[an error occurred while processing this directive][an error occurred while processing this directive]

RADIUS IETF Attributes Supported by the AAA Service Framework

Table 1 describes the RADIUS IETF attributes that the JUNOS AAA Service Framework supports.

Note: A “Yes” entry in the Dynamic CoA Support column indicates that the attribute can be dynamically configured by Access-Accept messages and dynamically modified by CoA-Request messages.

Table 1: Supported RADIUS IETF Attributes

Attribute Number

Attribute Name

Description

Dynamic CoA
Support

1

User-Name

  • Name of user to be authenticated
  • Configurable username override

No

2

User-Password

  • Password of user to be authenticated by Password Authentication Protocol (PAP)
  • Configurable password override

No

4

NAS-IP-Address

IP address of the network access server (NAS) that is requesting authentication of the user

No

5

NAS-Port

Physical port number of the NAS that is authenticating the user

No

6

Service-Type

Type of service the user has requested or the type of service to be provided

No

8

Framed-IP-Address

  • IP address to be configured for the user
  • 0.0.0.0 or absence is interpreted as 255.255.255.254

No

9

Framed-IP-Netmask

  • IP network to be configured for the user when the user is a router or switch to a network
  • Absence implies 255.255.255.255

No

11

Filter-ID

  • Name of the filter list for the user
  • Interpreted as input policy name

Yes

18

Reply-Message

  • Text that may be displayed to the user
  • Only the first instance of this attribute is used

No

22

Framed-Route

String that provides routing information to be configured for the user on the NAS; in the format:

<addr>[/<maskLen>] [<nexthop> [<cost>]] [tag <tagValue>] [distance <distValue>]

Yes

25

Class

An arbitrary value that the NAS includes in all accounting packets for the user if supplied by the RADIUS server

No

27

Session-Timeout

Maximum number of consecutive seconds of service to be provided to the user before termination of the session

No

31

Calling-Station-ID

Indicates that the NAS can send the phone number from which the call originated

No

32

NAS-Identifier

Identifies the NAS originating the request

No

40

Acct-Status-Type

Indicates whether this Accounting-Request marks the beginning of the user service (Start), the end (Stop), or the interim (Interim-Update)

No

41

Acct-Delay-Time

Indicates how many seconds the client has been trying to send a particular record

No

42

Acct-Input-Octets

Indicates how many octets have been received from the port during the time this service has been provided

No

43

Acct-Output-Octets

Indicates how many octets have been sent to the port during the time this service has been provided

No

44

Acct-Session-ID

Unique accounting identifier that makes it easy to match start and stop records in a log file. The identifier can be in one of the following formats:

  • decimal—For example, 435264
  • description—In the generic format, jnpr interface-specifier:subscriber-session-id; For example, jnpr fastEthernet 3/2.6:1010101010101

No

45

Acct-Authentic

Indicates how the user was authenticated: whether by RADIUS, the NAS itself, or another remote authentication protocol

No

46

Acct-Session-Time

Indicates how long in seconds that the user has received service

No

47

Acct-Input-Packets

Indicates how many packets have been received from the port during the time this service has been provided to a framed user

No

48

Acct-Output-Packets

Indicates how many packets have been sent to the port in the course of delivering this service to a framed user

No

49

Acct-Terminate-Cause

Contains the reason the service (a PPP session) was terminated. The service can be terminated for the following reasons:

  • User Request (1)—User initiated the disconnect (log out)
  • Idle Timeout (4)—Idle timer has expired
  • Session Timeout (5)—Client reached the maximum continuous time allowed on the service or session
  • Admin Reset (6)—System administrator terminated the session
  • Port Error (8)—PVC failed; no hardware or no interface
  • NAS Error (9)—Negotiation failures, connection failures, or address lease expiration
  • NAS Request (10)—PPP challenge timeout, PPP request timeout, tunnel establishment failure, PPP bundle failure, IP address lease expiration, PPP keep-alive failure, Tunnel disconnect, or an unaccounted-for error

No

52

Acct-Input-Gigawords

Indicates how many times the Acct-Input-Octets counter has wrapped around 232 during the time this service has been provided. Can be present in Accounting-Request records only where the Acct-Status-Type is set to Stop or Interim-Update

No

53

Acct-Output-Gigawords

Indicates how many times the Acct-Output-Octets counter has wrapped around 232 in the course of delivering this service. Can be present in Accounting-Request records only where the Acct-Status-Type is set to Stop or Interim-Update

No

55

Event-Timestamp

Records the time that this event occurred on the NAS, in seconds, since January 1, 1970 00:00 UTC

No

61

NAS-Port-Type

Indicates the type of physical port the NAS is using to authenticate the user

No

85

Acct-Interim-Interval

Number of seconds between each interim accounting update for this session

The router uses the following guidelines for interim accounting:

  • Attribute value is within the acceptable range (600 to 86,400 seconds)—Accounting is updated at the specified interval
  • Attribute value of 0—No RADIUS accounting in performed
  • Attribute value is less than the minimum acceptable value—Accounting is updated at the minimum interval (600 seconds)
  • Attribute value is greater than the maximum acceptable value—Accounting is updated at the maximum interval (86,400 seconds)

No

87

NAS-Port-ID

Text string that identifies the physical interface of the NAS that is authenticating the user

No

88

Framed-Pool

Name of an assigned address pool to use to assign an address for the user

No

95

NAS-IPv6-Address

Address of the NAS that is requesting authentication of the user

No

96

Framed-Interface-ID

Interface identifier that is configured for the user

No

97

Framed-IPv6-Prefix

IPv6 prefix that is configured for the user

No

98

Login-IPv6-Host

System the user connects to when the Login-Service attribute is included

No

99

Framed-IPv6-Route

IPv6 routing information that is configured for the user.

Yes

100

Framed-IPv6-Pool

Name of assigned pool used to assign an IPv6 prefix for the user

No

123

Delegated-IPv6-Prefix

Prefix that is delegated to the user

No


Published: 2010-04-26

[an error occurred while processing this directive]