Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Extracting RADIUS Attributes with the Pseudo–RADIUS Authorization Server (SRC CLI)

 

The pseudo–RADIUS authorization server extracts RADIUS attribute values from the MX Series router for which it receives access requests.

Tasks to configure the RADIUS attribute value extraction are:

Extracting Interface Name Attribute Values

The interface name value is the subscriber line interface. This value is extracted from the NAS-Port-ID attribute. The default settings for this configuration are sufficient for most applications.

Use the following configuration statements to extract the interface name value from the RADIUS access request:

To extract the interface name value:

  1. From configuration mode, access the configuration statement that configures RADIUS attribute extraction for the interface name value.
  2. (Optional) Specify the RADIUS attribute value format with a regular expression. You can group regular expressions by enclosing them in parentheses. The value for the interface is the part of the NAS-Port-ID matched by the first group in your regular expression. For more information about using regular expressions, see http://docs.oracle.com/javase/1.5.0/docs/api/java/util/regex/Pattern.html.

    For example, to specify that the extracted interface name value is ge-0/0/3.0 from the NAS-Port attribute value of ge-0/0/3.0[:0-0]:

Extracting Virtual Router Name Attribute Values

In most cases, the virtual router name value is in the format default@<NAS-ID attribute>. The default settings extract a virtual router name in this format. If your environment is different, you can configure a different format for the extracted value.

Use the following configuration statements to extract the virtual router name value from the RADIUS access request:

To extract the virtual router name value:

  1. From configuration mode, access the configuration statement that configures RADIUS attribute extraction for the virtual router name value.
  2. Specify the RADIUS attribute identifier.
  3. (Optional) Specify whether the RADIUS attribute is a vendor-specific attribute.
  4. (Optional) Specify the RADIUS vendor-specific attribute identifier.
  5. (Optional) Specify the RADIUS attribute value format with a regular expression. You can group regular expressions by enclosing them in parentheses. The value for the interface is the part of the NAS-Port-ID matched by the first group in your regular expression. For more information about using regular expressions, see http://docs.oracle.com/javase/1.5.0/docs/api/java/util/regex/Pattern.html.

    For example:

  6. (Optional) Specify the value type of this RADIUS attribute.

    where:

    • raw-byte—Raw bytes

    • chars—Sequence of characters

  7. (Optional) Specify the prefix that is prepended to the extracted RADIUS attribute value.