Hide Navigation Pane
Show Navigation Pane
Feedback
Download
SHA1
Subscriber AAA Accounting Messages
Accounting messages identify service provisions and use on a per-user or per-tunnel basis. These messages keep track of when a particular service is initiated and terminated for a specific user.
JunosE Software supports the Acct-On message on startup or configuration of the first accounting server. Acct-Off messages are supported when the last RADIUS accounting server in a virtual router is removed, when the router is shut down, and when a virtual router that has configured RADIUS accounting servers is deleted.
Beginning with JunosE Release 11.0.0, you can configure the router to send the Partition-Accounting-On and Partition-Accounting-On messages to the RADIUS server whenever an ICR partition toggles between the backup and master states.
The router supports the following types of accounting messages:
- Acct-Start
- Acct-Stop
- Interim-Acct
- Acct-On
- Acct-Off
- Partition-Accounting-On
- Partition-Accounting-Off
Supported RADIUS IETF Attributes
Table 41 lists the RADIUS IETF attributes supported for Acct-Start, Acct-Stop, Interim-Acct, Acct-On, and Acct-Off messages.
The following notes are referred to in Table 41:
- The attribute is used when terminating a PPP connection at the LNS or the initiating LAC.
- For this attribute to be included, an IP address must be assigned to the subscriber.
- The attribute is not included in Acct-Stop
messages that are sent when a user session does not get established
in one of the following situations.
- The aaa accounting acct-stop on-access-deny command is enabled and the authentication server sends an Access-Reject (deny) message.
- The aaa accounting acct-stop on-aaa-failure command is enabled and the authentication server issues an Access-Accept message (grant), but the AAA configuration denies access for the user. The aaa accounting acct-stop on-aaa-failure is enabled by default.
- The aaa accounting acct-stop on-aaa-failure command is enabled and the user terminates before AAA receives the authentication response from the authentication server.
- For this attribute to be included, an IPv6 interface ID must be assigned to the subscriber.
- For this attribute to be included, at least
one IPv6 prefix must be assigned to the subscriber.
Table 41: AAA Accounting Message RADIUS IETF Attributes Supported
Attribute Number
Attribute Name
Acct-Start
Acct-Stop
Interim-Acct
Acct-On
Acct-Off
[1]
User-Name
✓
✓
✓
–
–
[4]
NAS-IP-Address
✓
✓
✓
✓
✓
[5]
NAS-Port
✓
✓
✓
–
–
[6]
Service-Type
✓
✓
✓
–
–
[7]
Framed-Protocol
(See Note 3.)✓
✓
✓
–
–
[8]
Framed-IP-Address
(See Note 2.)✓
✓
✓
–
–
[9]
Framed-IP-Netmask
✓
✓
✓
–
–
[13]
Framed-Compression
(See Note 3.)✓
✓
✓
–
–
[22]
Framed-Route
✓
✓
✓
–
–
[25]
Class
✓
✓
✓
–
–
[30]
Called-Station-Id
✓
✓
✓
–
–
[31]
Calling-Station-Id
✓
✓
✓
–
–
[32]
NAS-Identifier
✓
✓
✓
✓
✓
[40]
Acct-Status-Type
✓
✓
✓
✓
✓
[41]
Acct-Delay-Time
✓
✓
✓
✓
✓
[42]
Acct-Input-Octets
–
✓
✓
–
–
[43]
Acct-Output-Octets
–
✓
✓
–
–
[44]
Acct-Session-Id
✓
✓
✓
✓
✓
[45]
Acct-Authentic
✓
✓
✓
✓
✓
[46]
Acct-Session-Time
–
✓
✓
–
–
[47]
Acct-Input-Packets
–
✓
✓
–
–
[48]
Acct-Output-Packets
–
✓
✓
–
–
[49]
Acct-Terminate-Cause
–
✓
–
–
✓
[50]
Acct-Multi-Session-Id
(See Note 3.)✓
✓
✓
–
–
[51]
Acct-Link-Count
(See Note 3.)✓
✓
✓
–
–
[52]
Acct-Input-Gigawords
–
✓
✓
–
–
[53]
Acct-Output-Gigawords
–
✓
✓
–
–
[55]
Event-Timestamp
✓
✓
✓
✓
✓
[61]
NAS-Port-Type
✓
✓
✓
–
–
[64]
Tunnel-Type
(See Note 1.)✓
✓
✓
–
–
[65]
Tunnel-Medium-Type
(See Note 1.)✓
✓
✓
–
–
[66]
Tunnel-Client-Endpoint
(See Note 1.)✓
✓
✓
–
–
[67]
Tunnel-Server-Endpoint
(See Note 1.)✓
✓
✓
–
–
[68]
Acct-Tunnel-Connection
(See Note 1.)✓
✓
✓
–
–
[77]
Connect-Info
✓
✓
✓
–
–
[82]
Tunnel-Assignment-Id (LAC only)
(See Note 1.)✓
✓
✓
–
–
[83]
Tunnel-Preference (LAC only)
✓
✓
✓
–
–
[87]
NAS-Port-Id
✓
✓
✓
–
–
[90]
Tunnel-Client-Auth-Id
(See Note 1.)✓
✓
✓
–
–
[91]
Tunnel-Server-Auth-Id
(See Note 1.)✓
✓
✓
–
–
[96]
Framed-Interface-Id
(See Note 1.)✓
✓
✓
–
–
[97]
Framed-Ipv6-Prefix
(See Note 5.)✓
✓
✓
–
–
[99]
Framed-IPv6-Route
✓
✓
✓
–
–
[100]
Framed-IPv6-Pool
✓
✓
✓
–
–
[123]
Delegated-Ipv6-Prefix
✓
✓
✓
–
–
[188]
Ascend-Num-In-Multilink
(See Note 3.)✓
✓
✓
–
–
Supported Juniper Networks VSAs
Table 42 lists the Juniper Networks (Vendor ID 4874) VSAs supported for Acct-Start, Acct-Stop, Interim-Acct, Acct-On, Acct-Off, Partition-Accounting-On, and Partition-Accounting-Off messages.
The following notes are referred to in Table 42:
- The attribute is not included in Acct-Stop
messages that are sent when a user session does not get established
in one of the following situations.
- The aaa accounting acct-stop on-access-deny command is enabled and the authentication server sends an Access-Reject (deny) message.
- The aaa accounting acct-stop on-aaa-failure command is enabled and the authentication server issues an Access-Accept message (grant), but the AAA configuration denies access for the user. The aaa accounting acct-stop on-aaa-failure is enabled by default.
- The aaa accounting acct-stop on-aaa-failure command is enabled and the user terminates before AAA receives the authentication response from the authentication server.
- ERX routers send IPv6 accounting attributes in the Acct-Stop
and Interim-Acct messages (stop, interim) when they are configured
to return these attributes and when the subscriber is either an IPv6
subscriber or a combined IPv4/IPv6 subscriber in a dual stack. For
an IPv4 subscriber, IPv6 accounting attributes are not included in
the accounting messages even if the IPv6 accounting is enabled.
In JunosE Release 10.1.x and lower-numbered releases, the combined accounting statistics were retrieved at the layer 2. Therefore, error or discarded packets in the layer 2 itself were excluded in these statistics. Because the layer 2 cannot detect the error or discarded packets in the layer 3, the combined statistics also include the error or discarded packets of the layer 3. In this release, with the support for RADIUS VSAs for IPv6 accounting, the IPv6 statistics are retrieved at the layer 3. To be consistent with the combined statistics, the error or discarded packets of the layer 3 are also included in these IPv6 statistics.
- The ICR partition accounting messages comprise the following:
- Partition-Accounting-On—Sent to the RADIUS server whenever an ICR partition changes to the master state from the backup state. The Partition-Accounting-On message has the same Acct-Status-Type attribute value as the Accounting-On message, but also contains the ICR-Partition-Id VSA, which specifies the ICR partition to which this message corresponds.
- Partition-Accounting-Off—Sent to the RADIUS server when the partition changes from the master state to the backup state. However, in the event of a complete chassis failure, the Partition-Accounting-Off message is not sent. Partition-Accounting-Off message has the same Acct-Status-Type attribute value as the Accounting-Off message and contains the ICR-Partition-Id VSA to denote the ICR partition to which the message is associated.
For more information about how to configure and use ICR partitions, see the Managing Interchassis Redundancy chapter in the JunosE Services Availability Configuration Guide.
Table 42: AAA Accounting Message Juniper Network (Vendor ID 4874) VSAs Supported
Attribute Number | Attribute Name | Acct-Start | Acct-Stop | Interim-Acct | Acct-On | Acct-Off | Partition- Accounting-On | Partition- Accounting-Off |
|---|---|---|---|---|---|---|---|---|
[26-10] | Ingress-Policy-Name | ✓ | ✓ | ✓ | – | – | – | – |
[26-11] | Egress-Policy-Name | ✓ | ✓ | ✓ | – | – | – | – |
[26-24] | Pppoe-Description | ✓ | ✓ | ✓ | – | – | – | – |
[26-42] | Acct-Input-Gigapackets | – | ✓ | ✓ | – | – | – | – |
[26-43] | Acct-Output-Gigapackets | – | ✓ | ✓ | – | – | – | – |
[26-44] | Tunnel-Interface-Id | ✓ | ✓ | ✓ | – | – | – | – |
[26-45] | Ipv6-Virtual-Router | ✓ | ✓ | ✓ | – | – | – | – |
[26-46] | Ipv6-Local-Interface | ✓ | ✓ | ✓ | – | – | – | – |
[26-47] | Ipv6-Primary-DNS | ✓ | ✓ | ✓ | – | – | – | – |
[26-48] | Ipv6-Secondary-DNS | ✓ | ✓ | ✓ | – | – | – | – |
[26-51] | Disconnect-Cause | – | ✓ | – | – | – | – | – |
[26-53] | Service-Description | ✓ | ✓ | ✓ | – | – | – | – |
[26-55] | DHCP-Options | ✓ | ✓ | ✓ | – | – | – | – |
[26-56] | DHCP-MAC-Address | ✓ | ✓ | ✓ | – | – | – | – |
[26-57] | DHCP-GI-Address | ✓ | ✓ | ✓ | – | – | – | – |
[26-62] | MLPPP-Bundle-Name | ✓ | ✓ | ✓ | – | – | – | – |
[26-63] | Interface-Description | ✓ | ✓ | ✓ | – | – | – | – |
[26-92] | L2C-Up-Stream-Data | ✓ | ✓ | ✓ | – | – | – | – |
[26-93] | L2C-Down-Stream-Data | ✓ | ✓ | ✓ | – | – | – | – |
[26-110] | Acc-Loop-Cir-Id | ✓ | ✓ | ✓ | – | – | – | – |
[26-111] | Acc-Aggr-Cir-Id-Bin | ✓ | ✓ | ✓ | – | – | – | – |
[26-112] | Acc-Aggr-Cir-Id-Asc | ✓ | ✓ | ✓ | – | – | – | – |
[26-113] | Act-Data-Rate-Up | ✓ | ✓ | ✓ | – | – | – | – |
[26-114] | Act-Data-Rate-Dn | ✓ | ✓ | ✓ | – | – | – | – |
[26-115] | Min-Data-Rate-Up | ✓ | ✓ | ✓ | – | – | – | – |
[26-116] | Min-Data-Rate-Dn | ✓ | ✓ | ✓ | – | – | – | – |
[26-117] | Att-Data-Rate-Up | ✓ | ✓ | ✓ | – | – | – | – |
[26-118] | Att-Data-Rate-Dn | ✓ | ✓ | ✓ | – | – | – | – |
[26-119] | Max-Data-Rate-Up | ✓ | ✓ | ✓ | – | – | – | – |
[26-120] | Max-Data-Rate-Dn | ✓ | ✓ | ✓ | – | – | – | – |
[26-121] | Min-LP-Data-Rate-Up | ✓ | ✓ | ✓ | – | – | – | – |
[26-122] | Min-LP-Data-Rate-Dn | ✓ | ✓ | ✓ | – | – | – | – |
[26-123] | Max-Interlv-Delay-Up | ✓ | ✓ | ✓ | – | – | – | – |
[26-124] | Act-Interlv-Delay-Up | ✓ | ✓ | ✓ | – | – | – | – |
[26-125] | Max-Interlv-Delay-Dn | ✓ | ✓ | ✓ | – | – | – | – |
[26-126] | Act-Interlv-Delay-Dn | ✓ | ✓ | ✓ | – | – | – | – |
[26-127] | DSL-Line-State | ✓ | ✓ | ✓ | – | – | – | – |
[26-128] | DSL-Type | ✓ | ✓ | ✓ | – | – | – | – |
[26-129] | Ipv6-NdRa-Prefix | ✓ | ✓ | ✓ | – | – | – | – |
[26-150] | ICR-Partition-Id | ✓ | ✓ | ✓ | – | – | ✓ | ✓ |
[26-151] | Ipv6-Acct-Input-Octets | – | ✓ | ✓ | – | – | – | – |
[26-152] | Ipv6-Acct-Output-Octets | – | ✓ | ✓ | – | – | – | – |
[26-153] | Ipv6-Acct-Input-Packets | – | ✓ | ✓ | – | – | – | – |
[26-154] | Ipv6-Acct-Output-Packets | – | ✓ | ✓ | – | – | – | – |
[26-155] | Ipv6-Acct-Input-Gigawords | – | ✓ | ✓ | – | – | – | – |
[26-156] | Ipv6-Acct-Output-Gigawords | – | ✓ | ✓ | – | – | – | – |
[26-159] | DHCP-Option 82 | ✓ | ✓ | ✓ | – | – | – | – |
Tunnel Accounting Messages
Table 43 lists RADIUS attributes supported by the following tunnel-related accounting messages:
- Acct-Tunnel-Start
- Acct-Tunnel-Stop
- Acct-Tunnel-Reject
- Acct-Tunnel-Link-Start
- Acct-Tunnel-Link-Stop
- Acct-Tunnel-Link-Reject
Table 43: AAA Accounting Tunnel Message RADIUS Attributes Supported
Attribute Number
Attribute Name
Acct-Tunnel-
StartAcct-Tunnel-
StopAcct-Tunnel-
RejectAcct-Tunnel-
Link-StartAcct-Tunnel-
Link-StopAcct-Tunnel-
Link-Reject[1]
User-Name
–
–
–
✓
✓
–
[4]
NAS-IP-Address
✓
✓
✓
✓
✓
✓
[26-51]
Disconnect-Cause
–
–
–
–
✓
–
[32]
NAS-Identifier
✓
✓
✓
✓
✓
✓
[40]
Acct-Status-Type
✓
✓
✓
✓
✓
✓
[41]
Acct-Delay-Time
✓
✓
✓
✓
✓
✓
[44]
Acct-Session-Id
✓
✓
✓
✓
✓
✓
[46]
Acct-Session-Time
–
✓
–
–
✓
–
[49]
Acct-Terminate-Cause
–
✓
✓
–
✓
✓
[55]
Event-Timestamp
✓
✓
✓
✓
✓
✓
[64]
Tunnel-Type
✓
✓
✓
✓
✓
✓
[65]
Tunnel-Medium-Type
✓
✓
✓
✓
✓
✓
[66]
Tunnel-Client-Endpoint
✓
✓
✓
✓
✓
✓
[67]
Tunnel-Server-Endpoint
✓
✓
✓
✓
✓
✓
[68]
Acct-Tunnel-
Connection✓
✓
✓
✓
✓
✓
[82]
Tunnel-Assignment-Id (LAC only)
✓
✓
✓
✓
✓
✓
[83]
Tunnel-Preference (LAC only)
–
–
–
✓
✓
✓
[86]
Acct-Tunnel-Packets-
Lost–
–
–
–
✓
✓
[90]
Tunnel-Client-Auth-Id
✓
✓
✓
✓
✓
✓
[91]
Tunnel-Server-Auth-Id
✓
✓
✓
✓
✓
✓
