[Contents]
[Prev]
[Next]
[Index]
[Report an Error]
Subscriber AAA Access Messages
Authorization and authentication access messages
identify subscribers before the RADIUS server grants or denies them
access to the network or network services. When an application requests
user authentication, the request must have certain authenticating
attributes, such as a user’s name, password, and the particular
type of service the user is requesting. This information is sent in
the authentication request via the RADIUS protocol to the RADIUS server.
In response, the RADIUS server grants or denies the request.
The router supports the following types of authentication
and authorization messages:
- Access-Request—Requests client authentication.
RADIUS responds to a client authentication request with either
an Access-Accept, an Access-Reject, or an Access-Challenge message.
An Access-Request message can contain a number of RADIUS attributes.
- Access-Accept—Grants the client’s access request
and can provide specific configuration information necessary to begin
delivery of service to the user.
- Access-Reject—Sent if any value of the received
attributes is not acceptable.
- Access-Challenge—Sent to the client, requesting
additional authentication information.
- Change-of-Authorization-Request (CoA-Request)—Dynamically
modifies session attributes, such as data filters.
- Disconnect-Request—Immediately terminates a user
session.
Supported RADIUS IETF Attributes
Table 34 lists the Access-Request,
Access-Accept, Access-Reject, Access-Challenge, CoA, and Disconnect-Request
attributes supported by JUNOSe software. The following notes are referenced
in Table 34:
- Attribute is used by Access-Request messages
when terminating a PPP connection at the LNS or the initiating LAC.
- Attribute is used to support pass-through
exchange of EAP messages.
- Attribute is used by Access-Challenge messages
to set the PPP retransmission timeout used for EAP request packets.
Table 34 lists the RADIUS
IETF attributes supported for Access-Request, Access-Accept, Access-Reject,
CoA-Request, and Disconnect-Request messages.
Table 34: AAA Access
Message RADIUS IETF Attributes Supported
|
Attribute Number
|
Attribute Name
|
Access- Request
|
Access- Accept
|
Access- Reject
|
Access-
Challenge
|
CoA-
Request
|
Disconnect-
Request
|
|
[1]
|
User-Name
|
✓
|
✓
|
–
|
–
|
✓
|
✓
|
|
[2]
|
User-Password
|
✓
|
–
|
–
|
–
|
–
|
–
|
|
[3]
|
CHAP-Password
|
✓
|
–
|
–
|
–
|
–
|
–
|
|
[4]
|
NAS-IP-Address
|
✓
|
–
|
–
|
–
|
–
|
–
|
|
[5]
|
NAS-Port
|
✓
|
–
|
–
|
–
|
–
|
–
|
|
[6]
|
Service-Type
|
✓
|
✓
|
–
|
–
|
–
|
–
|
|
[7]
|
Framed-Protocol
|
✓
|
✓
|
–
|
–
|
–
|
–
|
|
[8]
|
Framed-IP-Address
|
✓
|
✓
|
–
|
–
|
✓
|
–
|
|
[9]
|
Framed-IP-Netmask
|
–
|
✓
|
–
|
–
|
–
|
–
|
|
[11]
|
Filter-Id
|
–
|
✓
|
–
|
–
|
–
|
–
|
|
[12]
|
Framed-MTU
(See Note 2.)
|
✓
|
✓
|
–
|
–
|
–
|
–
|
|
[18]
|
Reply-Message
(See Note 2.)
|
–
|
✓
|
✓
|
✓
|
–
|
–
|
|
[22]
|
Framed-Route
|
–
|
✓
|
–
|
–
|
–
|
–
|
|
[24]
|
State
(See Note 2.)
|
–
|
–
|
✓
|
✓
|
–
|
–
|
|
[25]
|
Class
|
–
|
✓
|
–
|
–
|
–
|
–
|
|
[27]
|
Session-Timeout
(See Note 2.)
(See Note 3.)
|
–
|
✓
|
✓
|
✓
|
–
|
–
|
|
[28]
|
Idle-Timeout
|
–
|
✓
|
–
|
–
|
–
|
–
|
|
[30]
|
Called-Station-Id
|
✓
|
–
|
–
|
–
|
–
|
–
|
|
[31]
|
Calling-Station-Id
|
✓
|
–
|
–
|
–
|
✓
|
–
|
|
[32]
|
NAS-Identifier
|
✓
|
–
|
–
|
–
|
–
|
–
|
|
[33]
|
Proxy-State
|
✓
|
–
|
–
|
–
|
–
|
–
|
|
[44]
|
Acct-Session-Id
|
✓
|
–
|
–
|
–
|
✓
|
–
|
|
[50]
|
Acct-Multi-Session-Id
|
✓
|
–
|
–
|
–
|
–
|
✓
|
|
[60]
|
CHAP-Challenge
|
✓
|
–
|
–
|
–
|
–
|
–
|
|
[61]
|
NAS-Port-Type
|
✓
|
–
|
–
|
–
|
–
|
–
|
|
[62]
|
Port-Limit
|
–
|
✓
|
–
|
–
|
–
|
–
|
|
[64]
|
Tunnel-Type
(See Note 1.)
|
✓
|
✓
|
–
|
–
|
–
|
–
|
|
[65]
|
Tunnel-Medium-Type
(See Note 1.)
|
✓
|
✓
|
–
|
–
|
–
|
–
|
|
[66]
|
Tunnel-Client-Endpoint
(See Note 1.)
|
✓
|
✓
|
–
|
–
|
–
|
–
|
|
[67]
|
Tunnel-Server-Endpoint
(See Note 1.)
|
✓
|
✓
|
–
|
–
|
–
|
–
|
|
[68]
|
Acct-Tunnel-Connection
(See Note 1.)
|
✓
|
–
|
–
|
–
|
–
|
–
|
|
[69]
|
Tunnel-Password
|
–
|
✓
|
–
|
–
|
–
|
–
|
|
[77]
|
Connect-Info
|
✓
|
–
|
–
|
–
|
–
|
–
|
|
[79]
|
EAP-Message
(See Note 2.)
|
✓
|
✓
|
✓
|
✓
|
–
|
–
|
|
[80]
|
Message-Authenticator
(See Note 2.)
|
✓
|
✓
|
✓
|
✓
|
–
|
–
|
|
[82]
|
Tunnel-Assignment-Id
|
–
|
✓
|
–
|
–
|
–
|
–
|
|
[83]
|
Tunnel-Preference
|
–
|
✓
|
–
|
–
|
–
|
–
|
|
[85]
|
Acct-Interim-Interval
|
–
|
✓
|
–
|
–
|
–
|
–
|
|
[87]
|
NAS-Port-Id
|
✓
|
–
|
–
|
–
|
✓
|
–
|
|
[88]
|
Framed-Pool
|
–
|
✓
|
–
|
–
|
–
|
–
|
|
[90]
|
Tunnel-Client-Auth-Id
(See Note 1.)
|
✓
|
✓
|
–
|
–
|
–
|
–
|
|
[91]
|
Tunnel-Server-Auth-Id
(See Note 1.)
|
✓
|
✓
|
–
|
–
|
–
|
–
|
|
[96]
|
Framed-Interface-Id
|
–
|
✓
|
–
|
–
|
–
|
–
|
|
[97]
|
Framed-Ipv6-Prefix
|
–
|
✓
|
–
|
–
|
–
|
–
|
|
[99]
|
Framed-Ipv6-Route
|
–
|
✓
|
–
|
–
|
–
|
–
|
|
[101]
|
Error-Cause
|
–
|
–
|
–
|
–
|
✓
|
✓
|
|
[135]
|
Ascend-Primary-Dns
|
–
|
✓
|
–
|
–
|
–
|
–
|
|
[136]
|
Ascend-Secondary-Dns
|
–
|
✓
|
–
|
–
|
–
|
–
|
|
[188]
|
Ascend-Num-In-Multilink
|
✓
|
–
|
–
|
–
|
–
|
–
|
|
[242]
|
Ascend-Data-Filter
|
–
|
✓
|
–
|
–
|
–
|
–
|
Supported Juniper Networks VSAs
Table 35 lists the Juniper
Networks (Vendor ID 4874) VSAs supported for Access-Request, Access-Accept,
Access-Reject, CoA-Request, and Disconnect-Request messages.
Table 35: AAA Access
Message Juniper Networks (Vendor ID 4874) VSAs Supported
|
Attribute Number
|
Attribute Name
|
Access- Request
|
Access- Accept
|
Access- Reject
|
CoA-
Request
|
Disconnect-
Request
|
|
[26-1]
|
Virtual-Router
|
–
|
✓
|
–
|
✓
|
–
|
|
[26-2]
|
Local-Address-Pool
|
–
|
✓
|
–
|
–
|
–
|
|
[26-3]
|
Local-Loopback-Interface
|
–
|
✓
|
–
|
–
|
–
|
|
[26-4]
|
Primary-DNS
|
–
|
✓
|
–
|
–
|
–
|
|
[26-5]
|
Secondary-DNS
|
–
|
✓
|
–
|
–
|
–
|
|
[26-6]
|
Primary-WINS (NBNS)
|
–
|
✓
|
–
|
–
|
–
|
|
[26-7]
|
Secondary-WINS (NBNS)
|
–
|
✓
|
–
|
–
|
–
|
|
[26-8]
|
Tunnel-Virtual-Router
|
–
|
✓
|
–
|
–
|
–
|
|
[26-9]
|
Tunnel-Password
|
–
|
✓
|
–
|
–
|
–
|
|
[26-10]
|
Ingress-Policy-Name
|
–
|
✓
|
–
|
–
|
–
|
|
[26-11]
|
Egress-Policy-Name
|
–
|
✓
|
–
|
–
|
–
|
|
[26-12]
|
Ingress-Statistics
|
–
|
✓
|
–
|
–
|
–
|
|
[26-13]
|
Egress-Statistics
|
–
|
✓
|
–
|
–
|
–
|
|
[26-14]
|
Service-Category
|
–
|
✓
|
–
|
–
|
–
|
|
[26-15]
|
PCR
|
–
|
✓
|
–
|
–
|
–
|
|
[26-16]
|
SCR
|
–
|
✓
|
–
|
–
|
–
|
|
[26-17]
|
Mbs
|
–
|
✓
|
–
|
–
|
–
|
|
[26-22]
|
Sa-Validate
|
–
|
✓
|
–
|
–
|
–
|
|
[26-23]
|
IGMP-Enable
|
–
|
✓
|
–
|
–
|
–
|
|
[26-24]
|
Pppoe-Description
|
✓
|
–
|
–
|
–
|
–
|
|
[26-25]
|
Redirect-Vrouter-Name
|
–
|
✓
|
–
|
–
|
–
|
|
[26-26]
|
Qos-Profile-Name
|
–
|
✓
|
–
|
–
|
–
|
|
[26-30]
|
Tunnel-Nas-Port-Method
|
–
|
✓
|
–
|
–
|
–
|
|
[26-31]
|
SSC-Service-Bundle-Name
|
–
|
✓
|
–
|
–
|
–
|
|
[26-33]
|
Tunnel-Max-Sessions
|
–
|
✓
|
–
|
–
|
–
|
|
[26-34]
|
Framed-IP-Route-Tag
|
–
|
✓
|
–
|
–
|
–
|
|
[26-44]
|
Tunnel-Interface-ID
|
✓
|
–
|
–
|
–
|
–
|
|
[26-45]
|
Ipv6-Virtual-Router
|
–
|
✓
|
–
|
–
|
–
|
|
[26-46]
|
Ipv6-Local-Interface
|
–
|
✓
|
–
|
–
|
–
|
|
[26-47]
|
Ipv6-Primary-DNS
|
–
|
✓
|
–
|
–
|
–
|
|
[26-48]
|
Ipv6-Secondary-DNS
|
–
|
✓
|
–
|
–
|
–
|
|
[26-52]
|
RADIUS-Client-Address
|
✓
|
–
|
–
|
–
|
–
|
|
[26-53]
|
Service-Description
|
✓
|
–
|
–
|
–
|
–
|
|
[26-54]
|
L2tp-Recv-Window-Size
|
–
|
✓
|
–
|
–
|
–
|
|
[26-55]
|
DHCP-Options
|
✓
|
–
|
–
|
–
|
–
|
|
[26-56]
|
DHCP-MAC-Address
|
✓
|
–
|
–
|
–
|
–
|
|
[26-57]
|
DHCP-GI-Address
|
✓
|
–
|
–
|
–
|
–
|
|
[26-58]
|
LI-Action
|
–
|
✓
|
–
|
✓
|
–
|
|
[26-59]
|
Med-Dev-Handle
|
–
|
✓
|
–
|
✓
|
–
|
|
[26-60]
|
Med-Ip-Address
|
–
|
✓
|
–
|
✓
|
–
|
|
[26-61]
|
Med-Port-Number
|
–
|
✓
|
–
|
✓
|
–
|
|
[26-62]
|
MLPPP-Bundle-Name
|
✓
|
–
|
–
|
–
|
–
|
|
[26-63]
|
Interface-Desc
|
✓
|
–
|
–
|
–
|
–
|
|
[26-64]
|
Tunnel-Group
|
–
|
✓
|
–
|
–
|
–
|
|
[26-65]
|
Activate-Service
|
–
|
✓
|
–
|
✓
|
–
|
|
[26-66]
|
Deactivate-Service
|
–
|
✓
|
–
|
✓
|
–
|
|
[26-67]
|
Service-Volume
|
–
|
✓
|
–
|
✓
|
–
|
|
[26-68]
|
Service-Timeout
|
–
|
✓
|
–
|
✓
|
–
|
|
[26-69]
|
Service-Statistics
|
–
|
✓
|
–
|
✓
|
–
|
|
[26-70]
|
Ignore-DF-Bit
|
–
|
✓
|
–
|
–
|
–
|
|
[26-71]
|
IGMP-Access-Name
|
–
|
✓
|
–
|
–
|
–
|
|
[26-72]
|
IGMP-Access-Src-Name
|
–
|
✓
|
–
|
–
|
–
|
|
[26-73]
|
IGMP-OIF-Map-Name
|
–
|
✓
|
–
|
–
|
–
|
|
[26-74]
|
MLD-Access-Name
|
–
|
✓
|
–
|
–
|
–
|
|
[26-75]
|
MLD-Access-Src-Name
|
–
|
✓
|
–
|
–
|
–
|
|
[26-76]
|
MLD-OIF-Map-Name
|
–
|
✓
|
–
|
–
|
–
|
|
[26-77]
|
MLD-Version
|
–
|
✓
|
–
|
–
|
–
|
|
[26-78]
|
IGMP-Version
|
–
|
✓
|
–
|
–
|
–
|
|
[26-79]
|
IP-Mcast-Adm-Bw-Limit
|
–
|
✓
|
–
|
–
|
–
|
|
[26-80]
|
IPv6-Mcast-Adm-Bw-Limit
|
–
|
✓
|
–
|
–
|
–
|
|
[26-81]
|
L2c-Information
|
✓
|
–
|
–
|
–
|
–
|
|
[26-82]
|
QoS-Parameters
|
–
|
✓
|
–
|
–
|
–
|
|
[26-84]
|
Mobile-IP-Algorithm
|
–
|
✓
|
–
|
–
|
–
|
|
[26-85]
|
Mobile-IP-SPI
|
–
|
✓
|
–
|
–
|
–
|
|
[26-86]
|
Mobile-IP-Key
|
–
|
✓
|
–
|
–
|
–
|
|
[26-87]
|
Mobile-IP-Replay
|
–
|
✓
|
–
|
–
|
–
|
|
[26-88]
|
Mobile-IP-Access-Control-List
|
–
|
✓
|
–
|
–
|
–
|
|
[26-89]
|
Mobile-IP-Lifetime
|
–
|
✓
|
–
|
–
|
–
|
|
[26-90]
|
L2TP-Resynch-Method
|
–
|
✓
|
–
|
–
|
–
|
|
[26-91]
|
Tunnel-Switch-Profile
|
–
|
✓
|
–
|
–
|
–
|
|
[26-92]
|
L2C-Up-Stream-Data
|
✓
|
–
|
–
|
–
|
–
|
|
[26-93]
|
L2C-Down-Stream-Data
|
✓
|
–
|
–
|
–
|
–
|
|
[26-94]
|
Tunnel-Tx-Speed-Method
|
–
|
✓
|
–
|
–
|
–
|
|
[26-95]
|
IGMP-Query-Interval
|
–
|
✓
|
–
|
–
|
–
|
|
[26-96]
|
IGMP-Max-Resp-Time
|
–
|
✓
|
–
|
–
|
–
|
|
[26-97]
|
IGMP-Immediate-Leave
|
–
|
✓
|
–
|
–
|
–
|
|
[26-98]
|
MLD-Query-Interval
|
–
|
✓
|
–
|
–
|
–
|
|
[26-99]
|
MLD-Max-Resp-Time
|
–
|
✓
|
–
|
–
|
–
|
|
[26-100]
|
MLD-Immediate-Leave
|
–
|
✓
|
–
|
–
|
–
|
|
[26-110]
|
Acc-Loop-Cir-Id
|
✓
|
–
|
–
|
–
|
–
|
|
[26-111]
|
Acc-Aggr-Cir-Id-Bin
|
✓
|
–
|
–
|
–
|
–
|
|
[26-112]
|
Acc-Aggr-Cir-Id-Asc
|
✓
|
–
|
–
|
–
|
–
|
|
[26-113]
|
Act-Data-Rate-Up
|
✓
|
–
|
–
|
–
|
–
|
|
[26-114]
|
Act-Data-Rate-Dn
|
✓
|
–
|
–
|
–
|
–
|
|
[26-115]
|
Min-Data-Rate-Up
|
✓
|
–
|
–
|
–
|
–
|
|
[26-116]
|
Min-Data-Rate-Dn
|
✓
|
–
|
–
|
–
|
–
|
|
[26-117]
|
Att-Data-Rate-Up
|
✓
|
–
|
–
|
–
|
–
|
|
[26-118]
|
Att-Data-Rate-Dn
|
✓
|
–
|
–
|
–
|
–
|
|
[26-119]
|
Max-Data-Rate-Up
|
✓
|
–
|
–
|
–
|
–
|
|
[26-120]
|
Max-Data-Rate-Dn
|
✓
|
–
|
–
|
–
|
–
|
|
[26-121]
|
Min-LP-Data-Rate-Up
|
✓
|
–
|
–
|
–
|
–
|
|
[26-122]
|
Min-LP-Data-Rate-Dn
|
✓
|
–
|
–
|
–
|
–
|
|
[26-123]
|
Max-Interlv-Delay-Up
|
✓
|
–
|
–
|
–
|
–
|
|
[26-124]
|
Act-Interlv-Delay-Up
|
✓
|
–
|
–
|
–
|
–
|
|
[26-125]
|
Max-Interlv-Delay-Dn
|
✓
|
–
|
–
|
–
|
–
|
|
[26-126]
|
Act-Interlv-Delay-Dn
|
✓
|
–
|
–
|
–
|
–
|
|
[26-127]
|
DSL-Line-State
|
✓
|
–
|
–
|
–
|
–
|
|
[26-128]
|
DSL-Type
|
✓
|
–
|
–
|
–
|
–
|
|
[26-129]
|
Ipv6-NdRa-Prefix
|
–
|
✓
|
–
|
–
|
–
|
|
[26-130]
|
QoS-Interfaceset-Name
|
–
|
✓
|
–
|
–
|
–
|
|
[26-140]
|
Service-Interim-Acct-Interval
|
–
|
✓
|
–
|
✓
|
–
|
|
[26-141]
|
Downstream-Calculated-Qos-
Rate
|
✓
|
✓
|
–
|
✓
|
–
|
|
[26-142]
|
Upstream-Calculated-Qos-Rate
|
✓
|
✓
|
–
|
✓
|
–
|
|
[26-143]
|
Max-Clients-Per-Interface
|
–
|
✓
|
–
|
–
|
–
|
|
[26-144]
|
PPP-Monitor-Ingress-Only
|
—
|
✓
|
—
|
—
|
—
|
[Contents]
[Prev]
[Next]
[Index]
[Report an Error]
