ERX-Supported RADIUS Attribute Descriptions

[Contents] [Prev] [Next] [Index] [Report an Error]

ERX-Supported RADIUS Attribute Descriptions
Table A-1 provides a description of all ERX-supported RADIUS attributes, sorted by standard number. Table A-2 lists all Juniper Networks vendor-specific attribute (VSA) formats, also sorted by standard number.

Table A-1 ERX-supported attributes

Standard Number

Attribute Name

Description

[1]

User-Name

Name of user to be authenticated

Configurable username override

[2]

User-Password

Password of user to be authenticated

Configurable password override

PAP (Password Authentication Protocol)

[3]

CHAP-Password

Response value provided by a PPP Challenge Handshake Authorization Protocol (CHAP) user in the response to an access challenge

[4]

NAS-IP-Address

IP address of the network access server (NAS) that is requesting authentication of the user

You may configure the radius update-source-addr command to override this behavior; see Chapter 1, Configuring Remote Access to the ERX System.

[5]

NAS-Port

Physical port number of the NAS that is authenticating the user

See the radius nas-port-format command in Chapter 2, Configuring RADIUS Attributes.

[6]

Service-Type

Type of service the user has requested or the type of service to be provided

Admin, Login, NAS Prompt, or Framed only

[7]

Framed-Protocol

Framing protocol used for framed access

Standard value of 1 set for PPP

[8]

Framed-IP-Address

IP address to be configured for the user

0.0.0.0 or absence is interpreted as 255.255.255.254

See the radius include framed-ip-add acct-start command in Chapter 2, Configuring RADIUS Attributes.

[9]

Framed-IP-Netmask

IP network to be configured for the user when the user is a router to a network

Absence implies 255.255.255.255

[11]

Filter-Id

Name of the filter list for the user

Interpreted as input policy name

[13]

Framed-Compression

Always set to "none."

[18]

Reply-Message

Text that may be displayed to the user

Only the first instance of this attribute is used

[22]

Framed-Route

Provides routing information to be configured for the user on the NAS

[24]

State

An arbitrary value that the ERX includes in new Access-Request packets from the previous Accept-Challenge

Applicable for CLI/telnet only

[25]

Class

An arbitrary value that the NAS includes in all accounting packets for the user if supplied by the RADIUS server

[26]

Vendor-Specific

Juniper Networks Enterprise number 0x0000130A

[26-1]

Juniper-Virtual-Router

Virtual router name for the B-RAS user's IP interface

Allowed only from RADIUS server in default virtual router context

For restricted users, specifies the only VR that the user may access.

For nonrestricted users, specifies the initial VR that the user accesses.

See the enable command in ERX System Basics Configuration Guide, Chapter 6, Passwords and Security.

[26-2]

Address-Pool-Name

Name of an assigned address pool that should be used to assign an address for the user

Same as RADIUS attribute 88, Framed-Pool

[26-3]

Local-Interface

Interface to apply to the ERX side of the connection

[26-4]

Primary-DNS

B-RAS user's DNS address negotiated during IPCP

4-octet IP address

[26-5]

Secondary-DNS

B-RAS user's DNS address negotiated during IPCP

4-octet IP address

[26-6]

Primary-WINS (NBNS)

B-RAS user's WINS (NBNS) address negotiated during IPCP

4-octet IP address

[26-7]

Secondary-WINS (NBNS)

B-RAS user's WINS (NBNS) address negotiated during IPCP

4-octet IP address

[26-8]

Tunnel-Virtual-Router

Virtual router name for tunnel connection

[26-9]

Tunnel-Password

Tunnel password in cleartext

[26-10]

Ingress-Policy-Name

Input policy name to apply to B-RAS user's interface

[26-11]

Egress-Policy-Name

Output policy name to apply to B-RAS user's interface

[26-12]

Ingress-Statistics

Enable or disable input statistics on B-RAS user's interface

[26-13]

Egress-Statistics

Enable or disable output statistics on B-RAS user's interface

[26-14]

Atm-Service-Category

ATM service category to apply to B-RAS user's interface

[26-15]

Atm-PCR

Peak cell rate

4-octet integer

[26-16]

Atm-SCR

Sustained cell rate or CBR, depending on the Atm-Service-Category RADIUS attribute [26-14]

4-octet integer

[26-17]

Atm-MBS

Maximum burst rate

4-octet integer

[26-18]

Juniper-Initial-CLI-Access-Level

Specifies the initial level of access to CLI commands

See the enable command in ERX System Basics Configuration Guide, Chapter 6, Passwords and Security.

[26-19]

Juniper-Allow-All-VR-Access

Specifies user access to all virtual routers

See the enable command in ERX System Basics Configuration Guide, Chapter 6, Passwords and Security.

[26-20]

Juniper-Alt-CLI-Access-Level

Specifies other levels of access to CLI commands

See the enable command in ERX System Basics Configuration Guide, Chapter 6, Passwords and Security.

[26-21]

Juniper-Alt-CLI-Virtual-Router-
Name

For restricted users, specifies other VRs that the user may access.

See the enable command in ERX System Basics Configuration Guide, Chapter 6, Passwords and Security.

[26-22]

Sa-Validate

Enable or disable source address validation on a user's interface

4-octet integer

[26-23]

Igmp-Enable

Enable or disable IGMP on a user's interface

Allows the end user to register for the reception of multicast services

4-octet integer

[26-24]

Pppoe-Description

The string pppoe <mac addr> sent to the RADIUS server supplied by PPPoE

[26-25]

Redirect-VR-Name

Virtual router name indicating the VR context in which to authenticate the user

Behavior is similar to that of a remote domain-map lookup.

[26-26]

QoS-Profile-Name

Name of the QoS profile to attach to the user's interface

[26-31]

SSC-Service-Bundle-Name

Specifies the SSC service bundle

[26-34]

Framed-Ip-Route-Tag

Route tag to apply to returned framed-ip-address

[26-42]

Input-Gigapkts

Number of times input-packets attribute rolls over its 4-octet field

[26-43]

Output-Gigapkts

Number of times output-packets attribute rolls over its 4-octet field

[27]

Session-Timeout

Maximum number of seconds of service to be provided to the user before termination of the session

[28]

Idle-Timeout

Maximum number of consecutive seconds of idle connection allowed to the user before termination of the session

[30]

Called-Station-Id

Allows the NAS to send the phone number that the user called

Not supported for non tunneled or LAC session side.

For the LNS (L2TP), the format is the string passed in the Called Number AVP.

[31]

Calling-Station-Id

Allows the NAS to send the phone number from which the call originated

See the radius calling-station-format and the radius calling-station-delimiter commands in Chapter 2, Configuring RADIUS Attributes.

[32]

NAS-Identifier

Identifies the NAS originating the request

System-wide configurable hostname or VR-sensitive configurable NAS-identifier name

[40]

Acct-Status-Type

Indicates whether this Accounting-Request marks the beginning of the user service (Start), the end (Stop), or the interim (Interim-Update)

[41]

Acct-Delay-Time

Indicates how many seconds the client has been trying to send a particular record

[42]

Acct-Input-Octets

Indicates how many octets have been received from the port during the time this service has been provided

PPP payload only

[43]

Acct-Output-Octets

Indicates how many octets have been sent to the port during the time this service has been provided

PPP payload only

[44]

Acct-Session-Id

Unique accounting identifier that makes it easy to match start and stop records in a log file

See the radius acct-session-id-format and the radius include acct-session-id access-request commands in Chapter 2, Configuring RADIUS Attributes.

[45]

Acct-Authentic

Indicates how the user was authenticated, whether by RADIUS, the NAS itself, or another remote authentication protocol

Always 1

[46]

Acct-Session-Time

Indicates how long in seconds that the user has received service

[47]

Acct-Input-Packets

Indicates how many packets have been received from the port during the time this service has been provided to a framed user

PPP payload only

[48]

Acct-Output-Packets

Indicates how many packets have been sent to the port in the course of delivering this service to a framed user

PPP payload only

[49]

Acct-Terminate-Cause

Contains the reason the service (a PPP session) was terminated. The service can be terminated for the following reasons:

User Request (1) - user initiated the disconnect (log out)

Idle Timeout (4) - idle timer has expired

Session Timeout (5) - client reached the maximum continuous time allowed on the service or session

Admin Reset (6) - system administrator terminated the session

Port Error (8) - PVC failed; no hardware or no interface

NAS Error (9) - negotiation failures, connection failures, or address lease expiration

NAS Request (10) - PPP challenge timeout, PPP request timeout, tunnel establishment failure, PPP bundle failure, IP address lease expiration, PPP keep-alive failure, Tunnel disconnect, or an unaccounted-for error

[52]

Acct-Input-Gigawords

Indicates how many times the Acct-Input-Octets counter has wrapped around 2^32 during the time this service has been provided, and can be present in Accounting-Request records only where the Acct-Status-Type is set to Stop or Interim-Update

PPP payload only

[53]

Acct-Output-Gigawords

Indicates how many times the Acct-Output-Octets counter has wrapped around 2^32 in the course of delivering this service, and can be present in Accounting-Request records only where the Acct-Status-Type is set to Stop or Interim-Update

PPP payload only

[55]

Event-Timestamp

Records the time that this event occurred on the NAS, in seconds, since January 1, 1970 00:00 UTC

[60]

CHAP-Challenge

Contains the CHAP challenge sent by the NAS to a PPP CHAP user

[61]

NAS-Port-Type

Indicates the type of physical port the NAS is using to authenticate the user

See the radius dsl-port-type and the radius ethernet-port-type commands in Chapter 2, Configuring RADIUS Attributes.

[62]

Port-Limit

Specifies the maximum number of Multilink Point-to-Point protocol (MP) member links allowed for the subscriber

[64]

Tunnel-Type

Tunneling protocol(s) to be used (in the case of a tunnel initiator) or the tunneling protocol in use (in the case of a tunnel terminator)

Only L2TP and L2F supported at this time

[65]

Tunnel-Medium-Type

Transport medium to use when creating a tunnel for those protocols (such as L2TP) that can operate over multiple transports

Only Ipv4 supported at this time

[66]

Tunnel-Client Endpoint

Address of the initiator end of the tunnel

[67]

Tunnel-Server-Endpoint

Address of the server end of the tunnel

[68]

Acct-Tunnel-Connection

Indicates the identifier assigned to the tunnel session

Value is L2TP call-serial number

[69]

Tunnel-Password

Password to be used to authenticate to a remote server

[77]

Connect-Info

Sent from the NAS to indicate the nature of the user's connection

[82]

Tunnel-Assignment-Id

Indicate to the tunnel initiator the particular tunnel to which a session is to be assigned

[83]

Tunnel-Preference

If more than one set of tunneling attributes is returned by the RADIUS server to the tunnel initiator, this attribute is included in each set to indicate the relative preference assigned to each tunnel.

Included in the Tunnel-Link-Start, the Tunnel-Link-Reject, and the Tunnel-Link-Stop packets (LAC only)

[85]

Acct-Interval-Interval

Number of seconds between each interim accounting update in seconds for this specific session

[86]

Acct-Tunnel-Packets-Lost

Number of packets lost on a given link

[87]

NAS-Port-Id

Text string that identifies the physical interface of the NAS that is authenticating the user

If the PPP user connects via ATM slot 12, port 2, vpi 100, vci 101, then the NAS-Port-Id value in the RADIUS packets will be atm 12/2:100.101

If the user is a PPP user that started as a result of the ERX LNS feature (that is, no physical port), then the NAS-Port-Id value is as follows: media:local address:peer address:local tunnel id:peer tunnel id:local session id:peer session id:call serial number

>    For example: ip:172.81.1.98:172.81.1.99:18d:cb8:ce6:9f4:6

>    In this case, the local information refers to the LNS, and the peer information refers to the LAC

NAS-Port-Id usually contains one of the following:

>    atm <slot> / <port>:<vpi>.<vci>

>    fastEthernet <slot> / <port> [:<vlan>]

>    gigabitEthernet <slot> / <port> [<vlan>

>    serial <slot>/<port> [:<sonetPath> [/<sonetTributary (x/x/x)> [/<fractionalInterface>] ] ]

>    from LNS - ip:local ip:peer ip:local tid:peer tid:local sid:peer sid:call serial number

·    tid - tunnel id

·    sid - session id

[88]

Framed-Pool

Name of an assigned address pool that should be used to assign an address for the user

[90]

Tunnel-Client-Auth-Id

Name used by the tunnel initiator during the authentication phase of tunnel establishment

[91]

Tunnel-Server-Auth-Id

Name used by the tunnel terminator during the authentication phase of tunnel establishment

[242]

Ascend-Data-Filter

RADIUS policy definitions allow you to configure a policy that consists of Filter/Forward rules based on classified packet flows.

The RADIUS policy definitions use the Ascend-Data-Filter format or Filter-Id, Ingress-Policy-Name, and Egress-Policy-Name.

See Table A-2 for Juniper Networks VSA formats for RADIUS. The ERX system uses the vendor ID assigned to Juniper Networks (0x0000130A) by the Internet Assigned Numbers Authority (IANA).

Table A-2 ERX system RADIUS VSA formats

Standard Number

Attribute Name

Length

Subtype Length

Value

[26-1]

Juniper-Virtual-Router

len

sublen

string: virtual-router-name

[26-2]

Address-Pool-Name

len

sublen

string: address-pool-name

[26-3]

Local-Interface

len

sublen

string: local-interface

[26-4]

Primary-DNS

12

6

string: primary-dns-address

[26-5]

Secondary-DNS

12

6

string: secondary-dns-address

[26-6]

Primary-WINS (NBNS)

12

6

string: primary-wins-address

[26-7]

Secondary-WINS (NBNS)

12

6

string: secondary-wins-address

[26-8]

Tunnel-Virtual-Router

len

sublen

string: tunnel-virtual-router

[26-9]

Tunnel-Password

len

sublen

string: tunnel-password

[26-10]

Ingress-Policy-Name

len

sublen

string: input-policy-name

[26-11]

Egress-Policy-Name

len

sublen

string: output-policy-name

[26-12]

Ingress-Statistics

12

6

integer: 0 = disable, 1 = enable

[26-13]

Egress-Statistics

12

6

integer: 0 = disable, 1 = enable

[26-14]

Atm-Service-Category

12

6

integer: 1= UBR, 2= UBR PCR, 3=NRT VBR, 4=CBR

[26-15]

Atm-PCR

12

6

integer: 4-octet

[26-16]

Atm-SCR

12

6

integer: 4-octet

[26-17]

Atm-MBS

12

6

integer: 4-octet

[26-18]

Juniper-Initial-CLI-Access-Level

len

sublen

single attribute: enter 0, 1, 5, 10, or 15

[26-19]

Juniper-Allow-All-VR-Access

len

sublen

integer: 0 = disable, 1 = enable

[26-20]

Juniper-Alt-CLI-Access-Level

len

sublen

single attribute; enter 0, 1, 5, 10, or 15

[26-21]

Juniper-Alt-CLI-Virtual-Router-Name

len

sublen

string: virtual-router-name

[26-22]

Sa-Validate

len

sublen

integer: 0 = disable, 1 = enable

[26-23]

Igmp-Enable

len

sublen

integer: 0 = disable, 1 = enable

[26-24]

Pppoe-Description

string: pppoe<mac addr>

[26-25]

Redirect-VR-Name

len

sublen

authentication-redirection

[26-26]

QoS-Profile-Name

len

sublen

string:qos-profile-name

[26-31]

SSC-Service-Bundle-Name

len

sublen

string

[26-34]

Framed-Ip-Route-Tag

12

6

integer: 4-octet

[26-42]

Acct-Input-Gigapackets

12

6

integer

[26-43]

Acct-Output-GigaPackets

12

6

integer

For more information about RADIUS attributes, see the following resources:

RFC 2865 - Remote Authentication Dial In User Service (RADIUS) (June 2000)

RFC 2866 - RADIUS Accounting (June 2000)

RFC 2867 - RADIUS Accounting Modifications for Tunnel Protocol Support (June 2000)

RFC 2868 - RADIUS Attributes for Tunnel Protocol Support (June 2000)

RFC 2869 - RADIUS Extensions (June 2000)

Standard Number	Attribute Name	Description
[1]	User-Name	Name of user to be authenticated Configurable username override
[2]	User-Password	Password of user to be authenticated Configurable password override PAP (Password Authentication Protocol)
[3]	CHAP-Password	Response value provided by a PPP Challenge Handshake Authorization Protocol (CHAP) user in the response to an access challenge
[4]	NAS-IP-Address	IP address of the network access server (NAS) that is requesting authentication of the user You may configure the radius update-source-addr command to override this behavior; see Chapter 1, Configuring Remote Access to the ERX System.
[5]	NAS-Port	Physical port number of the NAS that is authenticating the user See the radius nas-port-format command in Chapter 2, Configuring RADIUS Attributes.
[6]	Service-Type	Type of service the user has requested or the type of service to be provided Admin, Login, NAS Prompt, or Framed only
[7]	Framed-Protocol	Framing protocol used for framed access Standard value of 1 set for PPP
[8]	Framed-IP-Address	IP address to be configured for the user 0.0.0.0 or absence is interpreted as 255.255.255.254 See the radius include framed-ip-add acct-start command in Chapter 2, Configuring RADIUS Attributes.
[9]	Framed-IP-Netmask	IP network to be configured for the user when the user is a router to a network Absence implies 255.255.255.255
[11]	Filter-Id	Name of the filter list for the user Interpreted as input policy name
[13]	Framed-Compression	Always set to "none."
[18]	Reply-Message	Text that may be displayed to the user Only the first instance of this attribute is used
[22]	Framed-Route	Provides routing information to be configured for the user on the NAS
[24]	State	An arbitrary value that the ERX includes in new Access-Request packets from the previous Accept-Challenge Applicable for CLI/telnet only
[25]	Class	An arbitrary value that the NAS includes in all accounting packets for the user if supplied by the RADIUS server
[26]	Vendor-Specific	Juniper Networks Enterprise number 0x0000130A
[26-1]	Juniper-Virtual-Router	Virtual router name for the B-RAS user's IP interface Allowed only from RADIUS server in default virtual router context For restricted users, specifies the only VR that the user may access. For nonrestricted users, specifies the initial VR that the user accesses. See the enable command in ERX System Basics Configuration Guide, Chapter 6, Passwords and Security.
[26-2]	Address-Pool-Name	Name of an assigned address pool that should be used to assign an address for the user Same as RADIUS attribute 88, Framed-Pool
[26-3]	Local-Interface	Interface to apply to the ERX side of the connection
[26-4]	Primary-DNS	B-RAS user's DNS address negotiated during IPCP 4-octet IP address
[26-5]	Secondary-DNS	B-RAS user's DNS address negotiated during IPCP 4-octet IP address
[26-6]	Primary-WINS (NBNS)	B-RAS user's WINS (NBNS) address negotiated during IPCP 4-octet IP address
[26-7]	Secondary-WINS (NBNS)	B-RAS user's WINS (NBNS) address negotiated during IPCP 4-octet IP address
[26-8]	Tunnel-Virtual-Router	Virtual router name for tunnel connection
[26-9]	Tunnel-Password	Tunnel password in cleartext
[26-10]	Ingress-Policy-Name	Input policy name to apply to B-RAS user's interface
[26-11]	Egress-Policy-Name	Output policy name to apply to B-RAS user's interface
[26-12]	Ingress-Statistics	Enable or disable input statistics on B-RAS user's interface
[26-13]	Egress-Statistics	Enable or disable output statistics on B-RAS user's interface
[26-14]	Atm-Service-Category	ATM service category to apply to B-RAS user's interface
[26-15]	Atm-PCR	Peak cell rate 4-octet integer
[26-16]	Atm-SCR	Sustained cell rate or CBR, depending on the Atm-Service-Category RADIUS attribute [26-14] 4-octet integer
[26-17]	Atm-MBS	Maximum burst rate 4-octet integer
[26-18]	Juniper-Initial-CLI-Access-Level	Specifies the initial level of access to CLI commands See the enable command in ERX System Basics Configuration Guide, Chapter 6, Passwords and Security.
[26-19]	Juniper-Allow-All-VR-Access	Specifies user access to all virtual routers See the enable command in ERX System Basics Configuration Guide, Chapter 6, Passwords and Security.
[26-20]	Juniper-Alt-CLI-Access-Level	Specifies other levels of access to CLI commands See the enable command in ERX System Basics Configuration Guide, Chapter 6, Passwords and Security.
[26-21]	Juniper-Alt-CLI-Virtual-Router- Name	For restricted users, specifies other VRs that the user may access. See the enable command in ERX System Basics Configuration Guide, Chapter 6, Passwords and Security.
[26-22]	Sa-Validate	Enable or disable source address validation on a user's interface 4-octet integer
[26-23]	Igmp-Enable	Enable or disable IGMP on a user's interface Allows the end user to register for the reception of multicast services 4-octet integer
[26-24]	Pppoe-Description	The string pppoe <mac addr> sent to the RADIUS server supplied by PPPoE
[26-25]	Redirect-VR-Name	Virtual router name indicating the VR context in which to authenticate the user Behavior is similar to that of a remote domain-map lookup.
[26-26]	QoS-Profile-Name	Name of the QoS profile to attach to the user's interface
[26-31]	SSC-Service-Bundle-Name	Specifies the SSC service bundle
[26-34]	Framed-Ip-Route-Tag	Route tag to apply to returned framed-ip-address
[26-42]	Input-Gigapkts	Number of times input-packets attribute rolls over its 4-octet field
[26-43]	Output-Gigapkts	Number of times output-packets attribute rolls over its 4-octet field
[27]	Session-Timeout	Maximum number of seconds of service to be provided to the user before termination of the session
[28]	Idle-Timeout	Maximum number of consecutive seconds of idle connection allowed to the user before termination of the session
[30]	Called-Station-Id	Allows the NAS to send the phone number that the user called Not supported for non tunneled or LAC session side. For the LNS (L2TP), the format is the string passed in the Called Number AVP.
[31]	Calling-Station-Id	Allows the NAS to send the phone number from which the call originated See the radius calling-station-format and the radius calling-station-delimiter commands in Chapter 2, Configuring RADIUS Attributes.
[32]	NAS-Identifier	Identifies the NAS originating the request System-wide configurable hostname or VR-sensitive configurable NAS-identifier name
[40]	Acct-Status-Type	Indicates whether this Accounting-Request marks the beginning of the user service (Start), the end (Stop), or the interim (Interim-Update)
[41]	Acct-Delay-Time	Indicates how many seconds the client has been trying to send a particular record
[42]	Acct-Input-Octets	Indicates how many octets have been received from the port during the time this service has been provided PPP payload only
[43]	Acct-Output-Octets	Indicates how many octets have been sent to the port during the time this service has been provided PPP payload only
[44]	Acct-Session-Id	Unique accounting identifier that makes it easy to match start and stop records in a log file See the radius acct-session-id-format and the radius include acct-session-id access-request commands in Chapter 2, Configuring RADIUS Attributes.
[45]	Acct-Authentic	Indicates how the user was authenticated, whether by RADIUS, the NAS itself, or another remote authentication protocol Always 1
[46]	Acct-Session-Time	Indicates how long in seconds that the user has received service
[47]	Acct-Input-Packets	Indicates how many packets have been received from the port during the time this service has been provided to a framed user PPP payload only
[48]	Acct-Output-Packets	Indicates how many packets have been sent to the port in the course of delivering this service to a framed user PPP payload only
[49]	Acct-Terminate-Cause	Contains the reason the service (a PPP session) was terminated. The service can be terminated for the following reasons: User Request (1) - user initiated the disconnect (log out) Idle Timeout (4) - idle timer has expired Session Timeout (5) - client reached the maximum continuous time allowed on the service or session Admin Reset (6) - system administrator terminated the session Port Error (8) - PVC failed; no hardware or no interface NAS Error (9) - negotiation failures, connection failures, or address lease expiration NAS Request (10) - PPP challenge timeout, PPP request timeout, tunnel establishment failure, PPP bundle failure, IP address lease expiration, PPP keep-alive failure, Tunnel disconnect, or an unaccounted-for error
[52]	Acct-Input-Gigawords	Indicates how many times the Acct-Input-Octets counter has wrapped around 2^32 during the time this service has been provided, and can be present in Accounting-Request records only where the Acct-Status-Type is set to Stop or Interim-Update PPP payload only
[53]	Acct-Output-Gigawords	Indicates how many times the Acct-Output-Octets counter has wrapped around 2^32 in the course of delivering this service, and can be present in Accounting-Request records only where the Acct-Status-Type is set to Stop or Interim-Update PPP payload only
[55]	Event-Timestamp	Records the time that this event occurred on the NAS, in seconds, since January 1, 1970 00:00 UTC
[60]	CHAP-Challenge	Contains the CHAP challenge sent by the NAS to a PPP CHAP user
[61]	NAS-Port-Type	Indicates the type of physical port the NAS is using to authenticate the user See the radius dsl-port-type and the radius ethernet-port-type commands in Chapter 2, Configuring RADIUS Attributes.
[62]	Port-Limit	Specifies the maximum number of Multilink Point-to-Point protocol (MP) member links allowed for the subscriber
[64]	Tunnel-Type	Tunneling protocol(s) to be used (in the case of a tunnel initiator) or the tunneling protocol in use (in the case of a tunnel terminator) Only L2TP and L2F supported at this time
[65]	Tunnel-Medium-Type	Transport medium to use when creating a tunnel for those protocols (such as L2TP) that can operate over multiple transports Only Ipv4 supported at this time
[66]	Tunnel-Client Endpoint	Address of the initiator end of the tunnel
[67]	Tunnel-Server-Endpoint	Address of the server end of the tunnel
[68]	Acct-Tunnel-Connection	Indicates the identifier assigned to the tunnel session Value is L2TP call-serial number
[69]	Tunnel-Password	Password to be used to authenticate to a remote server
[77]	Connect-Info	Sent from the NAS to indicate the nature of the user's connection
[82]	Tunnel-Assignment-Id	Indicate to the tunnel initiator the particular tunnel to which a session is to be assigned
[83]	Tunnel-Preference	If more than one set of tunneling attributes is returned by the RADIUS server to the tunnel initiator, this attribute is included in each set to indicate the relative preference assigned to each tunnel. Included in the Tunnel-Link-Start, the Tunnel-Link-Reject, and the Tunnel-Link-Stop packets (LAC only)
[85]	Acct-Interval-Interval	Number of seconds between each interim accounting update in seconds for this specific session
[86]	Acct-Tunnel-Packets-Lost	Number of packets lost on a given link
[87]	NAS-Port-Id	Text string that identifies the physical interface of the NAS that is authenticating the user If the PPP user connects via ATM slot 12, port 2, vpi 100, vci 101, then the NAS-Port-Id value in the RADIUS packets will be atm 12/2:100.101 If the user is a PPP user that started as a result of the ERX LNS feature (that is, no physical port), then the NAS-Port-Id value is as follows: media:local address:peer address:local tunnel id:peer tunnel id:local session id:peer session id:call serial number > For example: ip:172.81.1.98:172.81.1.99:18d:cb8:ce6:9f4:6 > In this case, the local information refers to the LNS, and the peer information refers to the LAC NAS-Port-Id usually contains one of the following: > atm <slot> / <port>:<vpi>.<vci> > fastEthernet <slot> / <port> [:<vlan>] > gigabitEthernet <slot> / <port> [<vlan> > serial <slot>/<port> [:<sonetPath> [/<sonetTributary (x/x/x)> [/<fractionalInterface>] ] ] > from LNS - ip:local ip:peer ip:local tid:peer tid:local sid:peer sid:call serial number · tid - tunnel id · sid - session id
[88]	Framed-Pool	Name of an assigned address pool that should be used to assign an address for the user
[90]	Tunnel-Client-Auth-Id	Name used by the tunnel initiator during the authentication phase of tunnel establishment
[91]	Tunnel-Server-Auth-Id	Name used by the tunnel terminator during the authentication phase of tunnel establishment
[242]	Ascend-Data-Filter	RADIUS policy definitions allow you to configure a policy that consists of Filter/Forward rules based on classified packet flows. The RADIUS policy definitions use the Ascend-Data-Filter format or Filter-Id, Ingress-Policy-Name, and Egress-Policy-Name.

Standard Number	Attribute Name	Length	Subtype Length	Value
[26-1]	Juniper-Virtual-Router	len	sublen	string: virtual-router-name
[26-2]	Address-Pool-Name	len	sublen	string: address-pool-name
[26-3]	Local-Interface	len	sublen	string: local-interface
[26-4]	Primary-DNS	12	6	string: primary-dns-address
[26-5]	Secondary-DNS	12	6	string: secondary-dns-address
[26-6]	Primary-WINS (NBNS)	12	6	string: primary-wins-address
[26-7]	Secondary-WINS (NBNS)	12	6	string: secondary-wins-address
[26-8]	Tunnel-Virtual-Router	len	sublen	string: tunnel-virtual-router
[26-9]	Tunnel-Password	len	sublen	string: tunnel-password
[26-10]	Ingress-Policy-Name	len	sublen	string: input-policy-name
[26-11]	Egress-Policy-Name	len	sublen	string: output-policy-name
[26-12]	Ingress-Statistics	12	6	integer: 0 = disable, 1 = enable
[26-13]	Egress-Statistics	12	6	integer: 0 = disable, 1 = enable
[26-14]	Atm-Service-Category	12	6	integer: 1= UBR, 2= UBR PCR, 3=NRT VBR, 4=CBR
[26-15]	Atm-PCR	12	6	integer: 4-octet
[26-16]	Atm-SCR	12	6	integer: 4-octet
[26-17]	Atm-MBS	12	6	integer: 4-octet
[26-18]	Juniper-Initial-CLI-Access-Level	len	sublen	single attribute: enter 0, 1, 5, 10, or 15
[26-19]	Juniper-Allow-All-VR-Access	len	sublen	integer: 0 = disable, 1 = enable
[26-20]	Juniper-Alt-CLI-Access-Level	len	sublen	single attribute; enter 0, 1, 5, 10, or 15
[26-21]	Juniper-Alt-CLI-Virtual-Router-Name	len	sublen	string: virtual-router-name
[26-22]	Sa-Validate	len	sublen	integer: 0 = disable, 1 = enable
[26-23]	Igmp-Enable	len	sublen	integer: 0 = disable, 1 = enable
[26-24]	Pppoe-Description			string: pppoe<mac addr>
[26-25]	Redirect-VR-Name	len	sublen	authentication-redirection
[26-26]	QoS-Profile-Name	len	sublen	string:qos-profile-name
[26-31]	SSC-Service-Bundle-Name	len	sublen	string
[26-34]	Framed-Ip-Route-Tag	12	6	integer: 4-octet
[26-42]	Acct-Input-Gigapackets	12	6	integer
[26-43]	Acct-Output-GigaPackets	12	6	integer

[Contents] [Prev] [Next] [Index] [Report an Error]