI commands. The attributes are listed numerically—each attribute is followed by a list of the commands that you can use to manage the attribute and descriptions of each command.

[4] NAS-IP-Address

Use the following commands to configure, manage, and display information for the NAS-IP-Address RADIUS attribute.

• radius override nas-ip-addr tunnel-client-endpoint
• radius override nas-info

radius override nas-ip-addr tunnel-client-endpoint

• Use to configure the RADIUS client (LNS) to use the tunnel-client-endpoint (LAC) IP address for the NAS-IP-Address attribute.
• See radius override nas-ip-addr tunnel-client-endpoint

• Example

  host1(config)#radius override nas-ip-addr tunnel-client-endpoint

• Use the no version to restore the default address.

radius override nas-info

• Use in the correct virtual router context to override standard use of NAS-IP-Address and NAS-Identifier attributes for AAA broadcast accounting; specifies that the attributes for the authentication virtual router be included in accounting packets instead of the attributes for the virtual router that generates the accounting information.
• Example

  host1(config)#virtual-router vrXyz1

  host1:vrXyz1(config)#radius override nas-info

• Use the no version to restore standard use of the NAS-IP-Address and NAS-Identifier attributes.
• See radius override nas-info

Related Topics

•  Monitoring Override Settings of RADIUS IETF Attributes

[5] NAS-Port

Use the following commands to manage and display information for the NAS-Port RADIUS attribute:

• radius include nas-port
• radius nas-port-format
• radius nas-port-format extended
• radius pppoe nas-port-format unique
• radius vlan nas-port-format stacked

radius include nas-port

• Use to include the NAS-Port attribute in Access-Request, Acct-Start, and Acct-Stop messages.
• You control inclusion of the attribute by enabling or disabling this command.
• Example

  host1(config)#radius include nas-port acct-start enable

• Use the no version to restore the default, enable.
• See radius include

radius nas-port-format

• Use to set the NAS-Port format attribute for ATM and Ethernet only to either 0ssssppp or ssss0ppp.
• The format is a 4-octet integer. The remaining bits are not changed (8 bits VPI and 16 bits VCI; or 12 bits S-VLAN and 12 bits VLAN).
• The s indicates a bit used to represent the slot; the p indicates a bit used to represent the port from which the authentication request originates.
• See radius nas-port-format

• Example: If the PPP user is received on a VC from the card in slot 7, port 2, then the bit pattern is either 00111010 (for 0ssssppp) or 01110010 (for ssss0ppp).

  host1(config)#radius nas-port-format Ossssppp

• Use the no version to restore the default.

radius nas-port-format extended atm

radius nas-port-format extended ethernet

• Use to set the NAS-Port format attribute for ATM, Gigabit Ethernet, and 10-Gigabit Ethernet interfaces on the E120 and E320 routers only.
• The format attribute set using the radius nas-port-format command does not accommodate the number of bits required by the ATM interface specifier (slot/adapter/port/vpi/vci) or the Gigabit Ethernet and 10-Gigabit Ethernet interface specifier [ slot/adapter/port ] [ .vlanSubinterface ]. Issuing this command enables you to encode the interface information in the attribute by specifying the number of bits available for each field in the interface specifier.

  Note: You must use this command with the extended keyword when you configure the NAS-Port format attribute on routers that have line modules that support more than seven physical ports.

• The default number of bits for each field in the interface specifier for ATM interfaces are:
  • Slot—5 bits
  • Adapter—0 bits
  • Port—3 bits
  • VPI—8 bits
  • VCI—16 bits
• The default number of bits for each field in the interface specifier for Gigabit Ethernet and 10-Gigabit Ethernet interfaces are:
  • Slot—5 bits
  • Adapter—0 bits
  • Port—3 bits
  • VLAN—12 bits
  • S-VLAN—12 bits
• To set valid S-VLAN widths on Gigabit Ethernet and 10-Gigabit Ethernet interfaces, you must include S-VLAN IDs in the NAS-Port attribute by issuing the radius vlan nas-port-format stacked command.
• The total number of bits for all fields cannot exceed 32. When the total number of bits is less than 32, the NAS-Port attribute is right-justified and the extra bits are set to 0. If you do not specify a value for a field, the number of bits is set to 0.
• See radius nas-port-format extended

• Example 1—Sets the field widths for ATM interfaces

  host1(config)#radius nas-port-format extended atm field-widths slot 4
  adapter 1 vpi 7 vpi 17

• Example 2—Sets the field widths for Gigabit Ethernet and 10-Gigabit Ethernet interfaces

  host1(config)#radius nas-port-format extended ethernet field-widths slot 4 adapter 1 port 3 vlan 12

• Use the no version to restore the default behavior of the radius nas-port-format command.

radius pppoe nas-port-format unique

• Use to set the NAS-Port attribute to a unique value for subscribers on PPPoE interface. This unique value is derived from the subscriber’s profileHandle.
• See radius pppoe nas-port-format unique

• Example

  host1(config)#radius pppoe nas-port-format unique

• Use the no version to return to the default, in which the value is determined by the interface.

radius vlan nas-port-format stacked

• Use to include the S-VLAN ID, in addition to the VLAN ID, in the NAS-Port attribute for subscribers on Ethernet interfaces.
• The VLAN ID is always included whether the S-VLAN ID inclusion feature is enabled or disabled.
• The radius pppoe nas-port-format unique command overrides this command.
• See radius vlan nas-port-format stacked

• Example

  host1(config)#radius vlan nas-port-format stacked

• Use the no version to return to the default, in which the S-VLAN ID is not included.

Related Topics

• Monitoring the NAS-Port-Format RADIUS Attribute

[8] Framed-IP-Address

Use the following command to manage the Framed-IP-Address RADIUS attribute.

• radius include framed-ip-addr

radius include framed-ip-addr

• Use to include the Framed-IP-Address attribute in Acct-Start and Acct-Stop messages.
• You can control inclusion of the attribute by enabling or disabling this command.
• For RADIUS to include this attribute, an IP address must be assigned to the subscriber.
• See radius include

• Example

  host1(config)#radius include framed-ip-addr acct-start enable

• Use the no version to restore the default, enable.

[9] Framed-Ip-Netmask

Use the following commands to manage the Framed-IP-Netmask RADIUS attribute.

• radius include framed-ip-netmask
• radius ignore framed-ip-netmask

radius include framed-ip-netmask

• Use to include the Framed-Ip-Netmask attribute in Acct-Start or Acct-Stop messages.
• You can control inclusion of the attribute by enabling or disabling this command.
• See radius include

• Example

  host1(config)#radius include framed-ip-netmask acct-start enable

• Use the no version to restore the default, enable.

radius ignore framed-ip-netmask

• Use to cause the Framed-Ip-Netmask attribute to be ignored in Access-Accept messages.
• You can control this behavior by enabling or disabling this command.
• If the subnet mask is specified by the Frame-Ip-Netmask attribute in the RADIUS user profile, the router passes the mask and IP address to the CPE during IPCP negotiations. When this command is enabled, the default subnet mask 255.255.255.255 is provided by AAA and used for IPCP negotiations.
• Enabling the command guards against any breaks in the negotiation.
• See radius ignore

• Example

  host1(config)#radius ignore framed-ip-netmask disable

• Use the no version to restore the default, enable.

[13] Framed-Compression

Use the following command to manage the Framed-Compression RADIUS attribute.

• radius include framed-compression

radius include framed-compression

• Use to include the Framed-Compression attribute in Acct-Start or Acct-Stop messages.
• You can control inclusion of the attribute by enabling or disabling this command.
• See radius include

• Example

  host1(config)#radius include framed-compression acct-start disable

• Use the no version to restore the default, enable.

[25] Class

Use the following command to manage the Class RADIUS attribute.

• radius include class

radius include class

• Use to include the Class attribute in Acct-Start or Acct-Stop messages.
• You can control inclusion of the attribute by enabling or disabling this command.
• See radius include

• Example

  host1(config)#radius include class acct-start disable

• Use the no version to restore the default, enable.

[30] Called-Station-Id

Use the following command to manage the Called-Station-Id RADIUS attribute.

• radius include called-station-id

radius include called-station-id

• Use to include the Called-Station-Id attribute in Access-Request, Acct-Start, or Acct-Stop messages.
• You can control inclusion of the Called-Station-Id attribute by enabling or disabling this command.
• See radius include

• Example

  host1(config)#radius include called-station-id acct-start enable

• Use the no version to restore the default, enable.

[31] Calling-Station-Id

Use the following commands to manage information for the Calling-Station-Id RADIUS attribute.

• radius calling-station-format
• radius calling-station-delimiter
• radius include calling-station-id
• radius override calling-station-id remote-circuit-id

radius calling-station-format

• Use to specify the format of the Calling-Station-Id [31] attribute on a virtual router.
• For each field in angle brackets (<>) in the Calling-Station-Id formats, the virtual router supplies the actual value for your configuration, unless otherwise specified.
• To specify that the RADIUS client use the delimited format when the PPP user is terminated at the non-LNS E-series router, use the delimited keyword.
  • Format for ATM interfaces:
    <delimiter> <system name> <delimiter> <interface> <delimiter> <VPI> <delimiter> <VCI><delimiter>
  • Format for Ethernet interfaces:
    <delimiter> <system name> <delimiter> <interface> <delimiter> <VLAN>

    Where <interface> is one of the following items:

  • <port name>—The default setting
  • <VP description>—Appears if you use the atm vp-description command to assign a text description to an individual VP on an ATM interface
  • <VC description>—Appears if you use the atm atm1483 description command to assign a text description to VCs on an ATM 1483 subinterface and you use the atm1483 export-subinterface-description command to enable sending of VC interface descriptors to AAA
• To specify that the RADIUS client use a fixed format of up to 15 characters consisting of all ASCII fields, use the fixed-format keyword. The maximum number of characters for each field is shown in square brackets ([ ]).
  • Format for ATM interfaces:
    <system name [4]> <slot [2]> <port [1]> <VPI [3]> <VCI [5]>
  • Format for Ethernet interfaces:
    <system name [4]> <slot [2]> <port [1]> <VLAN [8]>
  • Format for serial interfaces:
    <system name [4]> <slot [2]> <port [1]> <0 [8]>

    Where the final 8-byte field is always 0 (zero).

  • In the case of PPP terminated at the LNS, the Calling-Station-Id attribute is based on the received L2TP calling number AVP.
• To specify that the RADIUS client use a fixed format of up to 15 characters consisting of all ASCII fields with a 1-byte slot field, 1-byte adapter field, and 1-byte port field, use the fixed-format-adapter-embedded keyword. The maximum number of characters for each field is shown in square brackets ([ ]).
  • Format for ATM interfaces:
    <system name [4]> <slot [1]> <adapter [1]> <port [1]>
    <VPI [3]> <VCI [5]>
  • Format for Ethernet interfaces:
    <system name [4]> <slot [1]> <adapter [1]> <port [1]>
    <VLAN [8]>
  • Format for serial interfaces:
    <system name [4]> <slot [1]> <adapter [1]> <port [1]> <0 [8]>

    Where the final 8-byte field is always 0 (zero).

  • For E120 and E320 routers, <adapter> is the number of the bay in which the I/O adapter (IOA) resides, either 0 (representing the right IOA bay on the E120 router or the upper IOA bay on the E320 router) or 1 (representing the left IOA bay on the E120 router or the lower IOA bay on the E320 router). For ERX-7xx models, ERX-14xx models, and ERX-310 routers, <adapter> is always shown as 0 (zero).
  • Slot numbers 0 through 16 are shown as ASCII characters in the 1-byte slot field according to the following translation:

    Slot Number	ASCII Character	Slot Number	ASCII Character
    0	0	9	9
    1	1	10	A
    2	2	11	B
    3	3	12	C
    4	4	13	D
    5	5	14	E
    6	6	15	F
    7	7	16	G
    8	8	–	–

    For example, slot 16 is shown as the ASCII character uppercase G.

• To specify that the RADIUS client use a fixed format of up to 17 characters consisting of all ASCII fields with a 2-byte slot field, 1-byte adapter field, and 2-byte port field, use the fixed-format-adapter-new-field keyword. The maximum number of characters for each field is shown in square brackets ([ ]).

  Note: You must use this command with the fixed-format-adapter-new-field keyword when you configure the format of the Calling-Station-ID attribute on routers that have line modules that support more than seven physical ports.

  • Format for ATM interfaces:
    <system name [4]> <slot [2]> <adapter [1]> <port [2]>
    <VPI [3]> <VCI [5]>
  • Format for Ethernet interfaces:
    <system name [4]> <slot [2]> <adapter [1]> <port [2]>
    <VLAN [8]>
  • Format for serial interfaces:
    <system name [4]> <slot [2]> <adapter [1]> <port [2]> <0 [8]>

    Where the final 8-byte field is always 0 (zero).

  • For E120 and E320 routers, <adapter> is the number of the bay in which the I/O adapter (IOA) resides, either 0 or 1. For ERX-7xx models, ERX-14xx models, and ERX-310 routers, <adapter> is always shown as 0 (zero).
  • Slot numbers 0 through 16 are shown as integers in the 2-byte slot field.
• To specify that the format of the Calling-Station-Id [31] attribute include a 4-byte stacked VLAN (S-VLAN) ID for Ethernet interfaces when the RADIUS client uses the fixed-format, fixed-format-adapter-embedded, or fixed-format-adapter-new-field format, use the fixed-format stacked, fixed-format-adapter-embedded stacked, or fixed-format-adapter-new-field stacked keywords, respectively. The maximum number of characters for each field is shown in square brackets ([ ]).
  • Format for Ethernet interfaces that use fixed-format stacked:
    <system name [4]> <slot [2]> <port [1] <S-VLAN [4] <VLAN [4]>
  • Format for Ethernet interfaces that use fixed-format-adapter-embedded stacked:
    <system name [4]> <slot [1]> <adapter [1]><port [1] <S-VLAN [4] <VLAN [4]>
  • Format for Ethernet interfaces that use fixed-format-adapter-new-field stacked:
    <system name [4]> <slot [2]> <adapter [1]><port [2] <S-VLAN [4] <VLAN [4]>

    By default, these formats do not include the S-VLAN ID unless you specify the optional stacked keyword. If you include the stacked keyword, the S-VLAN ID is displayed in decimal format in the range 0–4095.

    The S-VLAN ID field in the Calling-Station-Id [31] attribute is set to 0 (zero) under the following conditions:

  • You do not specify the optional stacked keyword.
  • You specify the optional stacked keyword but the Ethernet interface does not have an S-VLAN ID.
• Attribute 31, Calling-Station-Id, is used with Attribute 30, Called-Station-Id, in a standard way when the router is the LNS and the LAC is a dial-up LAC (not an E-series router). When the LNS receives the Calling-Station-Id and Called-Station-Id AVPs, the router includes the values as they are, with no format changes in the RADIUS messages.
• Example 1

  host1(config)#radius calling-station-format fixed-format

  For example, when you configure this Calling-Station-Id format on an E320 router for an ATM interface on system name eastern, slot 14, adapter 1, port 2, VCI 3, and VPI 4, the virtual router displays the format in ASCII as ‘14’ ‘2’ ‘003’ ‘00004’. The adapter number does not appear in this format.

• Example 2

  host1(config)#radius calling-station-format fixed-format-adapter-embedded

  For example, when you configure this Calling-Station-Id format on an E320 router for an ATM interface on system name eastern, slot 14, adapter 1, port 2, VCI 3, and VPI 4, the virtual router displays the format in ASCII as ‘E’ ‘1’ ‘2’ ‘003’ ‘00004’.

• Example 3

  host1(config)#radius calling-station-format fixed-format-adapter-new-field

  For example, when you configure this Calling-Station-Id format on an E320 router for an ATM interface on system name eastern, slot 14, adapter 1, port 2, VCI 3, and VPI 4, the virtual router displays the format in ASCII as ‘14’ ‘1’ ‘02’ ‘003’ ‘00004’.

• Example 4

  host1(config)#radius calling-station-format fixed-format-adapter-new-field stacked

  For example, when you configure this Calling-Station-Id format on an E320 router for an Ethernet interface on system name western, slot 4, adapter 1, port 3, S-VLAN ID 8, and VLAN ID 12, the virtual router displays the format in ASCII as ‘west’ ‘04’ ‘1’ ‘03’ ‘0008’ ‘0012’.

• Use the no version to restore the default Calling-Station-Id format, delimited.
• See radius calling-station-format

radius calling-station-delimiter

• Use to specify the Calling-Station-Id attribute’s delimiter for DSL PPP users.
• The delimiter is one special character you select to set off items in the Calling-Station-Id’s definition (for example, # or %).
• See radius calling-station-delimiter

• Example

  host1(config)#radius calling-station-delimiter &

• Use the no version to remove the delimiter.

radius include calling-station-id

• Use to include the Calling-Station-Id attribute in Access-Request, Acct-Start, or Acct-Stop messages.
• You can control inclusion of the attribute by enabling or disabling this command.
• See radius include

• Example

  host1(config)#radius include calling-station-id acct-start disable

• Use the no version to restore the default, enable.

radius override calling-station-id remote-circuit-id

• Use to configure RADIUS to override the standard use of the Calling-Station-Id attribute and instead use the remote circuit ID transmitted from a DSLAM device.
• See radius override calling-station-id remote-circuit-id

• Example

  host1(config)#radius override calling-station-id remote-circuit-id

• Use the no version to restore the default Calling-Station-ID value, which is the telephone number from which the call originated.

Related Topics

•  Monitoring Override Settings of RADIUS IETF Attributes
•  Monitoring the Calling-Station-Id RADIUS Attribute

[32] NAS-Identifier

Use the following commands to manage and display information for the NAS-Identifier RADIUS attribute.

• radius nas-identifier
• radius include nas-identifier
• radius override nas-info
• radius remote-circuit-id-format
• radius remote-circuit-id-delimiter

radius nas-identifier

• Use to set a value for the NAS-Identifier attribute. This value is used in the NAS-Identifier attribute for authentication and accounting requests.
• Example

  host1(config)#radius nas-identifier fox

• Use the no version to delete the NAS-Identifier.
• See radius nas-identifier

radius include nas-identifier

• Use to include the NAS-Identifier attribute in Access-Request, Acct-Start, Acct-Stop, Acct-On, and Acct-Off messages.
• You can control inclusion of the attribute by enabling or disabling this command.
• See radius include

• Example

  host1(config)#radius include nas-identifier acct-start disable

• Use the no version to restore the default, enable.

radius override nas-info

• Use in the correct virtual router context to override the standard use of NAS-IP-Address and NAS-Identifier attributes for AAA broadcast accounting; specifies that the attributes for the authentication virtual router be included in accounting packets instead of the attributes for the virtual router that generates the accounting information.
• See radius override nas-info

• Example

  host1(config)#virtual-router vrXyz1

  host1:vrXyz1(config)#radius override nas-info

• Use the no version to restore the standard use of the NAS-IP-Address and NAS-Identification attributes.

radius remote-circuit-id-format

• Use to configure the format of the PPPoE remote circuit ID value captured from a DSLAM.
• You can format the PPPoE remote circuit ID value to include either or both of the agent-circuit-ID (suboption 1) and agent-remote-id (suboption 2) suboptions of the DHCP relay agent information option (option 82) or the PPPoE intermediate agent tags.
• By default, the router formats the PPPoE remote circuit ID to include only the agent-circuit-id suboption.
• You can use this command to configure the following nondefault formats for the PPPoE remote circuit ID value:
  • Include either or both of the agent-circuit-id and agent-remote-id suboptions, with or without the NAS-Identifier [32] RADIUS attribute
  • Append the agent-circuit-id suboption value to an interface specifier that is consistent with the recommended format in the DSL Forum Technical Report (TR)-101—Migration to Ethernet-Based DSL Aggregation (April 2006).
• For more information about how to use this command, see the Using the PPPoE Remote Circuit ID to Identify Subscribers and Configuring PPPoE Remote Circuit ID Capture sections in JUNOSe Link Layer Configuration Guide.
• See radius remote-circuit-id-format

• Examples

  host1(config)#radius remote-circuit-id-format nas-identifier agent-circuit-id agent-remote-id

  host1(config)#radius remote-circuit-id-format dsl-forum-1

• Use the no version to restore the default format, agent-circuit-id.

radius remote-circuit-id-delimiter

• Use to configure the delimiter character that the router uses to set off multiple components in the format of the PPPoE remote circuit ID value captured from a DSLAM.
• For information about how to use this command, see the Configuring PPPoE Remote Circuit ID Capture section in JUNOSe Link Layer Configuration Guide.
• See radius remote-circuit-id-delimiter

• Example

  host1(config)#radius remote-circuit-id-delimiter !

• Use the no version to restore the default delimiter character, #.

Related Topics

•  Monitoring Override Settings of RADIUS IETF Attributes
•  Monitoring the NAS-Identifier RADIUS Attribute
•  Monitoring the Format of the Remote-Circuit-ID for RADIUS
•  Monitoring the Delimiter Character in the Remote-Circuit-ID for RADIUS

[41] Acct-Delay-Time

Use the following commands to manage and display information for the Acct-Delay-Timer RADIUS attribute.

• radius include acct-delay-time

radius include acct-delay-time

• Use to include the Acct-Delay-Time attribute in Acct-On or Acct-Off messages.
• You can control inclusion of the attribute by enabling or disabling this command.
• See radius include

• Example

  host1(config)#radius include acct-delay-time acct-on enable

• Use the no version to restore the default, enable.

[44] Acct-Session-Id

Use the following commands to manage and display information for the Acct-Session-Id RADIUS attribute.

• radius include acct-session-id
• radius acct-session-id-format

radius include acct-session-id

• Use to include the Acct-Session-Id attribute in Access-Request, Acct-On, or Acct-Off messages.
• You can control inclusion of the Acct-Session-Id attribute by enabling or disabling this command.
• See radius include

• Example

  host1(config)#radius include acct-session-id access-request disable

• Use the no version to restore the default, enable.

radius acct-session-id-format

• Use to set the Acct-Session-Id attribute format. Two formats are supported:
  • description—Configures RADIUS client to use the generic format: erx <interface identifier>:<hex number>. For example: erx atm 12/1:0.3:0000ef1
  • decimal—Configures the RADIUS client to use a decimal format. For example: 435264
• See radius acct-session-id-format

• Example

  host1(config)#radius acct-session-id-format decimal

• Use the no version to negate the Acct-Session-Id format.

[45] Acct-Authentic

Use the following command to manage the Acct-Authentic RADIUS attribute.

• radius include acct-authentic

radius include acct-authentic

• Use to include the Acct-Authentic attribute in Acct-On or Acct-Off messages.
• You can control inclusion of the attribute by enabling or disabling this command.
• See radius include

• Example

  host1(config)#radius include acct-authentic acct-on enable

• Use the no version to restore the default, enable.

[49] Acct-Terminate-Cause

Use the following command to manage the Acct-Terminate-Cause RADIUS attribute.

• radius include acct-terminate-cause

radius include acct-terminate-cause

• Use to include the Acct-Terminate-Cause attribute in Acct-Off messages.
• You can control inclusion of the attribute by enabling or disabling this command.
• See radius include.

• Example

  host1(config)#radius include acct-terminate-cause acct-off disable

• Use the no version to restore the default, enable.

[50] Acct-Multi-Session-Id

Use the following command to manage the Acct-Multi-Session-Id RADIUS attribute.

• radius include acct-multi-session-id

radius include acct-multi-session-id

• Use to include the Acct-Multi-Session-Id attribute in Access-Request, Acct-Start, or Acct-Stop messages.
• You can control inclusion of the Acct-Multi-Session-Id attribute by enabling or disabling this command.
• See radius include

• Example

  host1(config)#radius include acct-multi-session-id acct-stop disable

• Use the no version to restore the default, enable for accounting messages and disable for access requests.

[51] Acct-Link-Count

Use the following command to manage the Acct-Link-Count RADIUS attribute.

• radius include acct-link-count

radius include acct-link-count

• Use to include the Acct-Link-Count attribute in Acct-Start and Acct-Stop messages.
• You can control inclusion of the Acct-Input-Gigawords attribute by enabling or disabling this command.
• See radius include

• Example

  host1(config)#radius include acct-link-count acct-stop disable

• Use the no version to restore the default, enable.

[52] Acct-Input-Gigawords

Use the following command to manage the Acct-Input-Gigawords RADIUS attribute.

• radius include input-gigawords

radius include input-gigawords

• Use to include the Acct-Input-Gigawords attribute in Acct-Stop messages.
• You can control inclusion of the Acct-Input-Gigawords attribute by enabling or disabling this command.
• See radius include

• Example

  host1(config)#radius include input-gigawords acct-stop disable

• Use the no version to restore the default, enable.

[53] Output-Gigawords

Use the following command to manage the Acct-Output-Gigawords RADIUS attribute.

• radius include output-gigawords

radius include output-gigawords

• Use to include the Acct-Output-Gigawords attribute in Acct-Stop messages.
• You can control inclusion of the Acct-Output-Gigawords attribute by enabling or disabling this command.
• See radius include

• Example

  host1(config)#radius include output-gigawords acct-stop enable

• Use the no version to restore the default, enable.

[55] Event-Timestamp

Use the following command to manage the Acct-Output-Gigawords RADIUS attribute.

• radius include event-timestamp

radius include event-timestamp

• Use to include the Event-Timestamp attribute in Acct-Start, Acct-Stop, Acct-On, or Acct-Off messages.
• You can control inclusion of the Event-Timestamp attribute by enabling or disabling this command.
• See radius include

• Example

  host1(config)#radius include event-timestamp acct-on enable

• Use the no version to restore the default, enable.

[61] NAS-Port-Type

Use the following commands to manage and display information for the NAS-Port-Type RADIUS attribute.

• radius dsl-port-type
• radius ethernet-port-type
• radius include nas-port-type

radius dsl-port-type

• Use to configure the NAS-Port-Type attribute for the DSL port type.
• This attribute can have several values. If the interface (port) is DSL, then the attribute can have any value listed in the command and uses the value configured. If the interface (port) is Ethernet, then it sets the attribute to Ethernet and disregards the parameter set with this command. Options include:
  • adsl-cap—Asymmetric DSL, carrierless amplitude phase (CAP) modulation
  • adsl-dmt—Asymmetric DSL, discrete multitone (DMT)
  • idsl—ISDN DSL
  • sdsl—Symmetric DSL
  • virtual—Virtual
  • xdsl—DSL of unknown type
• Example

  host1(config)#radius dsl-port-type xdsl

• Use the no version to restore the default, xdsl.
• See radius dsl-port-type

radius ethernet-port-type

• Use to set the NAS-Port-Type attribute for Ethernet interfaces to ethernet or virtual.
• See radius ethernet-port-type

• Example

  host1(config)#radius ethernet-port-type virtual

• Use the no version to restore the default, ethernet.

radius include nas-port-type

• Use to include the NAS-Port-Type attribute in Access-Request, Acct-Start, and Acct-Stop messages.
• You can control inclusion of the attribute by enabling or disabling this command.
• See radius include

• Example

  host1(config)#radius include nas-port-type acct-start enable

• Use the no version to restore the default, enable.

Related Topics

•  Monitoring the DSL-Port-Type RADIUS Attribute

[64] Tunnel-Type

Use the following command to manage the Tunnel-Type RADIUS attribute.

• radius include tunnel-type

radius include tunnel-type

• Use to include the Tunnel-Type attribute in Access-Request, Acct-Start, and Acct-Stop messages.
• You can control inclusion of the Tunnel-Type attribute by enabling or disabling this command.
• See radius include

• Example

  host1(config)#radius include tunnel-type access-request enable

• Use the no version to restore the default, enable.

[65] Tunnel-Medium-Type

Use the following command to manage the Tunnel-Type-Medium RADIUS attribute.

• radius include tunnel-medium-type

radius include tunnel-medium-type

• Use to include the Tunnel-Medium-Type attribute in Access-Request, Acct-Start, and Acct-Stop messages.
• You can control inclusion of the Tunnel-Medium-Type attribute by enabling or disabling this command.
• See radius include

• Example

  host1(config)#radius include tunnel-medium-type acct-start enable

• Use the no version to restore the default, enable.

[66] Tunnel-Client-Endpoint

Use the following command to manage the Tunnel-Client-Endpoint RADIUS attribute.

• radius include tunnel-client-endpoint

radius include tunnel-client-endpoint

• Use to include the Tunnel-Client-Endpoint attribute in Access-Request, Acct-Start, and Acct-Stop messages.
• You can control inclusion of the Tunnel-Client-Endpoint attribute by enabling or disabling this command.
• See radius include

• Example

  host1(config)#radius include tunnel-client-endpoint acct-start enable

• Use the no version to restore the default, enable.

[67] Tunnel-Server-Endpoint

Use the following command to manage the Tunnel-Server-Endpoint RADIUS attribute.

• radius include tunnel-server-endpoint

radius include tunnel-server-endpoint

• Use to include the Tunnel-Server-Endpoint attribute in Access-Request, Acct-Start, and Acct-Stop messages.
• You can control inclusion of the Tunnel-Server-Endpoint attribute by enabling or disabling this command.
• See radius include

• Example

  host1(config)#radius include tunnel-server-endpoint acct-stop disable

• Use the no version to restore the default, enable.

[68] Acct-Tunnel-Connection

Use the following command to manage the Acct-Tunnel-Connection RADIUS attribute.

• radius include acct-tunnel-connection

radius include acct-tunnel-connection

• Use to include the Acct-Tunnel-Connection attribute in Access-Request, Acct-Start, or Acct-Stop messages.
• You can control inclusion of the Acct-Tunnel-Connection attribute by enabling or disabling this command.
• See radius include

• Example

  host1(config)#radius include acct-tunnel-connection acct-stop enable

• Use the no version to restore the default, enable.

[77] Connect-Info

Use the following commands to manage and display information for the Connect-Info RADIUS attribute.

• radius connect-info-format l2tp-connect-speed
• radius include connect-info

radius connect-info-format

• Use on the LNS to enable the generation of the RADIUS Connect-Info attribute and to specify the attribute’s format. The attribute is based on the L2TP connect-speed AVPs for received (RX) speed (AVP 38) and transmit (TX) speed (AVP 24). See Configuring the RX Speed on the LAC for information about generating the RX and TX speed AVPs.
• The Connect-Info attribute is a string in the following format; the attribute is generated whenever the TX speed is not zero.

  tx-speed [ /rx-speed ]

• The TX speed is always included in the attribute when the speed is not zero; however, inclusion of the RX speed depends on the keyword you use with the command.
  • Use the l2tp-connect-speed keyword to specify that the RX speed is only included when it is not zero and differs from the TX speed.
  • Example

    host1(config)#radius connect-info-format l2tp-connect-speed

  • Use the l2tp-connect-speed-rx-when-equal keyword to specify that the RX speed is always included when it is not zero.
  • Example

    host1(config)#radius connect-info-format l2tp-connect-speed-rx-when-equal

• Use the no version to disable the inclusion of the RX speed when it is the same as the TX speed.
• See radius connect-info-format

radius include connect-info

• Use to include the Connect-Info attribute in Access-Request, Acct-Start, or Acct-Stop messages.
• You can control inclusion of the Connect-Info attribute by enabling or disabling this command.
• See radius include

• Example

  host1(config)#radius include connect-info access-request disable

• Use the no version to restore the default, enable.

Related Topics

•  Monitoring the Connect-Info RADIUS Attribute

[82] Tunnel-Assignment-Id

Use the following command to manage the Tunnel-Assignment-Id RADIUS attribute.

• radius include tunnel-assignment-id

radius include tunnel-assignment-id

• Use to include the Tunnel-Assignment-Id attribute in Acct-Start or Acct-Stop messages.
• You can control inclusion of the Tunnel-Assignment-Id attribute by enabling or disabling this command.
• See radius include

• Example

  host1(config)#radius include tunnel-assignment-id acct-stop enable

• Use the no version to restore the default, enable.

[83] Tunnel-Preference

Use the following command to manage the Tunnel-Preference RADIUS attribute.

• radius include tunnel-preference

radius include tunnel-preference

• Use to include the Tunnel-Preference attribute in Acct-Start or Acct-Stop messages.
• You can control inclusion of the Tunnel-Preference attribute by enabling or disabling this command.
• See radius include

• Example

  host1(config)#radius include tunnel-preference acct-start enable

• Use the no version to restore the default, enable.

[87] NAS-Port-Id

Use the following commands to manage and show information for the NAS-Port-Id RADIUS attribute.

• aaa intf-desc-format include
• radius include nas-port-id
• radius override nas-port-id remote-circuit-id

aaa intf-desc-format include

• Use to specify whether the router includes the subinterface number or adapter in the interface description it passes to RADIUS for inclusion in the NAS-Port-Id attribute. By default, the subinterface and adapter are sent (the commands are enabled).
• Examples

  host1#aaa intf-desc-format include sub-intf disable

  host1#aaa intf-desc-format include adapter enable

• Use the no version to remove the configuration.
• See aaa intf-desc-format include

radius include nas-port-id

• Use to include the NAS-Port-Id attribute in the Access-Request, Acct-Start, or Acct-Stop messages.
• You can control inclusion of the NAS-Port-Id attribute by enabling or disabling this command.
• See radius include

• Example

  host1(config)#radius include nas-port-id access-request enable

• Use the no version to restore the default, enable.

radius override nas-port-id remote-circuit-id

• Use to configure RADIUS to override the standard use of the NAS-Port-Id attribute and instead use the remote circuit ID transmitted from a DSLAM device.
• See radius override nas-port-id remote-circuit-id

• Example

  host1(config)#radius override nas-port-id remote-circuit-id

• Use the no version to restore the default NAS-Port-ID value, which is the physical interface of the NAS that is authenticating the user.

Related Topics

•  Monitoring Override Settings of RADIUS IETF Attributes
•  Monitoring the NAS-Port-ID RADIUS Attribute

[90] Tunnel-Client-Auth-Id

Use the following command to manage the Tunnel-Client-Auth-Id RADIUS attribute.

• radius include tunnel-client-auth-id

radius include tunnel-client-auth-id

• Use to include the Tunnel-Client-Auth-Id attribute in Access-Request, Acct-Start, or Acct-Stop messages.
• You can control inclusion of the Tunnel-Client-Auth-Id attribute by enabling or disabling this command.
• See radius include

• Example

  host1(config)#radius include tunnel-client-auth-id access-request disable

• Use the no version to restore the default, enable.

[91] Tunnel-Server-Auth-Id

Use the following command to manage the Tunnel-Server-Auth-Id RADIUS attribute.

• radius include tunnel-server-auth-id

radius include tunnel-server-auth-id

• Use to include the Tunnel-Server-Auth-Id attribute in Access-Request, Acct-Start, or Acct-Stop messages.
• You can control inclusion of the Tunnel-Server-Auth-Id attribute by enabling or disabling this command.
• See radius include

• Example

  host1(config)#radius include tunnel-server-auth-id acct-start enable

• Use the no version to restore the default, enable.

[96] Framed-Interface-Id

Use the following command to manage the Framed-Interface-Id RADIUS attribute.

• radius include framed-interface-id

radius include framed-interface-id

• Use to include the Framed-Interface-Id attribute in Access-Request, Acct-Start, or Acct-Stop messages.
• You can control inclusion of the Framed-Interface-Id attribute by enabling or disabling this command.
• For RADIUS to include this attribute, an IPv6 interface ID must be assigned to the subscriber.
• See radius include

• Example

  host1(config)#radius include framed-interface-id acct-start enable

• Use the no version to restore the default, disable.

[97] Framed-Ipv6-Prefix

Use the following command to manage the Framed-Ipv6-Prefix RADIUS attribute.

• radius include framed-ipv6-prefix

radius include framed-ipv6-prefix

• Use to include the Framed-Ipv6-Prefix attribute in Access-Request, Acct-Start, or Acct-Stop messages.
• You can control inclusion of the Framed-Ipv6-Prefix attribute by enabling or disabling this command.
• For RADIUS to include this attribute, at least one IPv6 prefix must be assigned to the subscriber.
• See radius include

• Example

  host1(config)#radius include framed-ipv6-prefix acct-start enable

• Use the no version to restore the default, disable.

[188] Ascend-Num-In-Multilink

Use the following command to manage the Ascend-Num-In-Multilink attribute.

• radius include ascend-num-in-multilink

radius include ascend-num-in-multilink

• Use to include the Ascend-Num-In-Multilink attribute in Access-Request, Acct-Start, or Acct-Stop messages.
• You can control inclusion of the Ascend-Num-In-Multilink attribute by enabling or disabling this command.
• See radius include

• Example

  host1(config)#radius include ascend-num-in-multilink acct-start enable

• Use the no version to restore the default, disable.

All Tunnel Server Attributes

Use the following command to manage all tunnel server RADIUS attributes.

• radius include tunnel-server-attributes

radius include tunnel-server-attributes

• Use to include all supported tunnel server attributes in Access-Request, Acct-Start, or Acct-Stop messages.
• When the router functions as an LNS with a terminating PPP, then the LAC tunnel attributes are included.
• You can control inclusion of all tunnel server attributes by enabling or disabling this command.
• See radius include

• Example

  host1(config)#radius include tunnel-server-attributes access-request enable

• Use the no version to restore the default, disable.

Juniper Networks Vendor-Specific Attributes

This section describes the Juniper Networks vendor-specific attributes (VSAs) that you can configure using CLI commands. The attributes are listed numerically and are followed by descriptions about the commands that you can use to manage the attribute.

[26-1] Virtual-Router

Use the following command to manage the Virtual-Router RADIUS attribute.

• radius ignore virtual-router

radius ignore virtual-router

• Use to cause the Virtual-Router attribute to be ignored in Access-Accept messages.
• You can control this behavior by enabling or disabling this command.
• See radius ignore

• Example

  host1(config)#radius ignore virtual-router enable

• Use the no version to restore the default, disable.

[26-10] Ingress-Policy-Name

Use the following commands to manage the Ingress-Policy-Name RADIUS attribute.

• radius include ingress-policy-name
• radius ignore ingress-policy-name

radius include ingress-policy-name

• Use to include the Ingress-Policy-Name attribute in Acct-Start or Acct-Stop messages.
• You can control inclusion of the attribute by enabling or disabling this command.
• See radius include

• Example

  host1(config)#radius include ingress-policy-name acct-start enable

• Use the no version to restore the default.

radius ignore ingress-policy-name

• Use to cause the Ingress-Policy-Name attribute to be ignored in Access-Accept messages.
• You can control this behavior by enabling or disabling this command. The default is disable.
• See radius ignore

• Example

  host1(config)#radius ignore ingress-policy-name enable

• Use the no version to restore the default, enable.

[26-11] Egress-Policy-Name

Use the following commands to manage the Egress-Policy-Name RADIUS attribute.

• radius include egress-policy-name
• radius ignore egress-policy-name

radius include egress-policy-name

• Use to include the Egress-Policy-Name attribute in Acct-Start or Acct-Stop messages.
• You can control inclusion of the attribute by enabling or disabling this command.
• See radius include

• Example

  host1(config)#radius include egress-policy-name acct-start enable

• Use the no version to restore the default, enable.

radius ignore egress-policy-name

• Use to cause the Egress-Policy-Name attribute to be ignored in Access-Accept messages.
• You can control this behavior by enabling or disabling this command.
• See radius ignore

• Example

  host1(config)#radius ignore egress-policy-name enable

• Use the no version to restore the default, disable.

[26-14] Service-Category

Use the following command to manage the Service-Category RADIUS attribute.

• radius ignore atm-service-category

radius ignore atm-service-category

• Use to cause the Service-Category attribute to be ignored in Access-Accept messages.
• You can control this behavior by enabling or disabling this command.
• See radius ignore

• Example

  host1(config)#radius ignore atm-service-category enable

• Use the no version to restore the default, disable.

[26-15] PCR

Use the following command to manage the PCR RADIUS attribute.

• radius ignore atm-pcr

radius ignore atm-pcr

• Use to cause the PCR attribute to be ignored in Access-Accept messages.
• You can control this behavior by enabling or disabling this command.
• See radius ignore

• Example

  host1(config)#radius ignore atm-pcr enable

• Use the no version to restore the default, disable.

[26-16] SCR

Use the following command to manage the SCR RADIUS attribute.

• radius ignore atm-scr

radius ignore atm-scr

• Use to cause the SCR attribute to be ignored in Access-Accept messages.
• You can control this behavior by enabling or disabling this command.
• See radius ignore

• Example

  host1(config)#radius ignore atm-scr enable

• Use the no version to restore the default, disable.

[26-17] MBS

Use the following command to manage the MBS RADIUS attribute.

• radius ignore atm-mbs

radius ignore atm-mbs

• Use to cause the MBS attribute to be ignored in Access-Accept messages.
• You can control this behavior by enabling or disabling this command.
• See radius ignore

• Example

  host1(config)#radius ignore atm-mbs enable

• Use the no version to restore the default, disable.

[26-24] Pppoe-Description

Use the following command to manage the Pppoe-Description RADIUS attribute.

• radius include pppoe-description

radius include pppoe-description

• Use to include the Pppoe-Description attribute in Access-Request, Acct-Start, or Acct-Stop messages.
• You can control inclusion of the Pppoe-Description attribute by enabling or disabling this command.
• See radius include

• Example

  host1(config)#radius include pppoe-description acct-start enable

• Use the no version to restore the default, enable.

[26-35] Acct-Input-Gigapackets

Use the following command to manage the Acct-Input-Gigapackets RADIUS attribute.

• radius include input-gigapkts

radius include input-gigapkts

• Use to include Acct-Input-Gigapackets in Acct-Stop messages.
• You can control inclusion of the attribute by enabling or disabling this command.
• see radius include

• Example

  host1(config)#radius include input-gigapkts acct-stop disable

• Use the no version to restore the default, enable.

[26-36] Acct-Output-Gigapackets

Use the following command to manage the Acct-Output-Gigapackets RADIUS attribute.

• radius include output-gigapkts

radius include output-gigapkts

• Use to include the Acct-Output-Gigapackets attribute in Acct-Stop messages.
• You can control inclusion of the attribute by enabling or disabling this command.
• See radius include

• Example

  host1(config)#radius include output-gigapkts acct-stop disable

• Use the no version to restore the default, enable.

[26-44] Tunnel-Interface-Id

Use the following command to manage the Tunnel-Interface-Id RADIUS attribute.

• radius include tunnel-interface-id

radius include tunnel-interface-id

• Use to include the Tunnel-Interface-Id attribute in Access-Request, Acct-Start, or Acct-Stop messages.
• You can control inclusion of the attribute by enabling or disabling this command.
• See radius include

• Example

  host1(config)#radius include tunnel-interface-id enable

• Use the no version to restore the default, disable.

[26-51] Disconnect-Cause

Use the following command to manage the Disconnect-Cause RADIUS attribute.

• radius include l2tp-ppp-disconnect-cause

radius include l2tp-ppp-disconnect-cause

• Use to include the Disconnect-Cause attribute in Acct-Stop and Acct-Tunnel-Link-Stop messages.
• You can control inclusion of the attribute by enabling or disabling this command.
• See radius include

• Example

  host1(config)#radius include l2tp-ppp-disconnect-cause acct-stop-enable

• Use the no version to restore the default, disable.

[26-53] Service-Description

Use the following command to manage the Service-Description RADIUS attribute.

• radius include profile-service-description

radius include profile-service-description

• Use to include the Service-Description attribute in Access-Request, Acct-Start, and Acct-Stop messages.
• You can control inclusion of the attribute by enabling or disabling this command.
• See radius include

• Example

  host1(config)#radius include profile-service-description acct-stop enable

• Use the no version to restore the default, disable.

[26-55] DHCP-Options

Use the following command to manage the DHCP-Options RADIUS attribute.

• radius include dhcp-options

radius include dhcp-options

• Use to include the DHCP-Options attribute in Access-Request, Acct-Start, and Acct-Stop messages.
• You can control inclusion of the attribute by enabling or disabling this command.
• See radius include

• Example

  host1(config)#radius include dhcp-options acct-stop enable

• Use the no version to restore the default, disable.

[26-56] DHCP-MAC-Address

Use the following command to manage the DHCP-MAC-Address RADIUS attribute.

• radius include dhcp-mac-address

radius include dhcp-mac-address

• Use to include the DHCP-MAC-Address attribute in Access-Request, Acct-Start, and Acct-Stop messages.
• You can control inclusion of the attribute by enabling or disabling this command.
• See radius include

• Example

  host1(config)#radius include dhcp-mac-address acct-stop enable

• Use the no version to restore the default, disable.

[26-57] DHCP-GI-Address

Use the following command to manage the DHCP-GI-Address RADIUS attribute.

• radius include dhcp-gi-address

radius include dhcp-gi-address

• Use to include the DHCP-GI-Address attribute in Access-Request, Acct-Start, and Acct-Stop messages.
• You can control inclusion of the attribute by enabling or disabling this command.
• See radius include

• Example

  host1(config)#radius include dhcp-gi-address acct-stop enable

• Use the no version to restore the default, disable.

[26-62] MLPPP-Bundle-Name

Use the following command to manage the MLPPP-Bundle-Name RADIUS attribute.

• radius include mlppp-bundle-name

radius include mlppp-bundle-name

• Use to include the MLPPP-Bundle-Name attribute in Access-Request, Acct-Start, Interim-Acct, or Acct-Stop messages.
• You can control inclusion of the MLPPP-Bundle-Name attribute by enabling or disabling this command.
• There is no explicit command to include the MLPPP-Bundle-Name attribute in Interim-Acct messages; however, the attribute is automatically included in Interim-Acct messages when the attribute is enabled for Acct-Stop messages.
• See radius include

• Example

  host1(config)#radius include mlppp-bundle-name acct-start enable

• Use the no version to restore the default, disable.

[26-63] Interface-Desc

Use the following command to manage the Interface-Desc RADIUS attribute.

• radius include interface-description

radius include interface-description

• Use to include the Interface-Desc attribute, with the subscriber’s access interface description, in Access-Request, Acct-Start, Interim-Acct, or Acct-Stop messages.
• You can control inclusion of the Interface-Desc attribute by enabling or disabling this command. Inclusion is disabled by default.
• There is no explicit command to include the Interface-Desc attribute in Interim-Acct messages; however, the attribute is automatically included in Interim-Acct messages when the attribute is enabled for Acct-Stop messages.
• See radius include

• Example

  host1(config)#radius include interface-description acct-start enable

• Use the no version to restore the default, disable.

[26-81] L2C-Information

Use the following command to manage the L2C-Information RADIUS attribute.

• radius include access-loop-parameters

radius include access-loop-parameters

• Use to include the L2C-Information attribute in Access-Request messages.
• You can control inclusion of the L2C-Information attribute by enabling or disabling this command. Inclusion is disabled by default.
• See radius include

• Example

  host1(config)#radius include access-loop-parameters access-request enable

• Use the no version to restore the default, disable.

[26-92] L2C-Up-Stream-Data

Use the following command to manage the L2C-Up-Stream-Data RADIUS attribute.

• radius include l2c-upstream-data

radius include l2c-upstream-data

• Use to include the L2C-Up-Stream-Data attribute in Access-Request, Acct-Start, and Acct-Stop messages.
• You can control inclusion of the L2C-Up-Stream-Data attribute by enabling or disabling this command. Inclusion is disabled by default.
• See radius include

• Example

  host1(config)#radius include l2c-upstream-data access-request enable

• Use the no version to restore the default, disable.

[26-93] L2C-Down-Stream-Data

Use the following command to manage the L2C-Down-Stream-Data RADIUS attribute.

• radius include l2c-downstream-data

radius include l2c-downstream-data

• Use to include the L2C-Down-Stream-Data attribute in Access-Request, Acct-Start, and Acct-Stop messages.
• You can control inclusion of the L2C-Down-Stream-Data attribute by enabling or disabling this command. Inclusion is disabled by default.

• Example

  host1(config)#radius include l2c-downstream-data access-request enable

• Use the no version to restore the default, disable.
• See radius include

[26-141] Downstream-Calculated-Qos-Rate

The Downstream-Calculated-Qos-Rate RADIUS attribute enables RADIUS to receive calculated QoS rates from ANCP.

Use the following command to manage the Downstream-Calculated-Qos-Rate RADIUS attribute.

• radius include downstream-calculated-qos-rate access-request
• radius include downstream calculated-qos-rate acct-start
• radius include downstream-calculated-qos-rate acct-stop

radius include downstream-calculated-qos-rate

• Use to include the Downstream-Calculated-Qos-Rate attribute in Access-Request, Acct-Start, and Acct-Stop messages.
• You can control inclusion of the Downstream-Calculated-Qos-Rate attribute by enabling or disabling this command. Inclusion is disabled by default.
• Example

  host1(config)#radius include downstream-calculated-qos-rate access-request enable

• Use the no version to restore the default, disable.
• See radius include

[26-142] Upstream-Calculated-Qos-Rate

The Upstream-Calculated-Qos-Rate RADIUS attribute enables RADIUS to receive calculated QoS rates from ANCP.

Use the following commands to manage the Upstream-Calculated-Qos-Rate RADIUS attribute.

• radius include upstream-calculated-qos-rate access-request
• radius include upstream calculated-qos-rate acct-start
• radius include upstream-calculated-qos-rate acct-stop

radius include upstream-calculated-qos-rate

• Use to include the Upstream-Calculated-Qos-Rate attribute in Access-Request, Acct-Start, and Acct-Stop messages.
• You can control inclusion of the Upstream-Calculated-Qos-Rate attribute by enabling or disabling this command. Inclusion is disabled by default.
• Example

  host1(config)#radius include upstream-calculated-qos-rate access-request enable

• Use the no version to restore the default, disable.
• See radius include

[26-143] Max-Clients-Per-Interface

The Max-Clients-Per-Interface RADIUS attribute is the maximum number of PPPoE client sessions supported per interface. For DHCP clients, this value is the maximum number of PPPoE sessions per logical interface. For PPPoE, this value is the maximum number of PPPoE subinterfaces per PPPoE major interface.

Use the following command to manage the Max-Clients-Per-Interface RADIUS attribute.

• radius ignore pppoe-max-session

radius ignore pppoe-max-session

• Use to cause the Max-Clients-Per-Interface attribute to be ignored in Access-Accept messages returned by the RADIUS server.
• You can control this behavior by enabling or disabling this command. Ignoring the Max-Clients-Per-Interface attribute is enabled by default.
• Example 1—Ignores the Max-Clients-Per-Interface attribute returned by the RADIUS server; this is the default behavior

  host1(config)#radius ignore pppoe-max-session enable

• Example 2—Accepts the Max-Clients-Per-Interface attribute returned by the RADIUS server

  host1(config)#radius ignore pppoe-max-session disable

  When you issue this command, the router passes the value of the Max-Clients-Per-Interface attribute to the PPP application. PPP, in turn, sends this value to the PPPoE application, which determines whether or not to tear down the PPPoe interface based on the maximum session limit for this subscriber.

• Use the no version to restore the default, enable.

ANCP-Related Juniper Networks VSAs

You use the radius include command to specify information about Access Node Control Protocol (ANCP), also known as Layer 2 Control (L2C), that you want to include in the RADIUS Access-Request, Acct-Start, and Acct-Stop messages. Also, if you specify Acct-Stop messages, the router includes ANCP information in Interim-Acct messages that the router sends to RADIUS. By default, the router does not include the ANCP-related information provided by the Juniper Networks VSAs in RADIUS messages.

These Juniper Networks ANCP-related VSAs are based on definitions in GSMP extensions for layer2 control (L2C) Topology Discovery and Line Configuration—draft-wadhwa-gsmp-l2control-configuration-00.txt (July 2006 expiration).

radius include l2cd-keyword

• Use to include ANCP-related Juniper Networks VSAs in Access-Request, Acct-Start, and Acct-Stop messages that the router sends to RADIUS. If you enable inclusion of the ANCP-related VSAs in Acct-Stop messages, the router also includes the VSAs in Interim-Acct messages. Inclusion is disabled by default.
• You must enable ANCP discovery with the discovery-mode command prior to configuring the radius include command with the ANCP-related VSAs. Configuring discovery mode enables the RADIUS authentication server to retrieve ANCP information.
• Table 41 lists the ANCP (L2C)-related keywords that you can use in the radius include command and the associated Juniper Networks VSAs. The table also indicates the mappings between ANCP parameters and the VSAs.

  Table 41: ANCP (L2C)-Related Keywords for radius include Command

  Command Keyword	Juniper Networks VSA Number	Juniper Networks VSA Name	ANCP Type	ANCP Subtype
  l2cd-acc-loop-cir-id	[26-110]	Acc-Loop-Cir-Id	1	–
  l2cd-acc-aggr-cir-id-bin	[26-111]	Acc-Aggr-Cir-Id-Bin	2	–
  l2cd-acc-aggr-cir-id-asc	[26-112]	Acc-Aggr-Cir-Id-Asc	3	–
  l2cd-act-data-rate-up	[26-113]	Act-Data-Rate-Up	4	129
  l2cd-act-data-rate-dn	[26-114]	Act-Data-Rate-Dn	4	130
  l2cd-min-data-rate-up	[26-115]	Min-Data-Rate-Up	4	131
  l2cd-min-data-rate-dn	[26-116]	Min-Data-Rate-Dn	4	132
  l2cd-att-data-rate-up	[26-117]	Att-Data-Rate-Up	4	133
  l2cd-att-data-rate-dn	[26-118]	Att-Data-Rate-Dn	4	134
  l2cd-max-data-rate-up	[26-119]	Max-Data-Rate-Up	4	135
  l2cd-max-data-rate-dn	[26-120]	Max-Data-Rate-Dn	4	136
  l2cd-min-lp-data-rate-up	[26-121]	Min-LP-Data-Rate-Up	4	137
  l2cd-min-lp-data-rate-dn	[26-122]	Min-LP-Data-Rate-Dn	4	138
  l2cd-max-interlv-delay-up	[26-123]	Max-Interlv-Delay-Up	4	139
  l2cd-act-interlv-delay-up	[26-124]	Act-Interlv-Delay-Up	4	140
  l2cd-max-interlv-delay-dn	[26-125]	Max-Interlv-Delay-Dn	4	141
  l2cd-act-interlv-delay-dn	[26-126]	Act-Interlv-Delay-Dn	4	142
  l2cd-dsl-line-state	[26-127]	DSL-Line-State	4	143
  l2cd-dsl-type	[26-128]	DSL-Type	4	144

• Example

  host1(config)#radius include l2cd-acc-loop-cir-id acct-start enable

• Use the no version to restore the default behavior, disable.

  Note: JUNOSe software continues to support DSL Forum VSAs (vendor ID 3561) that you can use to include DSL-related information in RADIUS messages. See DSL Forum VSAs.

• See radius include

Related Topics

• To display a list of attributes that are included in RADIUS messages, see Monitoring Included RADIUS Attributes

DSL Forum Vendor-Specific Attributes

You can use the radius include dsl-forum-attributes command to control the inclusion of a set of DSL Forum VSAs in Access-Request, Acct-Start, Acct-Stop, and (if Acct-Stop messages are specified) Interim-Acct messages that the router sends to RADIUS.

The DSL Forum VSAs, as defined in RFC 4679—DSL Forum Vendor-Specific RADIUS Attributes (September 2006), convey information about the associated subscriber for and data rate of the DSL. A service provider might find it useful to enable inclusion of the DSL Forum VSAs in RADIUS messages in order to bill subscribers for different classes of service based on the data rate of their DSL connection.

Note: JUNOSe software also supports several Juniper Networks VSAs that you can use to include DSL-related information. See ANCP-Related Juniper Networks VSAs and Juniper Networks VSAs .

The router receives data containing one or more of the DSL Forum VSAs from a DSLAM connected to the router via a PPPoE interface. When you enable the inclusion of the DSL Forum VSAs in these RADIUS messages, the router includes all of the following attributes in the specified message type, provided that the VSA is available in the information that the router receives from the DSLAM.

Note: The router uses the vendor ID assigned to the DSL Forum (3561, or DE9 in hexadecimal format) by the Internet Assigned Numbers Authority (IANA) for the DSL Forum VSAs.

For information about enabling the QoS downstream rate application to obtain downstream rates from the Actual-Data-Rate-Downstream [26-130] DSL Forum VSA, see the Configuring the Downstream Rate Using QoS Parameters chapter in JUNOSe Quality of Service Configuration Guide.

For a more detailed description of the DSL Forum VSAs, see DSL Forum VSAs .

radius include dsl-forum-attributes

• Use to include the set of DSL Forum VSAs in Access-Request, Acct-Start, and Acct-Stop messages that the router sends to RADIUS. If you enable inclusion of the DSL Forum VSAs in Acct-Stop messages, the router also includes the VSAs in Interim-Acct messages.
• You can control inclusion of the DSL Forum VSAs in the specified message type by enabling or disabling this command. Inclusion is disabled by default.
• When you enable inclusion of the DSL Forum VSAs for a specified message type, the router includes in that message all of the DSL Forum attributes that it receives from the DSLAM.
• Example

  host1(config)#radius include dsl-forum-attributes access-request enable

• Use the no version to restore the default behavior, disable.
• See radius include dsl-forum-attributes

Including or Excluding Attributes in RADIUS Messages

For many attributes, you can configure the router to include or exclude the attribute in RADIUS messages.

radius include

• Use to enable or disable the inclusion of RADIUS attributes in Acct-On, Acct-Off, Access-Request, Acct-Start, and Acct-Stop messages.
• Examples

  host1(config)#radius include ingress-policy-name acct-start enable

  host1(config)#radius include tunnel-type access-request disable

• Use the no version to restore the default, disable.
• See radius include

Related Topics

• To see a list of the attributes that you can include or exclude, see Monitoring Included RADIUS Attributes

Ignoring Attributes When Receiving Access-Accept Messages

You can configure the router to ignore or use many attributes that it receives in Access-Accept messages.

radius ignore

• Use to specify that a RADIUS attribute be ignored or be accepted from Access-Accept messages.
• Use the enable keyword to specify that the RADIUS client ignore the attribute from the RADIUS server or the disable keyword to use the attribute.
• Examples

  host1(config)#radius ignore atm-scr enable

  host1(config)#radius ignore framed-ip-netmask disable

• Use the no version to restore the default, enable.
• See radius ignore

Related Topics

• To see the list of attributes that the router uses or ignores, see Monitoring Ignored RADIUS Attributes

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.