[an error occurred while processing this directive][an error occurred while processing this directive]

Configuring How RADIUS Attributes Are Used for Subscriber Access

You can specify the attributes RADIUS ignores in RADIUS Access-Accept messages, and the attributes RADIUS excludes from specified message types.

To configure the attributes RADIUS ignores or excludes:

  1. Specify that you want to configure RADIUS.
    [edit access profile isp-bos-metro-fiber-basic]user@host# edit radius
  2. Specify that you want to configure how RADIUS attributes are ignored or excluded.
    [edit access profile isp-bos-metro-fiber-basic radius]user@host# edit attributes
  3. Specify the attributes you want RADIUS to ignore when the attributes are in Access-Accept messages. See Table 1 for the attributes you can configure.
    [edit access profile isp-bos-metro-fiber-basic radius attributes]user@host# set ignore input-filter output-filter
  4. Configure RADIUS to exclude the specified attribute from the specified RADIUS message type. See Table 2 for the attributes and message type combinations you can configure.
    [edit access profile isp-bos-metro-fiber-basic radius attributes]user@host# set exclude input-filter output-filter

You use the ignore statement to configure the router or switch to ignore a particular attribute in RADIUS Access-Accept messages. By default, the router or switch processes the attributes received from the external AAA server. Table 1 lists the attributes supported in the ignore statement.

Table 1: Attributes That Can Be Ignored in RADIUS Accept-Accept Messages

CLI Entry

Attribute Name

Attribute Number

framed-ip-netmask

Framed-Ip-Netmask

RADIUS attribute 9

input-filter

Ingress-Policy-Name

Juniper VSA 26–10

logical-system:routing-instance

Virtual-Router

Juniper VSA 26–1

output-filter

Egress-Policy-Name

Juniper VSA 26–11

You use the exclude statement to configure the router or switch to exclude the specified attributes from the specified type of RADIUS message. Not all attributes appear in all types of RADIUS messages—the CLI indicates the RADIUS message type. By default, the router or switch includes the specified attributes in RADIUS Access-Request, Acct-On, Acct-Off, Acct-Start, and Acct-Stop messages. Table 2 lists the attributes and message types supported in the exclude statement.

Table 2: Attributes That Can Be Excluded from RADIUS Messages

CLI Entry

Attribute Name

Attribute Number

Supported Message Type

accounting-authentic

Acct-Authentic

RADIUS attribute 45

Accounting-On

Accounting-Off

accounting-delay-time

Acct-Delay-Time

RADIUS attribute 41

Accounting-On

Accounting-Off

accounting-session-id

Acct-Session-Id

RADIUS attribute 44

Access-Request

Accounting-On

Accounting-Off

Accounting-Stop

accounting-terminate-cause

Acct-Terminate-Cause

RADIUS attribute 49

Accounting-Off

called-station-id

Called-Station-Id

RADIUS attribute 30

Access-Request

Accounting-Start

Accounting-Stop

calling-station-id

Calling-Station-Id

RADIUS attribute 31

Access-Request

Accounting-Start

Accounting-Stop

class

Class

RADIUS attribute 25

Accounting-Start

Accounting-Stop

dhcp-gi-address

DHCP-GI-Address

Juniper VSA 26–57

Access-Request

Accounting-Start

Accounting-Stop

dhcp-mac-address

DHCP-MAC-Address

Juniper VSA 26–56

Access-Request

Accounting-Start

Accounting-Stop

event-timestamp

Event-Timestamp

RADIUS attribute 55

Accounting-On

Accounting-Off

Accounting-Start

Accounting-Stop

framed-ip-address

Framed-IP-Address

RADIUS attribute 8

Accounting-Start

Accounting-Stop

framed-ip-netmask

Framed-IP-Netmask

RADIUS attribute 9

Accounting-Start

Accounting-Stop

input-filter

Ingress-Policy-Name

Juniper VSA 26–10

Accounting-Start

Accounting-Stop

input-gigapackets

Acct-Input-Gigapackets

Juniper VSA 26–42

Accounting-Stop

input-gigawords

Acct-Input-Gigawords

RADIUS attribute 52

Accounting-Stop

interface-description

Interface-Desc

Juniper VSA 26–53

Access-Request

Accounting-Start

Accounting-Stop

nas-identifier

NAS-Identifier

RADIUS attribute 32

Access-Request

Accounting-on

Accounting-off

Accounting-Start

Accounting-Stop

nas-port

NAS-Port

RADIUS attribute 5

Access-Request

Accounting-Start

Accounting-Stop

nas-port-id

NAS-Port-Id

RADIUS attribute 87

Access-Request

Accounting-Start

Accounting-Stop

nas-port-type

NAS-Port-Type

RADIUS attribute 61

Access-Request

Accounting-Start

Accounting-Stop

output-filter

Egress-Policy-Name

Juniper VSA 26–11

Accounting-Start

Accounting-Stop

ouput-gigapackets

Acct-Output-Gigapackets

Juniper VSA 26–43

Accounting-Stop

output-gigawords

Acct-Output-Gigawords

RADIUS attribute 53

Accounting-Stop


Published: 2010-04-26

[an error occurred while processing this directive]