radius ignore

Syntax

radius ignore attributeName { enable | disable }

no radius ignore attributeName

Release Information

Command introduced before JunosE Release 7.1.0.

pppoe-max-session keyword added in JunosE Release 9.3.0.

ipv6-egress-policy-name and ipv6-ingress-policy-name attributes added in JunosE Release 13.0.0.

Description

Ignores the specified attribute in RADIUS Access-Accept messages. All attributes are disabled by default except for Framed-Ip-Netmask and Max-Clients-Per-Interface (pppoe-max-session). The no version restores the default.

Options

• attributeName—One of the following RADIUS attributes:
  • atm-mbs—Mbs, VSA 26-17
  • atm-pcr—Pcr, VSA 26-15
  • atm-scr—Scr, VSA 26-16
  • atm-service-category—Service-Category, VSA 26-14
  • egress-policy-name—Egress-Policy-Name, VSA 26-11
  • ipv6-egress-policy-name—Ipv6-Egress-Policy-Name, VSA 26-107; when you ignore this attribute, the policy manager will not apply the policy returned from the RADIUS server to the subscriber interface; when you accept this attribute, the policy manager applies the policy returned from the RADIUS server to the subscriber interface
  • framed-ip-netmask—Framed-Ip-Netmask, attribute 9; when you ignore this attribute, the default subnet mask 255.255.255.255 is provided by AAA and used for Internet Protocol Control Protocol (IPCP) negotiations; when you enable this attribute, the router passes the IP address and the subnet mask specified by this attribute to the CPE during IPCP negotiations; ignoring the attribute guards against any breaks in the IPCP negotiation
  • ingress-policy-name—Ingress-Policy-Name, VSA 26-10
  • ipv6-ingress-policy-name—Ipv6-Ingress-Policy-Name, VSA 26-106; when you ignore this attribute, the policy manager will not apply the policy returned from the RADIUS server to the subscriber interface; when you accept this attribute, the policy manager applies the policy returned from the RADIUS server to the subscriber interface
  • virtual-router—Virtual-Router, VSA 26-1
    • If you configure the default virtual router as the authentication virtual router for the domain map using the ip-router-name command in Domain Map Configuration Mode and the Virtual-Router RADIUS VSA attribute [26-1] is returned from the RADIUS server in the Access-Accept message, the IPv4 virtual router context returned from the RADIUS server overrides the IPv4 virtual router context configured in the AAA domain map. If you configure a nondefault virtual router as the authentication virtual router for the AAA domain map and the Virtual-Router RADIUS VSA attribute [26-1] is returned from the RADIUS server in the Access-Accept message, the IPv4 virtual router context in the AAA domain map takes precedence over the IPv4 virtual router context returned from the RADIUS server.
  • pppoe-max-session—Max-Clients-Per-Interface, VSA 26-143
• enable—Specifies the feature; this is the default setting for framed-ip-netmask and pppoe-max-session
• disable—Disables the feature; this is the default setting for all attributes except framed-ip-netmask and pppoe-max-session

Mode

Global Configuration