Configuring a RADIUS Packet Template
There are two ways to define RADIUS packets for flexible RADIUS accounting and authentication plug-ins:
- Define attributes in a template, and then apply the template to flexible RADIUS accounting and authentication plug-ins.
- Define attributes in the packet definition configuration of a flexible plug-in instance. These definitions override definitions in packet templates.
Use the following configuration statements to configure a RADIUS packet template:
- shared sae configuration radius-packet-template name ...
- shared sae configuration radius-packet-template name radius-attributes name ...
- shared sae configuration radius-packet-template name radius-attributes name attributes name {
- value ;
- }
- shared sae configuration plug-ins name name flex-radius-accounting radius-packet-definition name ...
- shared sae configuration plug-ins name name flex-radius-accounting radius-packet-definition name attributes name {
- value ;
- }
- shared sae configuration plug-ins name name flex-radius-authentication radius-packet-definition name ...
- shared sae configuration plug-ins name name flex-radius-authentication radius-packet-definition name attributes name {
- value ;
- }
To configure a template:
- From configuration mode, access the RADIUS packet template configuration. In this sample procedure, the stdAcct template is configured in the west-region SAE group.
- Create an attribute instance using the names in , and enter the configuration for the RADIUS attribute instance.
- Add RADIUS attribute definitions to the attribute instance.
Repeat this step for each attribute.
- [edit shared sae group west-region configuration radius-packet-template stdAcct radius-attributes svcstop]
- user@host# set attributes name value
For example:
- (Optional) Verify the configuration of your attribute
instance.
[edit shared sae group west-region configuration radius-packet-template stdAcct radius-attributes svcstop] user@host# show attributes { Acct-Input-Octets lowWord(inOctets); Acct-Output-Octets lowWord(outOctets); Acct-Input-Packets lowWord(inPackets); Acct-Output-Packets lowWord(outPackets); Acct-Input-Gigawords highWord(inOctets); Acct-Output-Gigawords highWord(outOctets); } - (Optional) Verify the configuration of the RADIUS packet
template.
[edit shared sae group west-region configuration radius-packet-template stdAcct radius-attributes svcstop] user@host# up [edit shared sae group west-region configuration radius-packet-template stdAcct] user@host# show radius-attributes svcstop { attributes { Acct-Input-Octets lowWord(inOctets); Acct-Output-Octets lowWord(outOctets); Acct-Input-Packets lowWord(inPackets); Acct-Output-Packets lowWord(outPackets); Acct-Input-Gigawords highWord(inOctets); Acct-Output-Gigawords highWord(outOctets); } } radius-attributes stop { attributes { Acct-Session-Time sessionTime; Acct-Terminate-Cause terminateCause; } } radius-attributes svcacct { attributes { Class radiusClass; } } radius-attributes acct { attributes { Acct-Session-Id sessionId; NAS-Identifier localNasId; NAS-IP-Address localNasIp; Event-Time eventTime; } } radius-attributes startstop { attributes { Acct-Multi-Session-Id ifSessionId; NAS-Port-Id "\"%s %s\" %(routerName, portId or interfaceName)"; NAS-Port "nasPort or None"; } }