Hide Navigation Pane
Show Navigation Pane
Feedback
Download
SHA1
Configuring How RADIUS Attributes Are Used for Subscriber Access
You can specify the attributes RADIUS ignores in RADIUS Access-Accept messages, and the attributes RADIUS excludes from specified message types.
To configure the attributes RADIUS ignores or excludes:
- Specify that you want to configure RADIUS.[edit access profile isp-bos-metro-fiber-basic]user@host# edit radius
- Specify that you want to configure how
RADIUS attributes are ignored or excluded.[edit access profile isp-bos-metro-fiber-basic radius]user@host# edit attributes
- Specify the attributes you want RADIUS
to ignore when the attributes are in Access-Accept messages. See Table 38 for the attributes you can
configure.[edit access profile isp-bos-metro-fiber-basic radius attributes]user@host# set ignore input-filter output-filter
- Configure RADIUS to exclude the specified
attribute from the specified RADIUS message type. See Table 39 for the attributes and message
type combinations you can configure. [edit access profile isp-bos-metro-fiber-basic radius attributes]user@host# set exclude input-filter output-filter
You use the ignore statement to configure the router or switch to ignore a particular attribute in RADIUS Access-Accept messages. By default, the router or switch processes the attributes received from the external AAA server. Table 38 lists the attributes supported in the ignore statement.
Table 38: Attributes That Can Be Ignored in RADIUS Accept-Accept Messages
CLI Entry | Attribute Name | Attribute Number |
|---|---|---|
framed-ip-netmask | Framed-Ip-Netmask | RADIUS attribute 9 |
input-filter | Ingress-Policy-Name | Juniper VSA 26–10 |
logical-system:routing-instance | Virtual-Router | Juniper VSA 26–1 |
output-filter | Egress-Policy-Name | Juniper VSA 26–11 |
You use the exclude statement to configure the router or switch to exclude the specified attributes from the specified type of RADIUS message. Not all attributes appear in all types of RADIUS messages—the CLI indicates the RADIUS message type. By default, the router or switch includes the specified attributes in RADIUS Access-Request, Acct-On, Acct-Off, Acct-Start, and Acct-Stop messages. Table 39 lists the attributes and message types supported in the exclude statement.
Table 39: Attributes That Can Be Excluded from RADIUS Messages
CLI Entry | Attribute Name | Attribute Number | Supported Message Type |
|---|---|---|---|
accounting-authentic | Acct-Authentic | RADIUS attribute 45 | Accounting-On Accounting-Off |
accounting-delay-time | Acct-Delay-Time | RADIUS attribute 41 | Accounting-On Accounting-Off |
accounting-session-id | Acct-Session-Id | RADIUS attribute 44 | Access-Request Accounting-On Accounting-Off Accounting-Stop |
accounting-terminate-cause | Acct-Terminate-Cause | RADIUS attribute 49 | Accounting-Off |
called-station-id | Called-Station-Id | RADIUS attribute 30 | Access-Request Accounting-Start Accounting-Stop |
calling-station-id | Calling-Station-Id | RADIUS attribute 31 | Access-Request Accounting-Start Accounting-Stop |
class | Class | RADIUS attribute 25 | Accounting-Start Accounting-Stop |
dhcp-gi-address | DHCP-GI-Address | Juniper VSA 26–57 | Access-Request Accounting-Start Accounting-Stop |
dhcp-mac-address | DHCP-MAC-Address | Juniper VSA 26–56 | Access-Request Accounting-Start Accounting-Stop |
event-timestamp | Event-Timestamp | RADIUS attribute 55 | Accounting-On Accounting-Off Accounting-Start Accounting-Stop |
framed-ip-address | Framed-IP-Address | RADIUS attribute 8 | Accounting-Start Accounting-Stop |
framed-ip-netmask | Framed-IP-Netmask | RADIUS attribute 9 | Accounting-Start Accounting-Stop |
input-filter | Ingress-Policy-Name | Juniper VSA 26–10 | Accounting-Start Accounting-Stop |
input-gigapackets | Acct-Input-Gigapackets | Juniper VSA 26–42 | Accounting-Stop |
input-gigawords | Acct-Input-Gigawords | RADIUS attribute 52 | Accounting-Stop |
interface-description | Interface-Desc | Juniper VSA 26–53 | Access-Request Accounting-Start Accounting-Stop |
nas-identifier | NAS-Identifier | RADIUS attribute 32 | Access-Request Accounting-on Accounting-off Accounting-Start Accounting-Stop |
nas-port | NAS-Port | RADIUS attribute 5 | Access-Request Accounting-Start Accounting-Stop |
nas-port-id | NAS-Port-Id | RADIUS attribute 87 | Access-Request Accounting-Start Accounting-Stop |
nas-port-type | NAS-Port-Type | RADIUS attribute 61 | Access-Request Accounting-Start Accounting-Stop |
output-filter | Egress-Policy-Name | Juniper VSA 26–11 | Accounting-Start Accounting-Stop |
ouput-gigapackets | Acct-Output-Gigapackets | Juniper VSA 26–43 | Accounting-Stop |
output-gigawords | Acct-Output-Gigawords | RADIUS attribute 53 | Accounting-Stop |
Related Topics
- Configuring Router or Switch Interaction with RADIUS Servers
- Configuring Authentication and Accounting Parameters for Subscriber Access
- Specifying RADIUS Authentication and Accounting Servers for Subscriber Access
- Configuring RADIUS Server Options for Subscriber Access
- Example: Configuring RADIUS-Based Subscriber Authentication and Accounting
