Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 
  
[+] Expand All
[-] Collapse All

Defining the Values of RADIUS Attributes

The values of RADIUS attributes can be a standard value (see Table 13) or an expression. Expressions are evaluated with Python. For example: lowWord(inOctets) extracts the lower 32 bits of the 64-bit inOctets counter. You can define multiple values for an expression in a comma-separated list.

Table 13: Standard Values for RADIUS Attributes

Value

Type of Plug-In

Comments

accountingId

User and service tracking

 

authUserId

Service tracking

 

Chargeable-User-Identity

User authorization and service accounting

This attribute must be configured in the RADIUS Access-Request packet with an empty value. The RADIUS server sends a unique value with the RADIUS Access-Response packet. This attribute value in the RADIUS Accounting-Request packet is used for service accounting.

dhcp

User and service tracking

Provides access to the DHCP packet. See Sending DHCP Options to the JunosE Router for details.

domain

Authorization

 

eventTime

User and service tracking

Seconds since 1970-01-01T00:00Z

ifRadiusClass

User and service tracking

 

ifSessionId

User and service tracking

 

inOctets

Service tracking

64-bit counter

inPackets

Service tracking

 

interfaceAlias

User and service tracking

 

interfaceDescr

User and service tracking

 

interfaceName

User and service tracking

 

ipv6InOctets

Service tracking

64-bit counter

ipv6InPackets

Service tracking

 

ipv6OutOctets

Service tracking

64-bit counter

ipv6OutPackets

Service tracking

 

localNasId

All

Configured NAS-ID

localNasIp

All

Configured NAS-IP

loginId

User and service authorization

ID provided by the subscriber; the loginId value is not separated into UID and domain name.

loginName

User and service tracking

Name that the subscriber uses to log in to the portal

nasIp

User and service tracking

NAS IP address of the router

nasPort

User and service tracking

32-bit integer

outOctets

Service tracking

64-bit counter

outPackets

Service tracking

 

password

User and service authorization

 

portId

User and service tracking

ID of the port on the JunosE router—for example, FastEthernet 3/1:2001

primaryUserName

User and service tracking

Name that the subscriber uses for DHCP/PPP authentication

radiusClass

User tracking, user and service authorization

For service tracking, this value is taken from the RADIUS Access-Accept response. If the response does not contain a value, the RADIUS class defined in the service definition is used.

This attribute can be set by an authorization response.

replyMessage

User and service authorization

This attribute can only be set.

routerName

User and service tracking

 

serviceBundle

User tracking and authorization

This attribute can be set by an authorization response.

serviceName

Service tracking

Sets an arbitrary attribute (for example, class) to the name of the service

serviceSessionName

Service tracking

Named service session; empty for default session

serviceSessionTag

Service tracking

 

sessionId

User and service tracking

 

sessionTime

User and service tracking

 

sessionTimeout

User tracking, user and service authorization

This attribute can be set by an authorization response.

sessionVolumeQuota

User authorization

This attribute can only be set. It is sent to session tracking events and can be returned by service authorization events. It can be set and retrieved through the portal API and can also be defined through an LDAP attribute in the service definition.

If the attribute is defined multiple times, the following precedence is observed:

  1. Service definition (lowest)
  2. Authorization
  3. API call (highest)

    NOTE: The SAE does not enforce a volume quota directly; it only makes the attribute available to an external application that can control the volume quota.

setAcctInterimTime

User authorization

Integer

setAuthVirtualRouterName

DHCP authorization

Text

setIdleTimeout(ATTR)

User authorization

 

setLoadServices(ATTR)

User authorization

This attribute can only be set.

setPoolName

DHCP authorization

Text

setRadiusClass(ATTR)

User and service authorization

 

setReplyMessage(ATTR)

User and service authorization

 

setSessionTimeout(ATTR)

User and service authorization

 

setServiceBundle(ATTR)

User authorization

 

setSessionVolumeQuota(ATTR)

User authorization

 

setSubstitution

User authorization

Text. Substitutions can be set only for service sessions.

setTerminateTime

User authorization

Text

setUserIpAddress

DHCP authorization

Integer

sspHost

User and service tracking

 

terminateCause

User and service tracking

 

uid

User and service authorization

 

userDn

User and service tracking

 

userIpAddress

User and service tracking

 

userMacAddress

User and service tracking

 

userRadiusClass

Service tracking

RADIUS class of the associated subscriber session

userSessionId

Service tracking

RADIUS session ID of the associated subscriber session

Related Documentation

Modified: 2017-08-03