Mapping Application Terminate Reasons to RADIUS Terminate Codes

The JunosE Software uses a default configuration that maps terminate reasons to RADIUS Acct-Terminate-Cause attributes. You can optionally create customized mappings between a terminate reason and a RADIUS Acct-Terminate-Cause attribute—these mappings enable you to provide different information about the cause of a termination.

When a subscriber’s L2TP or PPP session is terminated, the router logs a message for the internal terminate reason and logs another message for the RADIUS Acct-Terminate-Cause attribute (RADIUS attribute 49). RADIUS attribute 49 is also included in RADIUS Acct-Off and Acct-Stop messages. You can use the logged information to help monitor and troubleshoot terminated sessions.

Use the show terminate-code command to display information about the mappings between application terminate reasons and RADIUS Acct-Terminate-Cause attributes.

Table 9 lists the IETF RADIUS Acct-Terminate-Cause codes that you can use to map application terminate reasons. In addition, you can also configure and use proprietary codes for values beyond 22.

Table 9: Supported RADIUS Acct-Terminate-Cause Codes

Code	Name	Description
1	User Request	User initiated the disconnect (log out)
2	Lost Carrier	DCD was dropped on the port
3	Lost Service	Service can no longer be provided; for example, the user’s connection to a host was interrupted
4	Idle Timeout	Idle timer expired
5	Session Timeout	Subscriber reached the maximum continuous time allowed for the service or session
6	Admin Reset	System administrator reset the port or session
7	Admin Reboot	System administrator terminated the session on the NAS; for example, prior to rebooting the NAS
8	Port Error	NAS detected an error on the port that required ending the session
9	NAS Error	NAS detected an error (other than on the port) that required ending the session
10	NAS Request	NAS ended the session for a non-error reason
11	NAS Reboot	NAS ended the session due to a non-administrative reboot
12	Port Unneeded	NAS ended the session because the resource usage fell below the low threshold; for example, the bandwidth-on-demand algorithm determined that the port was no longer needed
13	Port Preempted	NAS ended the session to allocate the port to a higher-priority use
14	Port Suspended	NAS ended the session to suspend a virtual session
15	Service Unavailable	NAS was unable to provide the requested service
16	Callback	NAS is terminating the current session in order to perform callback for a new session
17	User Error	An error in the user input caused the session to be terminated
18	Host Request	The login host terminated the session normally
19	Supplicant Restart	Supplicant state machine was reinitialized
20	Reauthentication Failure	A previously authenticated supplicant failed to reauthenticate successfully following expiration of the reauthentication timer or explicit reauthentication request by management action
21	Port Reinitialized	The port's MAC has been reinitialized
22	Port Administratively Disabled	The port has been administratively disabled

Configuration Example

This example describes a sample configuration procedure that creates custom mappings for PPP terminate reasons.

Configure the router to include the Acct-Terminate-Cause attribute in RADIUS Acct-Off messages.
```
host1(config)#radius include acct-terminate-cause acct-off enable
```

(Optional) Display the current PPP terminate-cause mappings.

host1(config)# run show terminate-code ppp
                                                                   Radius
Apps         Terminate Reason               Description            Code
 --------- --------------------------  -------------------------- ------
ppp       authenticate-authenticator  authenticate authenticator  17
          -timeout                     timeout
ppp       authenticate-challenge-tim  authenticate challenge tim  10
          eout                        eout
ppp       authenticate-chap-no-resou  authenticate chap no resou  10
          rces                        rces
ppp       authenticate-chap-peer-aut  authenticate chap peer aut  17
          henticator-timeout          henticator timeout
ppp       authenticate-deny-by-peer   authenticate deny by peer   17
ppp       authenticate-inactivity-ti  authenticate inactivity ti   4
          meout                       meout
 --More--

(Optional) Display all PPP terminate reasons.

host1(config)# terminate-code ppp ?
authenticate-authenticator-timeout       Configure authenticate
                                         authenticator timeout
                                         translation
authenticate-challenge-timeout           Configure authenticate
                                         challenge timeout translation
authenticate-chap-no-resources           Configure authenticate chap no
                                         resources translation
authenticate-chap-peer-
authenticator-timeout                    Configure authenticate chap
                                         peer authenticator timeout
                                         translation
authenticate-deny-by-peer                Configure authenticate deny by
                                         peer translation
 --More--

Configure your customized PPP terminate-cause to RADIUS Acct-Terminate-Cause code mappings.

host1(config)#terminate-code ppp authenticate-authenticator-timeout radius 3
host1(config)#terminate-code ppp authenticate-challenge-timeout radius 4

Verify the new terminate-cause mappings.

host1(config)#run show terminate-code ppp
                                                                   Radius
Apps         Terminate Reason               Description            Code
---------  --------------------------   -------------------------- ------
ppp        authenticate-authenticator   authenticate authenticator    3
           -timeout                      timeout
ppp        authenticate-challenge-tim   authenticate challenge tim    4
           eout                         eout
ppp        authenticate-chap-no-resou   authenticate chap no resou    10
           rces                         rces
ppp        authenticate-chap-peer-aut   authenticate chap peer aut    17
           henticator-timeout           henticator timeout
ppp        authenticate-deny-by-peer    authenticate deny by peer     17
ppp        authenticate-inactivity-ti   authenticate inactivity ti    4
           meout                        meout
ppp        authenticate-max-requests    authenticate max requests     10
 --More--

radius include

Use to include the Acct-Terminate-Cause attribute (RADIUS attribute 49) in RADIUS Acct-Off messages.
You control inclusion of the Acct-Terminate-Cause attribute by enabling or disabling this command.
Example
host1(config)#radius include acct-terminate-cause acct-off disable
Use the no version to restore the default, enable.
See radius include

terminate-code

Use to configure a customized mapping relationship between an application’s terminate reason and a RADIUS Acct-Terminate-Cause code (RADIUS attribute 49).
To set up the mapping, specify the following variables with this command:
1. Specify the application where the terminate event occurs. You can specify aaa, l2tp, ppp, or radius-client.
2. Specify the application’s terminate reason that you want to map.
  - Use the question mark character (?) to display a list of the application’s terminate reasons. For example:
    host1(config)#terminate-code l2tp ?
  - See AAA Terminate Reasons for a list of the default terminate reasons for the AAA, L2TP, PPP, and RADIUS client applications.
3. Specify RADIUS as the translation application that is used for mapping. Then, specify the RADIUS Acct-Terminate-Cause code that you want to map to the application’s terminate reason. See Table 9 for a list of supported RADIUS codes.
Example
host1(config)#terminate-code ppp authenticate-challenge-timeout radius 4
Use the no version to restore a default mapping, which are listed in AAA Terminate Reasons. For example:
host1(config)#no terminate-code aaa deny-address-allocation-failure radius
See terminate-code