Technical Documentation
New
radius ignore
Syntax
radius ignore attributeName { enable | disable }
no radius ignore attributeName
Release Information
Command introduced before JunosE Release 7.1.0.
pppoe-max-session keyword added in JunosE Release 9.3.0.
ipv6-egress-policy-name and ipv6-ingress-policy-name attributes added in JunosE Release 13.0.0.
Description
Ignores the specified attribute in RADIUS Access-Accept messages. All attributes are disabled by default except for Framed-Ip-Netmask and Max-Clients-Per-Interface (pppoe-max-session). The no version restores the default.
Options
- attributeName—One of the following
RADIUS attributes:
- atm-mbs—Mbs, VSA 26-17
- atm-pcr—Pcr, VSA 26-15
- atm-scr—Scr, VSA 26-16
- atm-service-category—Service-Category, VSA 26-14
- egress-policy-name—Egress-Policy-Name, VSA 26-11
- ipv6-egress-policy-name—Ipv6-Egress-Policy-Name, VSA 26-107; when you ignore this attribute, the policy manager will not apply the policy returned from the RADIUS server to the subscriber interface; when you accept this attribute, the policy manager applies the policy returned from the RADIUS server to the subscriber interface
- framed-ip-netmask—Framed-Ip-Netmask, attribute 9; when you ignore this attribute, the default subnet mask 255.255.255.255 is provided by AAA and used for Internet Protocol Control Protocol (IPCP) negotiations; when you enable this attribute, the router passes the IP address and the subnet mask specified by this attribute to the CPE during IPCP negotiations; ignoring the attribute guards against any breaks in the IPCP negotiation
- ingress-policy-name—Ingress-Policy-Name, VSA 26-10
- ipv6-ingress-policy-name—Ipv6-Ingress-Policy-Name, VSA 26-106; when you ignore this attribute, the policy manager will not apply the policy returned from the RADIUS server to the subscriber interface; when you accept this attribute, the policy manager applies the policy returned from the RADIUS server to the subscriber interface
- virtual-router—Virtual-Router, VSA 26-1
- If you configure the default virtual router as the authentication virtual router for the domain map using the ip-router-name command in Domain Map Configuration Mode and the Virtual-Router RADIUS VSA attribute [26-1] is returned from the RADIUS server in the Access-Accept message, the IPv4 virtual router context returned from the RADIUS server overrides the IPv4 virtual router context configured in the AAA domain map. If you configure a nondefault virtual router as the authentication virtual router for the AAA domain map and the Virtual-Router RADIUS VSA attribute [26-1] is returned from the RADIUS server in the Access-Accept message, the IPv4 virtual router context in the AAA domain map takes precedence over the IPv4 virtual router context returned from the RADIUS server.
- pppoe-max-session—Max-Clients-Per-Interface, VSA 26-143
- enable—Specifies the feature; this is the default setting for framed-ip-netmask and pppoe-max-session
- disable—Disables the feature; this is the default setting for all attributes except framed-ip-netmask and pppoe-max-session
Mode
Global Configuration
Published: 2012-06-29
Copyright© 1999-2012 Juniper Networks, Inc. All rights reserved.
