[Contents] [Prev] [Next] [Index] [Report an Error]

Configuring How RADIUS Attributes Are Used

Include the attributes statement at the [edit access profile profile-name radius] hierarchy level to specify attributes that are ignored in RADIUS Access-Accept messages, or that are excluded from particular RADIUS message types.



[edit access profile profile-name radius]

attributes {



ignore {
framed-ip-netmask;
input-filter;
logical-system-routing-instance;
output-filter;
}





exclude

accounting-authentic [ accounting-on | accounting-off ];
accounting-delay-time [ accounting-on | accounting-off
];
accounting-session-id [ access-request | accounting-on
| accounting-off | accounting-stop ];
accounting-terminate-cause [ accounting-off ];
called-station-id [ access-request | accounting-start |
accounting-stop ];
calling-station-id [ access-request | accounting-start
| accounting-stop ];
class [ accounting-start | accounting-stop ];
dhcp-gi-address [ access-request | accounting-start | accounting-stop
];
dhcp-mac-address [ access-request | accounting-start |
accounting-stop ];
output-filter [ accounting-start | accounting-stop ];
event-timestamp [ accounting-on | accounting-off | accounting-start
| accounting-stop ];
framed-ip-address [ accounting-start | accounting-stop
];
framed-ip-netmask [ accounting-start | accounting-stop
];
input-filter [ accounting-start | accounting-stop ];
input-gigapackets [ accounting-stop ];
input-gigawords [ accounting-stop ];
interface-description [ access-request | accounting-start
| accounting-stop ];
nas-identifier [ access-request | accounting-on | accounting-off
| accounting-start | accounting-stop ];
nas-port [ access-request | accounting-start | accounting-stop
];
nas-port-id [ access-request | accounting-start | accounting-stop
];
nas-port-type [ access-request | accounting-start | accounting-stop
];
output-gigapackets [ accounting-stop ];
output-gigawords [ accounting-stop ];
}


}

The following list describes the ignore and exclude statements:

Use the ignore statement to configure the router to ignore a particular attribute in RADIUS Access-Accept messages. By default, the router processes the attributes received from the external AAA server. You can specify that the following attributes be ignored:
- framed-ip-netmask—Framed-Ip-Netmask, RADIUS attribute 9
- input-filter—Ingress-Policy-Name, VSA 26-10
- logical-system-routing-instance—Virtual-Router, VSA 26-1
- output-filter—Egress-Policy-Name, VSA 26-11
Use the exclude statement to configure the router to exclude the specified attributes from the specified type of RADIUS message. Not all attributes appear in all types of RADIUS messages—the CLI indicates the RADIUS message type. By default, the router includes the specified attributes in RADIUS Access-Request, Acct-On, Acct-Off, Acct-Start, and Acct-Stop messages. You can configure the router to exclude the following attributes:
- accounting-authentic—RADIUS attribute 45, Acct-Authentic
- accounting-delay-time—RADIUS attribute 41, Acct-Delay-Time
- accounting-session-id—RADIUS attribute 44, Acct-Session-Id
- accounting-terminate-cause—RADIUS attribute 49, Acct-Terminate-Cause
- called-station-id—RADIUS attribute 30, Called-Station-Id
- calling-station-id—RADIUS attribute 31, Calling-Station-Id
- class—RADIUS attribute 25, Class
- dhcp-gi-address—Juniper VSA 26-57, DHCP-GI-Address
- dhcp-mac-address—Juniper VSA 26-56, DHCP-MAC-Address
- event-timestamp—RADIUS attribute 55, Event-Timestamp
- framed-ip-address—RADIUS attribute 8, Framed-IP-Address
- framed-ip-netmask—RADIUS attribute 9, Framed-IP-Netmask
- input-filter—Juniper VSA 26-10, Ingress-Policy-Name
- input-gigapackets—Juniper VSA 26-42, Acct-Input-Gigapackets
- input-gigawords—RADIUS attribute 52, Acct-Input-Gigawords
- interface-description—Juniper VSA 26-53, Interface-Desc
- nas-identifier—RADIUS attribute 32, NAS-Identifier
- nas-port—RADIUS attribute 5, NAS-Port
- nas-port-id—RADIUS attribute 87, NAS-Port-Id
- nas-port-type—RADIUS attribute 61, NAS-Port-Type
- output-filter—Juniper VSA 26-11, Egress-Policy-Name
- output-gigapackets—Juniper VSA 25-43, Acct-Output-Gigapackets
- output-gigawords—RADIUS attribute 53, Acct-Output-Gigawords

[Contents] [Prev] [Next] [Index] [Report an Error]