Cisco Asr 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide - Cisco ASR 9000 Series Configuration Manual

Defining AAA Attributes
the named service) through configured "deactivate" action on the Policy Rule Engine or through CoA
"deactivate-service" requests.
The attribute values received from RADIUS interact with the subscriber session in this way:
• BNG merges the values received in the RADIUS update with the existing values that were provisioned
statically by means of CLI commands, or from prior RADIUS updates.
• In all cases, values received in a RADIUS update take precedence over any corresponding CLI provisioned
values or prior RADIUS updates. Even if you reconfigured the CLI provisioned values, the system does
not override session attributes or features that were received in a RADIUS update.
• Changes made to CLI provision values on the dynamic template take effect immediately on all sessions
using that template, assuming the template features have not already been overridden by RADIUS. Same
applies to service updates made through CoA "service-update" requests.
AAA Attribute List
An attribute list is named list that contains a set of attributes. You can configure the RADIUS server to use a
particular attribute list to perform the AAA function.
To create an attribute list, see
AAA Attribute Format
It is possible to define a customized format for some attributes. The configuration syntax for creating a new
format is:
aaa attribute format <format-name> format-string [length] <string> *[<Identity-Attribute>]
where:
• format-name — Specifies the name given to the attribute format. This name is referred when the format
is applied on an attribute.
• length — (Optional) Specifies the maximum length of the formatted attribute string. If the final length
of the attribute string is greater than the value specified in LENGTH, it is truncated to LENGTH bytes.
The maximum value allowed for LENGTH is 255. If the argument is not configured, the default is also
255.
• string — Contains regular ASCII characters that includes conversion specifiers. Only the % symbol is
allowed as a conversion specifier in the STRING. The STRING value is enclosed in double quotes.
• Identity-Attribute — Identifies a session, and includes user-name, ip-address, and mac-address. A list
of currently-defined identity attributes is displayed on the CLI.
Once the format is defined, the FORMAT-NAME can be applied to various AAA attributes such as username,
nas-port-ID, calling-station-ID, and called-station-ID. The configurable AAA attributes that use the format
capability are explained in the section
To create a customized nas-port attribute and apply a predefined format to nas-port-ID attribute , see
RADIUS Attribute Format, on page
Specific functions can be defined for an attribute format for specific purposes. For example, if the input
username is "text@abc.com", and only the portion after "@" is required as the username, a function can be
defined to retain only the portion after "@" as the username. Then, "text" is dropped from the input, and the
new username is "abc.com". To apply username truncation function to a named-attribute format, see
AAA Attribute Format Function, on page

Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide,

Release 4.3.x
32
Configuring Authentication, Authorization, and Accounting Functions
Configuring RADIUS Attribute List, on page
Creating Attributes of Specific Format, on page
39.
42.
37.
33.
Configuring
Configuring
OL-28375-03