Alcatel-Lucent 7750 Reference Manual
  1. Manuals
  2. Brands
  3. Alcatel-Lucent Manuals
  4. Network Router
  5. 7750
  6. Reference manual

Alcatel-Lucent 7750 Reference Manual

Service router radius attributes
Hide thumbs Also See for 7750:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Configuration Manual
RADIUS ATTRIBUTES REFERENCE GUIDE
Alcatel-Lucent 7750
SERVICE ROUTER | RELEASE 13.0.R4
RADIUS ATTRIBUTES REFERENCE GUIDE
Alcatel-Lucent – Proprietary & Confidential
Contains proprietary/trade secret information which is the property of Alcatel-Lucent. Not to be made available
to, or copied or used by anyone who is not an employee of Alcatel-Lucent except when there is a valid non-
disclosure agreement in place which covers such information and contains appropriate non-disclosure and
limited use obligations.
Copyright 2015 © Alcatel-Lucent. All rights reserved.

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the 7750 and is the answer not in the manual?

Questions and answers

Related Manuals for Alcatel-Lucent 7750

Summary of Contents for Alcatel-Lucent 7750

  • Page 1 Contains proprietary/trade secret information which is the property of Alcatel-Lucent. Not to be made available to, or copied or used by anyone who is not an employee of Alcatel-Lucent except when there is a valid non- disclosure agreement in place which covers such information and contains appropriate non-disclosure and limited use obligations.
  • Page 2 This document may contain information regarding the use and installation of non-Alcatel-Lucent products. Please note that this information is provided as a courtesy to assist you. While Alcatel-Lucent tries to ensure that this information accurately reflects information provided by the supplier, please refer to the materials provided with any non-Alcatel-Lucent product and contact the supplier for confirmation.

  • Page 3: Table Of Contents

    [101] Error-Cause Attribute Values ...........240 7750 SR RADIUS Attributes Reference Guide...
  • Page 4 Table of Contents Page 4 7750 SR RADIUS Attributes Reference Guide...
  • Page 5 Table 43: Application Assurance (applicability) ..........131 7750 SR RADIUS Attributes Reference Guide...
  • Page 6 Table 81: RADIUS CoA message [101] Error-Cause values........240 Table 82: RADIUS Disconnect Message [101] Error-Cause Values for IPSec Tunnel....242 Page 6 7750 SR RADIUS Attributes Reference Guide...

  • Page 7: Preface

    Unless explicitly stated differently, the term PPPoE is used in this document to indicate PPPoE, PPPoEoA or PPPoA. • An unsupported attribute that is present in a CoA message is silently ignored, unless explicitly stated differently in the attribute description. 7750 SR RADIUS Attributes Reference Guide Page 7...

  • Page 8: Audience

    Audience This guide is intended for network administrators who are responsible for configuring and operating the 7750 SR routers using RADIUS AAA. It is assumed that the network administrators have an understanding of networking principles and configurations, routing processes, protocols and standards.

  • Page 9: List Of Technical Publications

    Preface List of Technical Publications The 7750 SR documentation set is composed of the following guides: Table 1: List of Technical Publications Guide Description 7750 SR Basic System Configuration Guide This guide describes basic system configurations and operations. 7750 SR System Management Guide This guide describes system security and access configurations as well as event logging and accounting logs.

  • Page 10: Searching For Information

    (OAM) tools. 7750 SR Triple Play Guide This guide describes Triple Play services and support provided by the 7750 SR and presents examples to configure and implement various protocols and services. 7750 SR Quality of Service Guide This guide describes how to configure Quality of Service (QoS) policy management.

  • Page 11: To Search For Specific Information In Multiple Documents

    • Include Bookmarks • Include Comments 6. Click on the Search button. Adobe Reader displays the search results. You can expand the entries for each file by clicking on the + symbol. 7750 SR RADIUS Attributes Reference Guide Page 11...

  • Page 12: Technical Support

    Preface Technical Support If you purchased a service agreement for your 7750 SR router and related products from a distributor or authorized reseller, contact the technical support staff for that distributor or reseller for assistance. If you purchased an Alcatel-Lucent service agreement, follow this link to contact an Alcatel-Lucent support representative and to access product manuals and documentation updates: https://support2.alcatel-lucent.com/portal/olcsHome.do...

  • Page 13: Radius Attributes Reference

    RADIUS Attributes Reference In This Section This document provides an overview of all supported RADIUS Authentication, Authorization and Accounting attributes in Alcatel-Lucent’s 7750 SR OS R13.0 R4. Topics include: • RADIUS Authentication Attributes on page 14 • RADIUS Accounting Attributes on page 141 •...

  • Page 14: Radius Authentication Attributes

    Protocol (CHAP), (Challenge, Response, Success, Failure). The user generated CHAP password length is equal to the defined Limits and contains a one byte CHAP-Identifier from the user's CHAP Response followed by the CHAP Response from the user. Page 14 7750 SR RADIUS Attributes Reference Guide...
  • Page 15 Attribute is also used in CoA and Disconnect Message (part of the ESM or AA user identification-key). Attribute is omitted in accounting via configure subscriber-mgmt radius-accounting-policy <name> include- radius-attribute no framed-ip-addr. 7750 SR RADIUS Attributes Reference Guide Page 15...
  • Page 16 PAP, CHAP authentication success and CHAP authentication failure for CHAP. String length greater than the defined Limits are accepted but truncated at this boundary. Page 16 7750 SR RADIUS Attributes Reference Guide...
  • Page 17 CoA and is sent unmodified by the NAS to the Accounting server as part of the Accounting-Request packet. Strings with a length longer than the defined Limits are accepted but truncated to this boundary. Only first 64B are stored in the CF persistency file. 7750 SR RADIUS Attributes Reference Guide Page 17...
  • Page 18 <sap-string>. A [31] Calling-Station-Id attribute value longer than the allowed maximum is treated as a setup failure. The attribute is omitted in authentication/ accounting via configure subscriber-mgmt authentication-policy/radius- accounting-policy <name> include-radius-attribute no calling-station-id. Page 18 7750 SR RADIUS Attributes Reference Guide...
  • Page 19 Acct-Interim- Indicates the number of seconds between each interim update for this specific Interval session. Attribute values outside the allowed Limits are accepted but are rounded to the minimum or maximum Limit. 7750 SR RADIUS Attributes Reference Guide Page 19...
  • Page 20 Pool-Name and [26-4874-2] ERX-Address-Pool-Name. Framed-Pool names longer than the allowed maximum are treated as host setup failures. Simultaneous returned attributes [88] Framed-Pool and [8] Framed-IP-Address are also handled as host setup failures. Page 20 7750 SR RADIUS Attributes Reference Guide...
  • Page 21 IPv6 addressing to the wan-side of a host via DHCPv6 IA-NA. Attribute is also used in CoA and Disconnect Message (part of the ESM or AA user identification-key). Attribute is omitted in accounting via configure subscriber-mgmt radius-accounting-policy <name> include-radius- attribute no framed-ipv6-prefix. 7750 SR RADIUS Attributes Reference Guide Page 21...
  • Page 22 This attribute is an alternative to [97] Framed-IPv6-Prefix and [26-6527-99] Alc- IPv6-Address, that also assign IPv6 addressing to the wan-side of a host via SLAAC or DHCPv6 IA-NA. Page 22 7750 SR RADIUS Attributes Reference Guide...
  • Page 23 Alternative to [88] Pool-Name and [26-4874-2] ERX-Address-Pool-Name. Framed-Pool names longer than the allowed maximum are treated as host setup failures. Simultaneous returned attributes Pool-Names [8] and Framed-IP-Address are also handled as host setup failures. 7750 SR RADIUS Attributes Reference Guide Page 23...
  • Page 24 The subscriber's operator-configured minimum downstream data rate (coded in Rate-Downstream bits per second) and maps to values received during PPPoE discovery (tag 0x0105) or DHCP (opt-82). Attribute is included/excluded based on configure subscriber-mgmt authentication-policy/radius-accounting-policy <name> include-radius-attribute access-loop-options. Page 24 7750 SR RADIUS Attributes Reference Guide...
  • Page 25 The subscriber's actual one-way upstream interleaving delay in milliseconds Interleaving- and maps to values received during PPPoE discovery (tag 0x0105) or DHCP Delay-Upstream (opt-82). Attribute is included/excluded based on configure subscriber-mgmt authentication-policy/radius-accounting-policy <name> include-radius- attribute access-loop-options. 7750 SR RADIUS Attributes Reference Guide Page 25...
  • Page 26 Tag 0x0105, vendor-id 0x0de9 with sub-option code 0xFE, length field is set to 0x00 into the PPPoE Discovery packets when it is performing an IWF functionality. Attribute is included/excluded based on configure subscriber- mgmt authentication-policy/radius-accounting-policy <name> include- radius-attribute access-loop-options. Page 26 7750 SR RADIUS Attributes Reference Guide...
  • Page 27 PPPoE IPCP option 129 Primary DNS Server address or DHCPv4 option 6 Domain Server. Is an alternative for 26-2352-1 Client-DNS-Pri or 26- 4874-4 ERX-Primary-Dns. Applicable in proxy scenarios only for IPoE. 7750 SR RADIUS Attributes Reference Guide Page 27...
  • Page 28 Circuit-Id). An subscriber is ANCP associated when both strings are equal and for associated subscribers the ingress/egress ANCP QoS rules apply (configure subscriber-mgmt ancp ancp-policy <policy-name> and configure subscriber-mgmt sub-profile ancp ancp-policy <policy-name>. Page 28 7750 SR RADIUS Attributes Reference Guide...
  • Page 29 Values above the allowed Limits are truncated at the Limits boundary. There is no PADO delay if the attribute is omitted or if the attribute is received with a value of zero. 7750 SR RADIUS Attributes Reference Guide Page 29...
  • Page 30 For data-triggered authentication of an IPv6 UE in Distributed Subscriber Management (DSM) context, this attribute contains the IPv6 address that triggered the request. Inclusion of this attribute is configured under configure aaa isa-radius-policy <policy-name> auth-include-attributes ipv6-address. Page 30 7750 SR RADIUS Attributes Reference Guide...
  • Page 31 The value part of each Alc-Subscriber-QoS-Override attribute must be empty (For example, Alc-Subscriber-QoS-Override += i:q:2:). Wrong formatted attributes or too many attributes (see limits) are treated as a setup failure or result in a CoA NAK. 7750 SR RADIUS Attributes Reference Guide Page 31...
  • Page 32 The [26-6527-161] Alc-Delegated-IPv6-Prefix-Length has priority over other possible sources of DPL. (As a fixed or variable DPL under configure service ies/vprn subscriber-interface ipv6 delegated-prefix-length or on the dhcpv6 server configure router dhcp6 local-dhcp-server <server-name> pool <pool-name> delegated-prefix-length). Page 32 7750 SR RADIUS Attributes Reference Guide...
  • Page 33 DPL under configure service ies/vprn <service-id> subscriber- interface <ip-int-name> ipv6 delegated-prefix-length or on the dhcpv6 server configure router dhcp6 local-dhcp-server <server-name pool <pool-name> delegated-prefix-length). DPL values outside the limits are treated as setup failures. 7750 SR RADIUS Attributes Reference Guide Page 33...
  • Page 34 PPP session will be terminated. If local-address-assignment is not enabled on the group-interface for ipv6 client-application ipoe-slaac, then the IPoE host will not be instantiated. Page 34 7750 SR RADIUS Attributes Reference Guide...
  • Page 35 Passing the RADIUS obtained DHCPv6 options to the client is supported for both DHCPv6 proxy and relay. Only the attributes within the defined limits (see limits) are parsed and stored; the remaining attributes are silently ignored. 7750 SR RADIUS Attributes Reference Guide Page 35...
  • Page 36 = 30 min, rebind-timer = 48 min, preferred-lifetime = 1hr, valid-lifetime = 1 day. Note that only a single value can be specified that applies to both IA-NA address and IA-PD prefix. Page 36 7750 SR RADIUS Attributes Reference Guide...
  • Page 37 Specifying a non-existing policy results in a host/session setup failure or in a CoA Reject. All hosts belonging to the subscriber are affected by a UPnP policy override. Changing the upnp-policy will clear all existing upnp-mappings. 7750 SR RADIUS Attributes Reference Guide Page 37...

  • Page 38: Table 3: Subscriber Host Identification (Limits)

    For example: Framed-IP-Netmask = 255.255.255.255 Netmask #PPPoE residential Framed-IP-Netmask = 255.255.255.0 #PPPoE Business with IPCP option 144 support Framed-IP-Netmask = 255.255.255.0 # IPoE Reply- string 253 chars For example: Reply-Message Message MyCustomizedReplyMessage Page 38 7750 SR RADIUS Attributes Reference Guide...
  • Page 39 Framed-Route = "192.168.1.0 0.0.0.0 tag 5" installs a managed route with metric=0 (default), protocol preference = 0 (default) and tagged with tag=5" Class octets 253 chars For example: Class = My Class 7750 SR RADIUS Attributes Reference Guide Page 39...
  • Page 40 For LNS, the value is set to virtual (5) For example: NAS-Port-Type = PPPoEoQinQ (34) Acct-Interim- integer 4 Bytes [300..15552000] seconds Interval For example: # 1 hour interval for interim updates Acct-Interim-Interval = 3600 Page 40 7750 SR RADIUS Attributes Reference Guide...
  • Page 41 # ipv6 address Address For example: NAS-IPv6-Address = 2001:db8::1 Framed-IPv6- ipv6prefix max. 16 Bytes PPPoE SLAAC wan-host Prefix for prefix + 1 <ipv6-prefix/prefix-length> with prefix-length 64 byte for length For example: Framed-IPv6-Prefix 2021:1:FFF3:1::/64 7750 SR RADIUS Attributes Reference Guide Page 41...
  • Page 42 Framed-IPv6-Route = "5000:0:1::/48 :: tag 5" installs a managed route with metric = 0 (default), protocol preference = 0 (default) and tagged with tag = 5 Framed-IPv6- string 32 chars For example: Framed-IPv6-Pool Pool MyWanPoolnameIANA Page 42 7750 SR RADIUS Attributes Reference Guide...
  • Page 43 For example: Agent-Remote-Id = MyRemoteId 26-3561- Actual-Data- integer 4294967295 bps For example: # 1Mbps Rate- Actual-Data-Rate-Upstream = 1000000 Upstream 26-3561- Actual-Data- integer 4294967295 bps For example: # 5Mbps Rate- Actual-Data-Rate-Downstream = 5000000 Downstream 7750 SR RADIUS Attributes Reference Guide Page 43...
  • Page 44 For example: Minimum-Data-Rate-Downstream-Low- Data-Rate- Power = 1000 Downstream- Low-Power 26-3561- Maximum- integer 4294967295 For example: Maximum-Interleaving-Delay-Upstream = Interleaving- milliseconds Delay- Upstream 26-3561- Actual- integer 4294967295 For example: Actual-Interleaving-Delay-Upstream = 10 Interleaving- milliseconds Delay- Upstream Page 44 7750 SR RADIUS Attributes Reference Guide...
  • Page 45 4 Bytes For example: ERX-Primary-Wins = 9.1.1.1 Wins 26-4874-7 ERX- ipadress 4 Bytes For example: ERX-Ipv6-Primary-Dns = 9.1.1.2 Secondary- Wins 26-4874- ERX-Ipv6- ipv6addr 16 Bytes For example: ERX-Secondary-Wins = 4000::1:1:1:1 Primary-Dns 7750 SR RADIUS Attributes Reference Guide Page 45...
  • Page 46 For example: Alc-Primary-Nbns = 9.1.1.1 Nbns 26-6527- Alc- ipaddr 4 Bytes For example: Alc-Secondary-Nbns = 9.1.1.2 Secondary- Nbns 26-6527- Alc-PPPoE- integer [0..30] deci- For example: 3 seconds pado-delay PADO-Delay seconds Alc-PPPoE-PADO-Delay = 30 Page 46 7750 SR RADIUS Attributes Reference Guide...
  • Page 47 # Classless Static Route: 192.168.0.0/16 10.1.255.254 494 Bytes total Alc-ToClient-Dhcp-Options = 0x790710C0A80A01FFFE 26-6527- Alc-Ipv6- ipv6addr 16 Bytes For example: Alc-Ipv6-Primary-Dns = 4000::1:1:1:2 Primary-Dns 26-6527- Alc-Ipv6- ipv6addr 16 Bytes For example: Alc-Ipv6-Secondary-Dns = 4000::1:1:1:2 Secondary- 7750 SR RADIUS Attributes Reference Guide Page 47...
  • Page 48 For example: Alc-ATM-Egress-TD-Profile = 10 Egress-TD- Profile 26-6527- Alc- string 32 chars For example: Alc-Delegated-IPv6-Pool = Delegated- MyLanPoolnameIAPD IPv6-Pool 26-6527- Alc-Access- integer [1..100000] For example: rate 4Mbps Loop-Rate- kbps Alc-Access-Loop-Rate-Down = 4000 Down Page 48 7750 SR RADIUS Attributes Reference Guide...
  • Page 49 0 : fallback to the default lease-time of 7 days. Time seconds [1..4294967295 ] lease-time is seconds For example: Alc-Lease-Time = 3600 26-6527- Alc-DSL- integer 4 Bytes 1=showtime, 2-idle, 3=silent Line-State For example: Alc-DSL-Line-State = SHOWTIME 7750 SR RADIUS Attributes Reference Guide Page 49...
  • Page 50 A non-zero unsigned integer. Valid values are 1, 2 or 4 Error-Code 26-6527- Alc-Onetime- string 247 chars The value of the attribute is opaque. Its presence in a Http-Redirect- RADIUS CoA triggers the action. Reactivate Page 50 7750 SR RADIUS Attributes Reference Guide...
  • Page 51 Lifetime 315446399] Alc-v6-Valid-Lifetime = 86400 seconds 26-6527- Alc-Dhcp6- integer [0 .. 604800] For example: Renew-Time seconds Alc-Dhcp6-Renew-Time = 1800 26-6527- Alc-Dhcp6- integer [0 .. 1209600] For example: Rebind-Time seconds Alc-Dhcp6-Rebind-Time = 2880 7750 SR RADIUS Attributes Reference Guide Page 51...
  • Page 52 Table 4: Subscriber Host Identification (applicability) Attribute Attribute Name Access Access Request Accept Request User-Name User-Password CHAP-Password NAS-IP-Address NAS-Port Service-Type Framed-Protocol Framed-IP-Address Framed-IP-Netmask Reply-Message Framed-Route Class Session-Timeout Idle-Timeout Called-Station-Id Calling-Station-Id NAS-Identifier Acct-Session-Id CHAP-Challenge NAS-Port-Type Page 52 7750 SR RADIUS Attributes Reference Guide...

  • Page 53: Radius Attributes Reference

    Client-DNS-Pri 26-2352-2 Client-DNS-Sec 26-2352-36 Ip-Address-Pool-Name 26-2352-99 RB-Client-NBNS-Pri 26-2352-100 RB-Client-NBNS-Sec 26-3561-1 Agent-Circuit-Id 26-3561-2 Agent-Remote-Id 26-3561-129 Actual-Data-Rate-Upstream 26-3561-130 Actual-Data-Rate-Downstream 26-3561-131 Minimum-Data-Rate-Upstream 26-3561-132 Minimum-Data-Rate-Downstream 26-3561-133 Attainable-Data-Rate-Upstream 26-3561-134 Attainable-Data-Rate-Downstream 26-3561-135 Maximum-Data-Rate-Upstream 26-3561-136 Maximum-Data-Rate-Downstream 26-3561-137 Minimum-Data-Rate-Upstream-Low- Power 7750 SR RADIUS Attributes Reference Guide Page 53...
  • Page 54 26-4874-4 ERX-Primary-Dns 26-4874-5 ERX-Secondary-Dns 26-4874-6 ERX-Primary-Wins 26-4874-7 ERX-Secondary-Wins 26-4874-47 ERX-Ipv6-Primary-Dns 26-4874-48 ERX-Ipv6-Secondary-Dns 26-6527-9 Alc-Primary-Dns 26-6527-10 Alc-Secondary-Dns 26-6527-11 Alc-Subsc-ID-Str 26-6527-12 Alc-Subsc-Prof-Str 26-6527-13 Alc-SLA-Prof-Str 26-6527-16 Alc-ANCP-Str 26-6527-18 Alc-Default-Router 26-6527-27 Alc-Client-Hardware-Addr 26-6527-28 Alc-Int-Dest-Id-Str 26-6527-29 Alc-Primary-Nbns Page 54 7750 SR RADIUS Attributes Reference Guide...
  • Page 55 26-6527-126 Alc-Subscriber-QoS-Override 26-6527-128 Alc-ATM-Ingress-TD-Profile 26-6527-129 Alc-ATM-Egress-TD-Profile 26-6527-131 Alc-Delegated-IPv6-Pool 26-6527-132 Alc-Access-Loop-Rate-Down 26-6527-133 Alc-Access-Loop-Encap-Offset 26-6527-135 Alc-PPP-Force-IPv6CP 26-6527-136 Alc-Onetime-Http-Redirection-Filter- 26-6527-160 Alc-Relative-Session-Timeout 26-6527-161 Alc-Delegated-IPv6-Prefix-Length 26-6527-174 Alc-Lease-Time 26-6527-175 Alc-DSL-Line-State 26-6527-176 Alc-DSL-Type 26-6527-177 Alc-Portal-Url 26-6527-178 Alc-Ipv6-Portal-Url 26-6527-180 Alc-SAP-Session-Index 7750 SR RADIUS Attributes Reference Guide Page 55...
  • Page 56 Table 4: Subscriber Host Identification (applicability) (Continued) Attribute Attribute Name Access Access Request Accept Request 26-6527-181 Alc-SLAAC-IPv6-Pool 26-6527-183 Alc-WPP-Error-Code (Access- Reject only) 26-6527-185 Alc-Onetime-Http-Redirect-Reactivate 26-6527-191 Alc-ToServer-Dhcp6-Options 26-6527-192 Alc-ToClient-Dhcp6-Options 26-6527-200 Alc-v6-Preferred-Lifetime 26-6527-201 Alc-v6-Valid-Lifetime 26-6527-202 Alc-Dhcp6-Renew-Time 26-6527-203 Alc-Dhcp6-Rebind-Time 26-6527-217 Alc-UPnP-Sub-Override-Policy Page 56 7750 SR RADIUS Attributes Reference Guide...

  • Page 57: Wholesale-Retail - Local Access Mode

    <ip-int- name> or configure service <service-id> vpls sap <sap-id> msap-defaults group-interface <ip-int-name>). Strings above the Limits and an omitted attribute without explicit created msap-defaults are treated as setup failures. 7750 SR RADIUS Attributes Reference Guide Page 57...

  • Page 58: Table 6: Wholesale-Retail: Local Access Mode (Limits)

    Interface-name must start with a letter Interface For example: Alc-MSAP-Interface = group-1 Table 7: Wholesale-Retail: Local Access Mode (applicability) Attribute ID Attribute Name Access Access Request Accept Request 26-6527-17 Alc-Retail-Serv-Id 26-6527-31 Alc-MSAP-Serv-Id 26-6527-32 Alc-MSAP-Policy 26-6527-33 Alc-MSAP-Interface Page 58 7750 SR RADIUS Attributes Reference Guide...

  • Page 59: Wholesale-Retail - L2Tp Tunneled Access Mode

    Tunnel-Server-Endpoint attributes with the same tag can be inserted. All tunnels specified by Tunnel-Sever-Endpoint attributes with a given tag will use the tunnel parameters specified by the other Tunnel attributes having the same tag value. 7750 SR RADIUS Attributes Reference Guide Page 59...
  • Page 60 Tunnel-Private-Group-ID The group ID for a particular tunnelled session. This RADIUS attribute is copied by a 7750 LAC in AVP 37 - Private Group ID (ICCN) and is used by the LAC to indicate that this call is to be associated with a particular customer group.
  • Page 61 Any other RADIUS returned L2TP parameter is ignored and other required info to setup the tunnel will have to come from the CLI created context. Strings above the Limits are treated as a setup failure. 7750 SR RADIUS Attributes Reference Guide Page 61...
  • Page 62 The value with tag 0 is used as default for the tunnels where the value is not specified. Pre-configured values are used when attribute is omitted (configure router/service vprn <service-id> l2tp hello-interval). Values outside Limits are treated as a setup failure. Page 62 7750 SR RADIUS Attributes Reference Guide...
  • Page 63 LNS secret defined in attribute [69] Tunnel-Password or in configuration. If no password is specified, the tunnel setup will fail for values 'sensitive-only' and 'all'. Values outside the Limits are treated as a setup failure. 7750 SR RADIUS Attributes Reference Guide Page 63...
  • Page 64 The service-id from which the tunnel should be established, enables the tunnel origin to be in a VPRN (VRF). The default value = Base. Values above the Limits or unreferenced are treated as a setup failure. Page 64 7750 SR RADIUS Attributes Reference Guide...
  • Page 65 When tunnel recovery method is set to recovery-tunnel but LNS does not support this capability, then the system automatically falls back to mcs. Values outside the limits are treated as a setup failure. 7750 SR RADIUS Attributes Reference Guide Page 65...
  • Page 66 Pre-configured values are used when attribute is omitted (configure router/service vprn <service-id> l2tp failover recovery-time). Values outside the limits are treated as a setup failure. Page 66 7750 SR RADIUS Attributes Reference Guide...
  • Page 67 01332e332e332e33 attributes or Tunnel-Server-Endpoint:1 = 3.3.3.3 limited by Radius message size Tunnel- string 64 chars For example: Tunnel-Password:1 = password Password Tunnel- string 32 chars For example: Tunnel-Private-Group-ID:1 = Private- MyPrivateTunnelGroup Group-ID 7750 SR RADIUS Attributes Reference Guide Page 67...
  • Page 68 MyCliTunnelGroupName 26-6527-46 Alc-Tunnel- string 32 chars node pre-configured tunnel-group Group For example: Alc-Tunnel-Group = MyCliTunnelGroupName 26-6527-47 Alc-Tunnel- integer values [1..3] 1=weighted-access,2=existing-first , 3=weighted- Algorithm random default=existing-first For example: Alc-Tunnel-Algorithm:0 = weighted- access Page 68 7750 SR RADIUS Attributes Reference Guide...

  • Page 69: Table 9: Wholesale-Retail: L2Tp Tunneled Access Mode (Limits)

    For example: # retry 2 times for all tunnels in Estab tunnel group Alc-Tunnel-Max-Retries-Estab:0 = 2 26-6527-53 Alc-Tunnel- integer [2..7] default 5 Max-Retries- For example: # retry 2 times for all tunnels in Not-Estab tunnel group Alc-Tunnel-Max-Retries-Not-Estab:0 = 2 7750 SR RADIUS Attributes Reference Guide Page 69...
  • Page 70 [0..1] 0=recovery-tunnel, 1=mcs; default = 0 Recovery- For example: Alc-Tunnel-Recovery-Method:1 = Method recovery-tunnel 26-6527-215 Alc-Tunnel- integer [0..900] [0..900] in seconds; default = 0 Recovery- seconds For example: Alc-Tunnel-Recovery-Time = 180 Time Page 70 7750 SR RADIUS Attributes Reference Guide...

  • Page 71: Table 10: Wholesale-Retail: L2Tp Tunneled Access Mode (Applicability)

    Tunnel-Password Tunnel-Private-Group-ID Tunnel-Assignment-ID Tunnel-Preference Tunnel-Client-Auth-ID Tunnel-Server-Auth-ID 26-2352-21 Tunnel-Max-sessions 26-4874-33 ERX-Tunnel-Maximum- Sessions 26-4874-64 ERX-Tunnel-Group 26-6527-46 Alc-Tunnel-Group 26-6527-47 Alc-Tunnel-Algorithm 26-6527-48 Alc-Tunnel-Max-Sessions 26-6527-49 Alc-Tunnel-Idle-Timeout 26-6527-50 Alc-Tunnel-Hello-Interval 26-6527-51 Alc-Tunnel-Destruct-Timeout 26-6527-52 Alc-Tunnel-Max-Retries-Estab 26-6527-53 Alc-Tunnel-Max-Retries-Not- Estab 26-6527-54 Alc-Tunnel-AVP-Hiding 7750 SR RADIUS Attributes Reference Guide Page 71...
  • Page 72 Table 10: Wholesale-Retail: L2TP Tunneled Access Mode (applicability) (Continued) Attribute ID Attribute Name 26-6527-97 Alc-Tunnel-Challenge 26-6527-100 Alc-Serv-Id 26-6527-101 Alc-Interface 26-6527-104 Alc-Tunnel-Serv-Id 26-6527-120 Alc-Tunnel-Rx-Window-Size 26-6527-144 Alc-Tunnel-Acct-Policy (untag- ged) 26-6527-204 Alc-Tunnel-DF-bit 26-6527-214 Alc-Tunnel-Recovery-Method 26-6527-215 Alc-Tunnel-Recovery-Time Page 72 7750 SR RADIUS Attributes Reference Guide...

  • Page 73: Business Service Access

    <name> include-radius-attribute framed- route. Associated managed routes for an instantiated routed subscriber host are included in RADIUS accounting messages independent of the state of the managed route (Installed, Shadowed or HostInactive). 7750 SR RADIUS Attributes Reference Guide Page 73...
  • Page 74 <name> include-radius-attribute framed-ipv6-route. Associated managed routes for an instantiated routed subscriber host are included in RADIUS accounting messages independent of the state of the managed route (Installed, Shadowed or HostInactive). Page 74 7750 SR RADIUS Attributes Reference Guide...
  • Page 75 Policy names above the maximum length result in a host setup failure. 26-6527-60 Alc-BGP-PeerAS Optional attribute for dynamic BGPv4 peering. Specifies the Autonomous System number for the remote BGPv4 peer. 7750 SR RADIUS Attributes Reference Guide Page 75...
  • Page 76 (if pre-configured policies for peer are exact 15). Host setup is successful but without export policy applied if a non existing policy name is received. Policy names above the maximum length result in a host setup failure. Page 76 7750 SR RADIUS Attributes Reference Guide...
  • Page 77 Policy names above the maximum length result in a host setup failure. 26-6527-213 Alc-BGP-IPv6-PeerAS Optional attribute for dynamic BGPv6 peering. Specifies the Autonomous System number for the remote BGPv6 peer. 7750 SR RADIUS Attributes Reference Guide Page 77...

  • Page 78: Table 12: Business Access (Limits)

    100" installs a managed route with metric=10, protocol preference = 100 and tagged with tag=3 Framed-Route = "192.168.1.0 0.0.0.0 tag 5" installs a managed route with metric=0 (default), protocol preference = 0 (default) and tagged with tag=5" Page 78 7750 SR RADIUS Attributes Reference Guide...
  • Page 79 Framed-IPv6-Route = "5000:0:1::/48 :: tag 5" installs a managed route with metric = 0 (default), protocol preference = 0 (default) and tagged with tag = 5 26-6527-55 Alc-BGP- string 32 chars For example: Alc-BGP-Policy = MyBGPPolicy Policy 7750 SR RADIUS Attributes Reference Guide Page 79...
  • Page 80 32 chars For example: Alc-BGP-IPv6-Export-Policy = IPv6-Export- to_dynamic_bgpv6_peer Policy 26-6527-212 Alc-BGP- string 32 chars For example: Alc-BGP-IPv6-Import-Policy = IPv6-Import- from_dynamic_bgpv6_peer Policy 26-6527-213 Alc-BGP- integer [1..429496729 For example: Alc-BGP-IPv6-PeerAS = 64500 IPv6-PeerAS Page 80 7750 SR RADIUS Attributes Reference Guide...

  • Page 81: Table 13: Business Access (Applicability)

    Access Request Accept Request Framed-Route Framed-IPv6-Route 26-6527-55 Alc-BGP-Policy 26-6527-56 Alc-BGP-Auth-Keychain 26-6527-57 Alc-BGP-Auth-Key 26-6527-58 Alc-BGP-Export-Policy 26-6527-59 Alc-BGP-Import-Policy 26-6527-60 Alc-BGP-PeerAS 26-6527-207 Alc-RIP-Policy 26-6527-208 Alc-BGP-IPv6-Policy 26-6527-209 Alc-BGP-IPv6-Auth-Keychain 26-6527-210 Alc-BGP-IPv6-Auth-Key 26-6527-211 Alc-BGP-IPv6-Export-Policy 26-6527-212 Alc-BGP-IPv6-Import-Policy 26-6527-213 Alc-BGP-IPv6-PeerAS 7750 SR RADIUS Attributes Reference Guide Page 81...

  • Page 82: Accounting On-Line Charging

    Time quota values above the defined limits are accepted and capped at maximum value. If more attributes are present than allowed by the limits, it is treated as a setup failure. Page 82 7750 SR RADIUS Attributes Reference Guide...

  • Page 83: Table 15: Accounting: On-Line Charging (Limits)

    15m60s is not. For example: 500 MByte volume credit for category cat1 and 1 day, 2 hours, 3 minutes and 4 seconds time credit for category cat2 Alc-Credit-Control-Quota += 500MB|0|cat1, Alc-Credit-Control-Quota += 0|1d2h3m4s|cat2, 7750 SR RADIUS Attributes Reference Guide Page 83...

  • Page 84: Table 16: Accounting: On-Line Charging (Applicability)

    Accounting On-Line Charging Table 16: Accounting: On-Line Charging (applicability) Attribute ID Attribute Name Access Access CoA Request Request Accept 26-6527-95 Alc-Credit-Control- CategoryMap 26-6527-96 Alc-Credit-Control- Quota Page 84 7750 SR RADIUS Attributes Reference Guide...

  • Page 85: Ip And Ipv6 Filters

    Mixing formats in a single RADIUS message results in a failure. Important note: Shared filter entries should only be used if many hosts share the same set of filter rules that need to be controlled from RADIUS. 7750 SR RADIUS Attributes Reference Guide Page 85...
  • Page 86 Nas-Filter-Rule but it has a different format. The format used to specify host- specific filter entries (NAS-Filer-Rule format or Alc-Ascend-Data-Filter- Host-Spec format) cannot change during the lifetime of the subscriber host. Mixing formats in a single RADIUS message results in a failure. Page 86 7750 SR RADIUS Attributes Reference Guide...

  • Page 87: Table 18: Ip And Ipv6 Filters (Limits)

    See IP Filter Attribute Details (IPv4), 140 bytes (IPv6) on page 90 for a description of the format. For example:# permit in ip from any to 10.1.1.1/32 Ascend-Data-Filter = 0x01010100000000000a0101010020 0000000000000000 7750 SR RADIUS Attributes Reference Guide Page 87...
  • Page 88 0x00 or “ “ (a space) removes the shared filter entries for that host. See also IP Filter Attribute Details on page For example:Alc-Nas-Filter-Rule- Shared = permit in ip from any to 10.1.1.1/32 Page 88 7750 SR RADIUS Attributes Reference Guide...

  • Page 89: Table 19: Ip And Ipv6 Filters (Applicability)

    For example:# permit in ip from any to 10.1.1.1/32 Alc-Ascend-Data-Filter-Host-Spec = 0x01010100000000000a0101010020 0000000000000000 Table 19: IP and IPv6 Filters (applicability) Attribute ID Attribute Name Access Access Request Accept Request NAS-Filter-Rule Ascend-Data-Filter 26-6527-134 Alc-Subscriber-Filter 26-6527-158 Alc-Nas-Filter-Rule-Shared 26-6527-159 Alc-Ascend-Data-Filter-Host-Spec 7750 SR RADIUS Attributes Reference Guide Page 89...

  • Page 90: Table 20: [92] Nas-Filter-Rule Attribute Format

    = host-ip-address; src-port eq 100 egress: src-ip = ip-prefix/length; src-port eq 100 200-65535 ingress: src-ip = host-ip-address; src-port range 200 65535 egress: src-ip = ip-prefix/length; src-port range 200 65535 Page 90 7750 SR RADIUS Attributes Reference Guide...
  • Page 91 <options: tcpoptions> not supported window not supported sack not supported not supported !mss not supported !window not supported !sack not supported not supported mss,window,sack,ts not supported 7750 SR RADIUS Attributes Reference Guide Page 91...
  • Page 92 <options: setup> setup tcp-syn true tcp-ack false protocol tcp <options: tcpflags> tcp-syn true !syn tcp-syn false tcp-ack true !ack tcp-ack false not supported not supported not supported not supported Page 92 7750 SR RADIUS Attributes Reference Guide...
  • Page 93 1 icmptypesv6> time-to-live exceeded icmp-type 3 IP header bad icmp-type 4 echo request icmp-type 128 echo reply icmp-type129 router solicitation icmp-type 133 router advertisement icmp-type 134 redirect icmp-type 137 7750 SR RADIUS Attributes Reference Guide Page 93...

  • Page 94: Table 21: [242] Ascend-Data-Filter Attribute Format

    Port number of the destination port Source port qualifier 1 byte 0 = no compare 1 = less than 2 = equal to 3 = greater than 4 = not equal to (not supported) Page 94 7750 SR RADIUS Attributes Reference Guide...
  • Page 95 Destination port qualifier 1 byte 0 = no compare 1 = less than 2 = equal to 3 = greater than 4 = not equal to (not supported) Reserved 2 bytes ignored 7750 SR RADIUS Attributes Reference Guide Page 95...

  • Page 96: Subscriber Host Creation

    An individual DHCPv4 session is terminated with a CoA with attribute [26- 6527-98] Alc-Force-Nak. The NAS initiates the ForceRenew procedure which will be blocked (reply on client DHCP Request with DHCP Nak and send DHCP Release to DHCP server). Page 96 7750 SR RADIUS Attributes Reference Guide...

  • Page 97: Table 23: Subscriber Host Creation (Limits)

    Alc-Create-Host = 1 26-6527-27 Alc-Client-Hardware- string 6 Bytes For example: Alc-Client-Hardware-Addr = Addr 00:00:00:00:00:01 26-6527-98 Alc-Force-Nak string no limits The attribute value is ignored For example: Alc-Force-Nak = anything Alc-Force-Nak = 1 7750 SR RADIUS Attributes Reference Guide Page 97...

  • Page 98: Table 24: Subscriber Host Creation (Applicability)

    Subscriber Host Creation Table 24: Subscriber host creation (applicability) Attribute ID Attribute Name Access Access Request Accept Request Framed-IP-Address NAS-Port-Id 26-6527-14 Alc-Force-Renew 26-6527-15 Alc-Create-Host 26-6527-27 Alc-Client-Hardware-Addr 26-6527-98 Alc-Force-Nak Page 98 7750 SR RADIUS Attributes Reference Guide...

  • Page 99: Subscriber Services

    With value = 0, the interim accounting is switched off. The subscriber service accounting interim interval cannot be changed for an active subscriber service. 26-6527-155 Alc-Sub-Serv-Internal For internal use only 7750 SR RADIUS Attributes Reference Guide Page 99...

  • Page 100: Table 26: Subscriber Services (Limits)

    Ivl:1 = 3600 Table 27: Subscriber Services (applicability) Attribute ID Attribute Name Access Access Max. Tag Request Accept Request 26-6527-151 Alc-Sub-Serv-Activate 0-31 (untagged) 26-6527-152 Alc-Sub-Serv-Deactivate 0-31 26-6527-153 Alc-Sub-Serv-Acct-Stats-Type 0-31 26-6527-154 Alc-Sub-Serv-Acct-Interim-Ivl 0-31 Page 100 7750 SR RADIUS Attributes Reference Guide...

  • Page 101: Wlan Gateway

    CPM. For CPM generated authentication or accounting, the inclusion of calling-station-id MUST explicitly specify the format of the calling-station-id as MAC: configure subscriber-mgmt authentication- policy | radius-accounting-policy name include-radius-attribute calling- station-id mac. 7750 SR RADIUS Attributes Reference Guide Page 101...
  • Page 102 DHCP lease state and echoed by the SROS accounting. 26-6527-149 Alc-Num-Attached- Number of attached WIFI UEs. The attribute is forwarded by the RADIUS proxy when received in an Access-Request from the AP. Page 102 7750 SR RADIUS Attributes Reference Guide...
  • Page 103 <ip-filter-name>. This filter will be applied to the DSM UE. This overrides the value configured under configure service ies/vprn <svc-id> subscriber-interface <subscriber-interface-name> group- interface <group-interface-name> wlan-gw vlan-tag-ranges range start <starting-vlan> end <ending-vlan> distributed-sub-mgmt dsm-ip-filter. 7750 SR RADIUS Attributes Reference Guide Page 103...
  • Page 104 IMSI. This should be provided for any GTP-C user. 26-10415-5 3GPP-GPRS- Used to signal the QOS for default bearer or primary PDP context via GTP Negotiated-QoS-Profile “QOS IE” in create-PDP-context and "Bearer QOS" in create-session-request Page 104 7750 SR RADIUS Attributes Reference Guide...
  • Page 105 GTP mapping is specified in 3GPP specification 29.061. If not present, no user location will be reflected in GTP. Radius servers can use the information from e.g. called-station-id, Alc-Wlan-SSID-VLAN and/or NAS-Port-ID to create a corresponding ULI value. 7750 SR RADIUS Attributes Reference Guide Page 105...

  • Page 106: Table 29: Wlan Gateway (Limits)

    Alc-MsIsdn string 9..15 digits For example: Alc-MsIsdn = 13109976224 26-6527- Alc-RSSI integer 32 bit value For example: Alc-RSSI = 30 26-6527- Alc-Num- integer 32 bit value For example: Alc-Num-Attached-Ues = 3 Attached-Ues Page 106 7750 SR RADIUS Attributes Reference Guide...
  • Page 107 If outside of the specified range, 5 will be used. Default- Bearer-Id 26-6527- Alc-Wlan- string 247 chars Textual representation of the vlan. If no vlan-tag was SSID-VLAN present this attribute will not be included. For example: Alc-Wlan-SSID-VLAN = “2173” 7750 SR RADIUS Attributes Reference Guide Page 107...
  • Page 108 16.4.7.2 Characteristics For example: 3GPP-Charging-Characteristics = 1A2B 26-10415- 3GPP- string 14..16 digits 3GPP vendor specific attribute as defined in TS 29.061. IMEISV 26-10415- 3GPP-User- octets 247 bytes Specified in TS 29.061 Location-Info Page 108 7750 SR RADIUS Attributes Reference Guide...

  • Page 109: Table 30: Wlan Gateway (Applicability)

    26-6527-148 Alc-RSSI 26-6527-149 Alc-Num-Attached-Ues 26-6527-172 Alc-Wlan-Portal-Redirect 26-6527-173 Alc-Wlan-Portal-Url 26-6527-179 Alc-GTP-Local-Breakout 26-6527-184 Alc-Wlan-Ue-Creation-Type 26-6527-186 Alc-Wlan-Dsm-Ot-Http-Redirect-Url 26-6527-187 Alc-Wlan-Dsm-Ip-Filter 26-6527-188 Alc-Wlan-Dsm-Ingress-Policer 26-6527-189 Alc-Wlan-Dsm-Egress-Policer 26-6527-190 Alc-Wlan-Handover-Ip-Address 26-6527-205 Alc-GTP-Default-Bearer-Id 26-6527-206 Alc-Wlan-SSID-VLAN 26-6527-216 Alc-Datatrig-Lease-Time 26-10415-1 3GPP-IMSI 26-25053-2 Ruckus-Sta-RSSI 7750 SR RADIUS Attributes Reference Guide Page 109...
  • Page 110 WLAN Gateway Table 30: WLAN Gateway (applicability) (Continued) Attribute ID Attribute Name 26-10415-5 3GPP-GPRS-Negotiated-QoS-Profile 26-10415-7 3GPP-GGSN-Address 26-10415-13 3GPP-Charging-Characteristics 26-10415-20 3GPP-IMEISV 26-10415-22 3GPP-User-Location-Info Page 110 7750 SR RADIUS Attributes Reference Guide...

  • Page 111: Dynamic Data Services

    Dyn-Serv-Policy is specified for modify or teardown actions, it must point to the same dynamic services policy as used during the dynamic data service setup. If a different policy is specified, the action fails. 7750 SR RADIUS Attributes Reference Guide Page 111...
  • Page 112 Overrides the local configured value in the Dynamic Services Policy.The dynamic data service accounting statistics type cannot be changed for an active service. The attribute is rejected if the script action is different from setup Page 112 7750 SR RADIUS Attributes Reference Guide...

  • Page 113: Table 32: Dynamic Data Services (Limits)

    For example: Alc-Dyn-Serv-Script- Action:1 = 2 26-6527-167 Alc-Dyn-Serv-Policy string 1 VSA per tag per The name of the local configured message; max. Dynamic Service Policy length: 32 chars. For example: Alc-Dyn-Serv-Policy:1 = dynsvc-policy-1 7750 SR RADIUS Attributes Reference Guide Page 113...
  • Page 114 1 VSA per tag per 1=off, 2=volume-time, 3=time Stats-Type-1 message For example: Alc-Dyn-Serv-Acct-Stats- Type-1:1 = 1 26-6527-171 Alc-Dyn-Serv-Acct- integer 1 VSA per tag per 1=off, 2=volume-time, 3=time Stats-Type-2 message For example: Alc-Dyn-Serv-Acct-Stats- Type-2:1 = 2 Page 114 7750 SR RADIUS Attributes Reference Guide...

  • Page 115: Table 33: Dynamic Data Services (Applicability)

    Action Alc-Dyn-Serv-Policy Default policy used when not specified for create Must be same as used for setup if specified for Modify or Teardown. Alc-Dyn-Serv-Acct- X (**) X (**) Ignored in Modify Interim-Ivl-1 7750 SR RADIUS Attributes Reference Guide Page 115...
  • Page 116 M = Mandatory, O = Optional, X = May Not, N/A = Not Applicable (ignored) (*) = CoA Nackd if not specified (Error Cause: 402 — Missing Attribute) (**) = CoA Nackd if specified (Error Cause: 405 — Unsupported Service) Page 116 7750 SR RADIUS Attributes Reference Guide...

  • Page 117: Lawful Intercept

    CoA or RADIUS Accept or the value of 0 is used if this VSA is not present at all. The length of the attribute changes if the CLI parameter direction-bit (dir-bit) under the mirror-dest layer-3-encap is enabled or not (see limits). 7750 SR RADIUS Attributes Reference Guide Page 117...

  • Page 118: Table 36: Lawful Intercept (Limits)

    Policy-Name 26-6527-138 Alc-LI-Intercept- integer 29b w dir-bit 29b = [0..536870911] 30b w/o dir-bit 30b = [0..1073741823] For example: Alc-LI-Intercept-Id = 1234 26-6527-139 Alc-LI-Session-Id integer [0..429496729 For example: Alc-LI-Session-Id = 8888 5] id Page 118 7750 SR RADIUS Attributes Reference Guide...

  • Page 119: Table 37: Lawful Intercept (Applicability)

    RADIUS Attributes Reference Table 37: Lawful Intercept (applicability) Attribute ID Attribute Name Access Access Encrypted Request Accept Request 26-6527-122 Alc-LI-Action 26-6527-123 Alc-LI-Destination 26-6527-124 Alc-LI-FC 26-6527-125 Alc-LI-Direction 26-6527-137 Alc-Authentication-Policy- Name 26-6527-138 Alc-LI-Intercept-Id 26-6527-139 Alc-LI-Session-Id 7750 SR RADIUS Attributes Reference Guide Page 119...

  • Page 120: Ipsec

    <policy-name> include-radius-attribute caling-station- Acct-Session-Id A unique identifier representing an IKEv2 remote-access tunnel session that is authenticated. Same Acct-Session-Id is included in both access-request and accounting-request. The format is local_gw_ip-remote_ip:remote_port- time_stamp. Page 120 7750 SR RADIUS Attributes Reference Guide...
  • Page 121 <service-id>). A default private service is used when this attribute is omitted (configure service vprn interface sap ipsec-gw default- secure-service). If the returned service id doesn't exist/out-of limits or exists but not a VPRN service, the tunnel setup will fail. 7750 SR RADIUS Attributes Reference Guide Page 121...
  • Page 122 IPSec anti-replay window size, used by IKEv1/v2 remote-access tunnel. The Window replay-window size in tunnel-template is used when this attribute is omitted (configure ipsec tunnel-template replay-window <size>). Values different than the Limits are treated as a tunnel setup failure Page 122 7750 SR RADIUS Attributes Reference Guide...
  • Page 123 The IPv6 DNS server address to be assigned to an IKEv2 remote-access tunnel client via IKEv2 configuration payload: INTERNAL_IP6_DNS. Up to four DNS server addresses can be returned to a client, which could be any combination of Alc-Primary-Dns, Alc-Secondary-Dns, Alc-Ipv6-Primary- Dns and Alc-Ipv6-Secondary-Dns. 7750 SR RADIUS Attributes Reference Guide Page 123...

  • Page 124: Table 39: Ipsec (Limits)

    2001:DB8:CAFE:1::100/128 26-311-16 MS-MPPE-Send-Key string 254 bytes Binary string 26-311-17 MS-MPPE-Recv-Key string 254 bytes Binary string 26-6527-9 Alc-Primary-Dns ipaddr Up to 4 For example: attributes (4B Alc-Primary-Dns = 192.168.1.1 per attribute) Page 124 7750 SR RADIUS Attributes Reference Guide...
  • Page 125 26-6527-105 Alc-Ipv6- Primary-Dns ipv6addr Up to 4 For example: attributes (16B Alc-Ipv6-Primary-Dns = per attribute) 2001:DB8:1::1 26-6527-106 Alc-Ipv6- Secondary-Dns ipv6addr Up to 4 For example: attributes (16B Alc-Ipv6-Secondary-Dns = per attribute) 2001:DB8:2::1 7750 SR RADIUS Attributes Reference Guide Page 125...

  • Page 126: Table 40: Ipsec (Applicability)

    Nas-Port-Id Framed-IPv6-Prefix 26-311-16 MS-MPPE-Send-Key 26-311-17 MS-MPPE-Recv-Key 26-6527-9 Alc-Primary-Dns 26-6527-10 Alc-Secondary-Dns 26-6527-61 Alc-IPsec-Serv-Id 26-6527-62 Alc-IPsec-Interface 26-6527-63 Alc-IPsec-Tunnel-Template-Id 26-6527-64 Alc-IPsec-SA-Lifetime 26-6527-65 Alc-IPsec-SA-PFS-Group 26-6527-66 Alc-IPsec-SA-Encr-Algorithm 26-6527-67 Alc-IPsec-SA-Auth-Algorithm 26-6527-68 Alc-IPsec-SA-Replay-Window 26-6527-105 Alc-Ipv6- Primary-Dns 26-6527-106 Alc-Ipv6- Secondary-Dns Page 126 7750 SR RADIUS Attributes Reference Guide...

  • Page 127: Application Assurance

    CoA will be rejected. The change of an application profile to one configured under a different group/partition or the modification of the application profile of a static AA-subscriber is not allowed and will be treated as setup failures. 7750 SR RADIUS Attributes Reference Guide Page 127...
  • Page 128 VSA. Each new argument must be preceded by “&” so as to be understood properly by a web server, the format for the Alc-AA-Sub-Http-Url-Param string must be for instance: "&<arg1>=<value1>" or "&<arg1>=<value1>&<arg2>=<value2>" This VSA string can be overwritten through CoA. Page 128 7750 SR RADIUS Attributes Reference Guide...
  • Page 129 When a ASO VSA is received any existing overrides will remain and the new overrides are cumulative. If there are multiple ASO VSAs for the same characteristic in the COA, the last one will take effect. 7750 SR RADIUS Attributes Reference Guide Page 129...

  • Page 130: Table 42: Application Assurance (Limits)

    Alc-AA-Sub-Http-Url-Param = "&Provider=ISPname&Location=Station21" 26-6527-193 Alc-AA-App-Service- string 65 bytes per Format charteristic=value, Options string (char. # For example: Alc-AA-App- Service- 32bytes + 1 Options = “ServiceTier=Bronze” byte + value 32bytes) 32 VSAs per message Page 130 7750 SR RADIUS Attributes Reference Guide...

  • Page 131: Table 43: Application Assurance (Applicability)

    RADIUS Attributes Reference Table 43: Application Assurance (applicability) Attribute ID Attribute Name Access Access Request Accept Request Framed-IP-Address NAS-Port-Id Framed-IPv6-Prefix 26-6527-11 Alc-Subsc-ID-Str 26-6527-45 Alc-App-Prof-Str 26-6527-130 Alc-AA-Transit-IP 26-6527-182 Alc-AA-Sub-Http-Url-Param 26-6527-193 Alc-AA-App-Service-Options 7750 SR RADIUS Attributes Reference Guide Page 131...

  • Page 132: Cli User Authentication And Authorization

    (Console). Acct-Session-Id A unique, without meaning, generated number per authenticated user and reported in all accounting messages and used to correlate users CLI commands (accounting data) from the same user. Page 132 7750 SR RADIUS Attributes Reference Guide...
  • Page 133 Specifies the default action (permit-all, deny-all or none) when the user has entered a command and none of the commands-strings in [26-6527- 6]Timetra-Cmd resulted in a match condition. The attribute is mandatory and required even if the [36-6527-6] Timetra-Cmd's are not used. 7750 SR RADIUS Attributes Reference Guide Page 133...
  • Page 134 This temporary profile is build from the mandatory attribute [26- 6527-5]Timetra-Default-Action and optional attributes [26-6527-6] Timetra- Cmd, [26-6527-7] Timetra-Action. 26-6527-8 Timetra-Exec-File Specifies the file that is executed whenever the user is successfully authenticated. Page 134 7750 SR RADIUS Attributes Reference Guide...

  • Page 135: Table 45: Cli User Authentication And Authorization (Limits)

    Directory 26-6527-3 Timetra- integer 1,2 (false, 1=true, 2=false Restrict-To- true) For example: Timetra-Restrict-To-Home = true Home 26-6527-4 Timetra- string For example: Timetra-Profile += administrative1 Profile attributes Timetra-Profile += administrative2 32 chars/ attribute 7750 SR RADIUS Attributes Reference Guide Page 135...
  • Page 136 For example: Timetra-Cmd = permit 26-6527-8 Timetra-Exec- string 200 chars Timetra-Exec-File = <local-url>|<remote-url> File # local-url : <cflash-id>/][<file-path> # remote-url : {ftp://|tftp://}<login>:<pswd>@<remote- locn>/<file-path> For example: Timetra-Exec-File = cf3:/MyScript Timetra-Exec-File = ftp://root:root@192.168.0.10/home/ configs/MyScript.cfg Page 136 7750 SR RADIUS Attributes Reference Guide...

  • Page 137: Table 46: Cli User Authentication And Authorization (Applicability)

    1 or 2 User-Name User-Password NAS-IP-Address Reply-Message State Session-Timeout Idle-Timeout Calling-Station-Id Acct-Session-Id NAS-Port-Type NAS-IPv6-Address 26-6527-1 Timetra-Access 26-6527-2 Timetra-Home- Directory 26-6527-3 Timetra-Restrict-To- Home 26-6527-4 Timetra-Profile 26-6527-5 Timetra-Default-Action 26-6527-6 Timetra-Cmd 26-6527-7 Timetra-Action 26-6527-8 Timetra-Exec-File 7750 SR RADIUS Attributes Reference Guide Page 137...

  • Page 138: Aaa Route Downloader

    [22] Framed-Route or [26-1] Cisco- AVpair attribute format. Framed-IPv6-Route See description [22] Framed-Route \The route-download application accepts downloaded ipv6 routes only in [99] Framed-IPv6-Route format. 26-9-1 cisco-av-pair See description [22] Framed-Route Page 138 7750 SR RADIUS Attributes Reference Guide...

  • Page 139: Table 48: Aaa Route Downloader (Limits)

    IP class of the prefix). For example: Framed-IPv6-Route += 4001:0:0:1::/ 64 null0, Framed-IPv6-Route += vrf ws/rt-custmomerx 4002:0:0:0:1::/96 null 0 10 tag 4294967295, Framed-IPv6-Route += vrf 6000 4003:0:1::/48 black-hole 0 tag 4294967295,t 7750 SR RADIUS Attributes Reference Guide Page 139...

  • Page 140: Table 49: Aaa Route Downloader (Applicability)

    0 0 tag 62, cisco-avpair += ip:route=vrf ws/rt-custmomerx 192.1.1.0/24 null 0 200 tag 63 Table 49: AAA Route Downloader (applicability) Attribute ID Attribute Name Access Access Request Accept User-Name User-Password Framed-Route Framed-IPv6-Route 26-9-1 cisco-av-pair Page 140 7750 SR RADIUS Attributes Reference Guide...

  • Page 141: Radius Accounting Attributes

    <svc-id> ppp session detail show service id <svc-id> ipoe session detail Acct-Session-Id : 241AFF000000214FE9D801 • Queue instance accounting (per queue instance): show service id <svc-id> subscriber-hosts detail Acct-Q-Inst-Session-Id: 241AFF000000224FE9D801 7750 SR RADIUS Attributes Reference Guide Page 141...

  • Page 142: Table 50: Enhanced Subscriber Management Accounting [50] Acct-Multi-Session-Id Values

    Accounting Interim Updates messages. Volume based accounting is therefore enabled via the interim-update CLI parameter for all accounting modes and/or by the host-update CLI parameter in session accounting mode as shown in Table Page 142 7750 SR RADIUS Attributes Reference Guide...

  • Page 143: Table 51: Accounting Statistics Type

    <name> include-radius-attribute [no] detailed-acct-attributes # 64 bit per queue/policer counters [no] std-acct-attributes # 32 bit aggregate counters (v4+v6) [no] v6-aggregate-stats # 32 bit aggregate counters (v6 only) 7750 SR RADIUS Attributes Reference Guide Page 143...

  • Page 144: Table 52: Enhanced Subscriber Management Accounting (Description)

    Framed-User. Framed-Protocol The framing to be used for framed access in case of PPPoE users. Optional in RADIUS-Accept and CoA. Treated as a session setup failure if different from PPP. Page 144 7750 SR RADIUS Attributes Reference Guide...
  • Page 145 CoA and is sent unmodified by the NAS to the Accounting server as part of the Accounting-Request packet. Strings with a length longer than the defined Limits are accepted but truncated to this boundary. Only first 64B are stored in the CF persistency file. 7750 SR RADIUS Attributes Reference Guide Page 145...
  • Page 146 In initial accounting messages this attribute is included with value 0 for ESM and omitted for DSM. Attribute is omitted in accounting via configure subscriber-mgmt radius-accounting-policy <name> include- radius-attribute no acct-delay-time. Page 146 7750 SR RADIUS Attributes Reference Guide...
  • Page 147 Indicates how many packets have been send to the user over the course of this service being provided and included when standard accounting attributes are configured. (configure subscriber-mgmt radius-accounting-policy <name> include-radius-attribute std-acct-attributes). There is no overflow attribute when attribute wraps around 2^32. 7750 SR RADIUS Attributes Reference Guide Page 147...
  • Page 148 (ESM authentication), configure subscriber-mgmt radius- accounting-policy (ESM accounting), configure aaa isa-radius-policy (LSN accounting, WLAN-GW) and configure aaa l2tp-accounting-policy (L2TP accounting). Checked for correctness if returned in CoA. Page 148 7750 SR RADIUS Attributes Reference Guide...
  • Page 149 Contains the IPv6 interface ID from the user. The attribute can optionally be included in Accounting messages (configure subscriber-mgmt radius- accounting-policy include-radius-attribute framed-interface-id). The Framed-Interface-Id attribute is not sent in RADIUS Authentication and silently ignored in RADIUS Accept. 7750 SR RADIUS Attributes Reference Guide Page 149...
  • Page 150 Attribute is also used in CoA and Disconnect Message (part of the ESM or AA user identification-key). Attribute is omitted in accounting via configure subscriber-mgmt radius-accounting-policy <name> include- radius-attribute no delegated-ipv6-prefix. Page 150 7750 SR RADIUS Attributes Reference Guide...
  • Page 151 The subscriber's attainable downstream data rate (coded in bits per second) Downstream and maps to values received during PPPoE discovery (tag 0x0105) or DHCP (opt-82). Attribute is included/excluded based on configure subscriber- mgmt authentication-policy/radius-accounting-policy <name> include- radius-attribute access-loop-options. 7750 SR RADIUS Attributes Reference Guide Page 151...
  • Page 152 Downstream during PPPoE discovery (tag 0x0105) or DHCP (opt-82). Attribute is included/excluded based on configure subscriber-mgmt authentication- policy/radius-accounting-policy <name> include-radius-attribute access- loop-options. Page 152 7750 SR RADIUS Attributes Reference Guide...
  • Page 153 Can be used as key in CoA and Disconnect Message. Attribute is omitted in accounting via configure subscriber-mgmt radius-accounting- policy <name> include-radius-attribute no subscriber-id. For DSM accounting sessions the Alc-Subsc-ID-Str reflects the UE MAC address. 7750 SR RADIUS Attributes Reference Guide Page 153...
  • Page 154 Count IPv4 bytes (in- and out-of-profile) [26-6527-107] Alc-Acct-I-statmode VSA included for policers and queues with value v4-v6 The attribute is included when detailed queue/policer statistics VSAs are configured. (configure subscriber-mgmt radius-accounting-policy <name> include-radius-attribute detailed-acct-attributes). Page 154 7750 SR RADIUS Attributes Reference Guide...
  • Page 155 Count IPv6 bytes (in- and out-of-profile) [26-6527-127] Alc-Acct-O-statmode VSA included for policers and queues with value v4-v6 The attribute is included when detailed queue/policer statistics VSAs are configured. (configure subscriber-mgmt radius-accounting-policy <name> include-radius-attribute detailed-acct-attributes). 7750 SR RADIUS Attributes Reference Guide Page 155...
  • Page 156 Count IPv4 packets (in- and out-of-profile) [26-6527-127] Alc-Acct-O-statmode VSA included for policers and queues with value v4-v6 The attribute is included when detailed queue/policer statistics VSAs are configured. (configure subscriber-mgmt radius-accounting-policy <name> include-radius-attribute detailed-acct-attributes). Page 156 7750 SR RADIUS Attributes Reference Guide...
  • Page 157 • queue stat-mode = v4-v6: Count IPv6 bytes (in- and out-of-profile) [26-6527-127] Alc-Acct-O-statmode VSA included with value v4-v6 Up to eight hsmda- counter-override counters can be specified in CLI (configure qos sap-egress <policy-id> prec|dscp|ip-criteria|ipv6-criteria). 7750 SR RADIUS Attributes Reference Guide Page 157...
  • Page 158 • no queue stat-mode: Count high-priority bytes (IPv4 and IPv6) [26-6527-107] Alc-Acct-I-statmode VSA not included • queue stat-mode = v4-v6: Count IPv4 bytes (high- and low-priority) [26-6527-107] Alc-Acct-I-statmode VSA included with value v4-v6 Page 158 7750 SR RADIUS Attributes Reference Guide...
  • Page 159 • no queue stat-mode: Count low-priority packets (IPv4 and IPv6) [26-6527-107] Alc-Acct-I-statmode VSA not included • queue stat-mode = v4-v6: Count IPv6 packets (high- and low-priority) [26-6527-107] Alc-Acct-I-statmode VSA included with value v4-v6 7750 SR RADIUS Attributes Reference Guide Page 159...
  • Page 160 <name> custom-record queue <queue-id> i-counters uncolored-octets-offered-count is enabled.Customized records are available for queues, not for policers. Counts ingress uncolored offered bytes (IPv4 and IPv6); also when queue stat- mode = v4-v6. Page 160 7750 SR RADIUS Attributes Reference Guide...
  • Page 161 • no queue stat-mode: Count out-of-profile packets (IPv4 and IPv6) [26-6527-127] Alc-Acct-O-statmode VSA not included • queue stat-mode = v4-v6: Count IPv6 packets (in- and out-of-profile) [26-6527-127] Alc-Acct-O-statmode VSA included with value v4-v6. 7750 SR RADIUS Attributes Reference Guide Page 161...
  • Page 162 • queue stat-mode = v4-v6: Count IPv4 packets (in- and out-of-profile) [26-6527-127] Alc-Acct-O-statmode VSA included with value v4-v6 Up to eight hsmda-counter-override counters can be specified in CLI (configure qos sap- egress <policy-id> prec|dscp|ip-criteria|ipv6-criteria). Page 162 7750 SR RADIUS Attributes Reference Guide...
  • Page 163 DSM only. The attribute contains the service ID where the Layer 3 tunnel is terminated. The attribute is omitted in case of a Layer 2 tunnel or if the service ID is not known. 7750 SR RADIUS Attributes Reference Guide Page 163...
  • Page 164 The attribute is included in accounting via configure subscriber-mgmt radius-accounting-policy <name> include-radius- attribute detailed-acct-attributes for specific policer stat-mode only. Page 164 7750 SR RADIUS Attributes Reference Guide...
  • Page 165 The attribute is included in accounting via configure subscriber- mgmt radius-accounting-policy <name> include-radius-attribute detailed-acct-attributes for specific policer stat-mode only. 7750 SR RADIUS Attributes Reference Guide Page 165...
  • Page 166 Status of the DSL line obtained via ANCP can be one of three value: SHOWTIME (the modem is ready to transfer data), IDLE (line is idle) or SILENT (line is silent). Attribute is included/excluded based on "configure subscriber-mgmt authentication-policy/radius-accounting-policy <name> include-radius-attribute access-loop-options". Page 166 7750 SR RADIUS Attributes Reference Guide...
  • Page 167 Input-Octets counter has wrapped around 2^32 in the course of delivering this service. The attribute is not sent when its value equals zero. Included when IPv6 aggregated accounting attributes are configured. (configure subscriber-mgmt radius-accounting-policy <name> include- radius-attribute v6-aggregate-stats). 7750 SR RADIUS Attributes Reference Guide Page 167...
  • Page 168 Received Signal Strength Indication. Used in conjunction with the radius- proxy track-accounting feature. When the radius-proxy receives this attribute in an accounting message, it will be copied into the DHCP lease state and echoed by the SROS accounting. Page 168 7750 SR RADIUS Attributes Reference Guide...
  • Page 169 For example: # ip-address 10.11.12.13 Framed-IP-Address 0a0b0c0d Framed-IP-Netmask ipaddr 4 Bytes For example: Framed-IP-Netmask = 255.255.255.255 #PPPoE residential Framed- IP-Netmask = 255.255.255.0 #PPPoE Business with IPCP option 144 support Framed-IP-Netmask = 255.255.255.0 IPoE 7750 SR RADIUS Attributes Reference Guide Page 169...
  • Page 170 Delay-Time = 0 # no ack and retry after 5 seconds Acct-Delay-Time = 5 Acct-Input-Octets integer 32 bit counter For example: Acct-Input-Octets = 5000 Acct-Output-Octets integer 32 bit counter For example: Acct-Output-Octets = 2000 Page 170 7750 SR RADIUS Attributes Reference Guide...
  • Page 171 DSM: Acct-Multi-Session-Id = 01-02-00-00- (description 00-19-00-00-5b-d9 format) 29 bytes (DSM format) Acct-Input-Gigawords integer 32 bit counter For example: Acct-Input-Gigawords = 1 Acct-Output- integer 32 bit counter For example: Acct-Output-Gigawords = 3 Gigawords 7750 SR RADIUS Attributes Reference Guide Page 171...
  • Page 172 VLAN: “VLAN svc-<svc- id>[:<vlan>[.<vlan>]]” For example: NAS-Port-Id = “GRE rtr-11#lip-50.1.1.1#rip- 201.1.1.2” NAS-IPv6-Address ipv6addr 16 Bytes # ipv6-address For example: NAS-IPv6-Address = 2001:db8::1 Framed-Interface-Id ifid 8 Bytes For example: Framed-Interface-Id 02:00:00:ff:fe:00:00:01 Page 172 7750 SR RADIUS Attributes Reference Guide...

  • Page 173: Table 53: Enhanced Subscriber Management Accounting (Limits)

    4294967295 For example: # 5Mbps Actual-Data-Rate- Downstream Downstream = 5000000 26-3561-131 Minimum-Data-Rate- integer 4294967295 For example: Minimum-Data-Rate-Upstream Upstream = 1000 26-3561-132 Minimum-Data-Rate- integer 4294967295 For example: Minimum-Data-Rate- Downstream Downstream = 1000 7750 SR RADIUS Attributes Reference Guide Page 173...
  • Page 174 LLC w/o FCS(6), Ethernet over AAL5 Null w FCS(7), Ethernet over AAL5 Null w/o FCS(8) For example: Ethernet , Single-Tagged Ethernet , Ethernet over AAL5 LLC w FCS Access-Loop-Encapsulation = 020205 26-3561-254 IWF-Session octets len 0 For example: IWF-Session Page 174 7750 SR RADIUS Attributes Reference Guide...
  • Page 175 Queue-id|Policer-id range <1..8> For example: # 500 bytes in profile traffic for egress queue 2 Alc-Acct-O-Inprof-Octets-64 = 0x000200000000000001f4 # 1000 bytes in profile traffic for egress policer 3 Alc-Acct-O- Inprof-Octets-64 = 0x800300000000000003e8 7750 SR RADIUS Attributes Reference Guide Page 175...
  • Page 176 Queue-id|Policer-id range <1..8> For example: # 500 packets in profile traffic for egress queue 2 Alc-Acct-O-Inprof-Pkts-64 = 0x000200000000000001f4 # 1000 packets in profile traffic for egress policer 3 Alc-Acct- O-Inprof-Pkts-64 = 0x800300000000000003e8 Page 176 7750 SR RADIUS Attributes Reference Guide...
  • Page 177 <Queue-id 2Bytes><8 Byte value> where Octets-Drop_64 Queue-id range <1..32> For example: INPUT_HIGH_OCTETS_DROP_64 [69] 10 0x00010000000000000000 26-6527-70 Alc-Acct-I-Low- octets 10 bytes <Queue-id 2Bytes><8 Byte value> where Octets-Drop_64 Queue-id range <1..32> For example: INPUT_LOW_OCTETS_DROP_64 [70] 10 0x00010000000000000000 7750 SR RADIUS Attributes Reference Guide Page 177...
  • Page 178 <Queue-id 2Bytes><8 Byte value> where Offer_64 Queue-id range <1..32> For example: INPUT_UNC_OCTETS_OFFER_64 [77] 10 0x00010000000000000000 26-6527-78 Alc-Acct-I-Unc-Pack- octets 10 bytes <Queue-id 2Bytes><8 Byte value> where Offer_64 Queue-id range <1..32> For example: INPUT_UNC_PACK_OFFER_64 [78] 10 0x00010000000000000000 Page 178 7750 SR RADIUS Attributes Reference Guide...
  • Page 179 <Counter-id> <8 Byte value> Octs-Drop_64 For example: Alc-Acct-OC-O-Outpr-Octs- Drop_64 = 0x0001000000000000ab65 26-6527-99 Alc-Ipv6-Address ipv6addr 16 bytes For example: Alc-Ipv6-Address 2021:1:FFF5::1 26-6527-100 Alc-Serv-Id integer 2147483647 id DSM Only. For example: Alc-Serv-Id = 100 7750 SR RADIUS Attributes Reference Guide Page 179...
  • Page 180 For example: # ingress policer 5 INPUT_LOWPRIO_OCTETS_64 [109] 10 0x80050000000000000000 26-6527-110 Alc-Acct-O-Hiprio- octets 10 bytes <0x80><policer-id><8 byte value> where Octets_64 policer-id <1..32> For example: # ingress policer 5 OUTPUT_HIPRIO_OCTETS_64 [110] 10 0x80050000000000000000 Page 180 7750 SR RADIUS Attributes Reference Guide...
  • Page 181 For example: # egress policer 1 OUTPUT_ALL_OCTETS_64 [117] 10 0x80010000000000000000 26-6527-118 Alc-Acct-I-All- octets 10 bytes <0x80><policer-id><8 byte value> where Packets_64 policer-id <1..32> For example: # ingress policer 3 INPUT_ALL_PACKETS_64 [118] 10 0x80030000000000000000 7750 SR RADIUS Attributes Reference Guide Page 181...
  • Page 182 32 bit value For example: Alc-RSSI = 30 26-6527-163 Alc-Acct-Triggered- integer 4 bytes Table 75 for a description of Accounting Reason Triggered Reason values. For Example: ACCT TRIGGERED INTERIM REASON [163] 4 regular(1) Page 182 7750 SR RADIUS Attributes Reference Guide...
  • Page 183 Textual representation of the VLAN. If no vlan-tag was present this attribute will not be included. For example: Alc-Wlan-SSID-VLAN = “2173” 26-25053-2 Ruckus-Sta-RSSI integer 32 bits value For example: Ruckus-Sta-RSSI = 28 7750 SR RADIUS Attributes Reference Guide Page 183...

  • Page 184: Table 54: Enhanced Subscriber Management Accounting (Applicability)

    NAS-IP-Address NAS-Port H->S->Q Service-Type H->S->Q Framed-Protocol H->S->Q Framed-IP-Address H->S->Q Framed-IP-Netmask H->S->Q Framed-Route H->S->Q Class H->S->Q Called-Station-Id H->S->Q Calling-Station-Id H->S->Q NAS-Identifier Acct-Status-Type Acct-Delay-Time Acct-Input-Octets Acct-Output-Octets Acct-Session-Id Acct-Authentic H->S->Q Acct-Session-Time Acct-Input-Packets Acct-Output-Packets Acct-Terminate-Cause Acct-Multi-Session-Id Page 184 7750 SR RADIUS Attributes Reference Guide...
  • Page 185 26-3561-129 Actual-Data-Rate-Upstream H->S->Q 26-3561-130 Actual-Data-Rate-Downstream H->S->Q 26-3561-131 Minimum-Data-Rate-Upstream H->S->Q 26-3561-132 Minimum-Data-Rate-Downstream H->S->Q 26-3561-133 Attainable-Data-Rate-Upstream H->S->Q 26-3561-134 Attainable-Data-Rate-Downstream H->S->Q 26-3561-135 Maximum-Data-Rate-Upstream H->S->Q 26-3561-136 Maximum-Data-Rate-Downstream H->S->Q 26-3561-137 Minimum-Data-Rate-Upstream-Low- H->S->Q Power 26-3561-138 Minimum-Data-Rate-Downstream-Low- H->S->Q Power 7750 SR RADIUS Attributes Reference Guide Page 185...
  • Page 186 26-6527-12 Alc-Subsc-Prof-Str 26-6527-13 Alc-SLA-Prof-Str 26-6527-19 Alc-Acct-I-Inprof-Octets-64 26-6527-20 Alc-Acct-I-Outprof-Octets-64 26-6527-21 Alc-Acct-O-Inprof-Octets-64 26-6527-22 Alc-Acct-O-Outprof-Octets-64 26-6527-23 Alc-Acct-I-Inprof-Pkts-64 26-6527-24 Alc-Acct-I-Outprof-Pkts-64 26-6527-25 Alc-Acct-O-Inprof-Pkts-64 26-6527-26 Alc-Acct-O-Outprof-Pkts-64 26-6527-27 Alc-Client-Hardware-Addr H->S->Q 26-6527-36 Alc-DHCP-Vendor-Class-Id H->S->Q 26-6527-39 Alc-Acct-OC-O-Inprof-Octets-64 26-6527-40 Alc-Acct-OC-O-Outprof-Octets-64 26-6527-43 Alc-Acct-OC-O-Inprof-Pkts-64 Page 186 7750 SR RADIUS Attributes Reference Guide...
  • Page 187 Alc-Acct-I-High-Pack-Offer_64 26-6527-76 Alc-Acct-I-Low-Pack-Offer_64 26-6527-77 Alc-Acct-I-Unc-Octets-Offer_64 26-6527-78 Alc-Acct-I-Unc-Pack-Offer_64 26-6527-81 Alc-Acct-O-Inprof-Pack-Drop_64 26-6527-82 Alc-Acct-O-Outprof-Pack-Drop_64 26-6527-83 Alc-Acct-O-Inprof-Octs-Drop_64 26-6527-84 Alc-Acct-O-Outprof-Octs-Drop_64 26-6527-91 Alc-Acct-OC-O-Inpr-Pack-Drop_64 26-6527-92 Alc-Acct-OC-O-Outpr-Pack-Drop_64 26-6527-93 Alc-Acct-OC-O-Inpr-Octs-Drop_64 26-6527-94 Alc-Acct-OC-O-Outpr-Octs-Drop_64 26-6527-99 Alc-Ipv6-Address H->S->Q 26-6527-107 Alc-Acct-I-statmode 26-6527-108 Alc-Acct-I-Hiprio-Octets_64 26-6527-109 Alc-Acct-I-Lowprio-Octets_64 7750 SR RADIUS Attributes Reference Guide Page 187...
  • Page 188 Alc-Acct-I-All-Packets_64 26-6527-119 Alc-Acct-O-All-Packets_64 26-6527-121 Alc-Nat-Port-Range 26-6527-127 Alc-Acct-O-statmode 26-6527-148 Alc-RSSI 26-6527-163 Alc-Acct-Triggered-Reason 26-6527-175 Alc-DSL-Line-State H->S->Q 26-6527-176 Alc-DSL-Type H->S->Q 26-6527-194 Alc-IPv6-Acct-Input-Packets 26-6527-195 Alc-IPv6-Acct-Input-Octets 26-6527-196 Alc-IPv6-Acct-Input-GigaWords 26-6527-197 Alc-IPv6-Acct-Output-Packets 26-6527-198 Alc-IPv6-Acct-Output-Octets 26-6527-199 Alc-IPv6-Acct-Output-Gigawords 26-6527-206 Alc-Wlan-SSID-VLAN H->S->Q Page 188 7750 SR RADIUS Attributes Reference Guide...
  • Page 189 (configure subscriber- mgmt radius-accounting-policy <name> radius-accounting-server server <server-index>, then the following attributes are not sent in acct-on/off messages: [44] Acct-Session-Id, [45] Acct- Authentic and [49] Acct-Terminate-Cause; and attribute [26-6527-12] Alc-Subsc-Prof-Str is sent. 7750 SR RADIUS Attributes Reference Guide Page 189...

  • Page 190: Distributed Subscriber Management (Dsm) Accounting

    Table 55: Distributed Subscriber Management Accounting (applicability) Attribute ID Attribute Name Acct Acct Acct Acct On Acct Off Start Stop Interim- Update User-Name NAS-Port Framed-IP-Address Framed-IP-Netmask Class Called-Station-Id Calling-Station-Id NAS-Identifier Acct-Status-Type Acct-Delay-Time Acct-Input-Octets Acct-Output-Octets Acct-Session-Id Acct-Session-Time Page 190 7750 SR RADIUS Attributes Reference Guide...
  • Page 191 26-3561-1 Agent-Circuit-Id 26-3561-2 Agent-Remote-Id 26-6527-11 Alc-Subsc-ID-Str 26-6527-27 Alc-Client-Hardware-Addr 26-6527-36 Alc-DHCP-Vendor-Class-Id 26-6527-99 Alc-Ipv6-Address 26-6527-100 Alc-Serv-Id 26-6527-102 Alc-ToServer-Dhcp-Options 26-6527-121 Alc-Nat-Port-Range 26-6527-140 Alc-Nat-Outside-Serv-Id 26-6527-141 Alc-Nat-Outside-Ip-Addr 26-6527-148 Alc-RSSI 26-6527-163 Alc-Acct-Triggered-Reason 26-6527-184 Alc-Wlan-Ue-Creation-Type 26-6527-191 Alc-ToServer-Dhcp6-Options 26-6527-206 Alc-Wlan-SSID-VLAN 7750 SR RADIUS Attributes Reference Guide Page 191...
  • Page 192 Distributed Subscriber Management (DSM) Accounting Page 192 7750 SR RADIUS Attributes Reference Guide...

  • Page 193: Subscriber Service Accounting

    (one or more) the [42] Acct-Input-Octets counter Gigawords has wrapped around 2^32 in the course of delivering this service. Only included if its value is different from zero and stats-type is set to volume and time. 7750 SR RADIUS Attributes Reference Guide Page 193...

  • Page 194: Table 57: Subscriber Service Accounting (Limits)

    22 bytes For example: Acct-Multi-Session-Id = (number 24ADFF0000000750C8EB26 format) max. 253 bytes (description format) Acct-Input-Gigawords integer 4 Bytes For example: Acct-Input-Gigawords = 7 Acct-Output- integer 4 Bytes For example: Acct-Output-Gigawords = 3 Gigawords Page 194 7750 SR RADIUS Attributes Reference Guide...

  • Page 195: Table 58: Subscriber Service Accounting (Applicability)

    VSA's per tag limit;1000;8000 per message Table 58: Subscriber Service Accounting (applicability) Attribute ID Attribute Name Acct Start Acct Stop Acct Interim-Update Acct-Input-Octets Acct-Output-Octets Acct-Session-Id Acct-Input-Packets Acct-Output-Packets Acct-Multi-Session-Id Acct-Input-Gigawords Acct-Output-Gigawords 26-6527-151 Alc-Sub-Serv-Activate 7750 SR RADIUS Attributes Reference Guide Page 195...

  • Page 196: Large Scale Nat (Lsn) Accounting

    Indicates how many Layer 3 octets have been sent to this nat user over the course of this service being provided and send together with [43] Acct- Output-Octets, [52] Acct-Input-Gigawords and [53] Acct-Output-Gigawords when octet-counters is included under configure aaa isa-radius-policy <name>. Page 196 7750 SR RADIUS Attributes Reference Guide...
  • Page 197 (multiple port-ranges) for this NAT user. Cause [10]Nas-request is reported in Accounting-Off and cause [11]Nas-reboot is reported in Accounting-on. This attribute is only send when release-reason is included under configure aaa isa-radius-policy <name>. 7750 SR RADIUS Attributes Reference Guide Page 197...
  • Page 198 Refers in the Accounting-Request to the inside VRF used for LSN subscribers using RADIUS LSN accounting (configure aaa isa-radius-policy nat acct- include-attributes inside-service-id). The outside VRF is reported via [26- 6527-140] Alc-Nat-Outside-Serv-Id and both attributes are not included if instance's are Base. Page 198 7750 SR RADIUS Attributes Reference Guide...

  • Page 199: Table 60: Lsn Accounting (Limits)

    For example:# subscriber unaware: NAT64 host ipv6 address 2001::0001User-Name = NAT64@2001:0000:0000:0000:0000:0000:0000: 0001# subscriber aware: NAS subscriber-id = private-user1 and subscriber-identification alc-sub- stringUser-Name = private-user1 NAS-IP-Address ipaddr 4 Bytes For example:# ip-address 10.1.1.1NAS-IP- Address 0a010101 7750 SR RADIUS Attributes Reference Guide Page 199...
  • Page 200 4ffd48320b21469786284bb2392dbcb2 Acct-Session-Time integer 4 Bytes For example:Acct-Session-Time = 870 4294967295 seconds Acct-Input-Packets integer 4 Bytes For example:Acct-Input-Packets = 15200 4294967295 packets Acct-Output- integer 4 Bytes For example:Acct-Output-Packets = 153537 Packets 4294967295 packets Page 200 7750 SR RADIUS Attributes Reference Guide...
  • Page 201 2147483647 id For example:# inside vprn-id 100Alc-Serv-Id = 26-6527-121 Alc-Nat-Port- string no limits <public-ip><space><port- Range range><space><outside-routing-instance> For example:# public pool address 180.0.1.248; port-range [37674..37723] in BaseAlc-Nat-Port- Range = 180.0.1.248 37674-37723 router base 7750 SR RADIUS Attributes Reference Guide Page 201...
  • Page 202 4 bytes For example: Alc-Nat-Outside-Ip-Addr = Ip-Addr 180.0.1.248 Table 61: LSN Accounting (applicability) Attribute ID Attribute Name User-Name NAS-IP-Address NAS-Port Framed-IP-Address Called-Station-Id NAS-Identifier Acct-Input-Octets Acct-Output-Octets Acct-Session-Id Acct-Session-Time Acct-Input-Packets Acct-Output-Packets Acct-Terminate-Cause Acct-Multi-Session-Id Acct-Input-Gigawords Acct-Output-Gigawords Page 202 7750 SR RADIUS Attributes Reference Guide...

  • Page 203: Table 61: Lsn Accounting (Applicability)

    RADIUS Attributes Reference Table 61: LSN Accounting (applicability) (Continued) Attribute ID Attribute Name Event-Timestamp Framed-IPv6-Prefix 26-6527-11 Alc-Subsc-ID-Str 26-6527-100 Alc-Serv-Id 26-6527-121 Alc-Nat-Port-Range 26-6527-140 Alc-Nat-Outside-Serv-Id 26-6527-141 Alc-Nat-Outside-Ip-Addr 7750 SR RADIUS Attributes Reference Guide Page 203...

  • Page 204: L2Tp Tunnel Accounting

    Authentication or Accounting requests and sent when nas- identifier is included for the corresponding application: configure subscriber-mgmt authentication-policy (ESM authentication), configure subscriber-mgmt radius-accounting-policy (ESM accounting), configure aaa isa-radius-policy (LSN accounting, WLAN-GW) and configure aaa l2tp-accounting-policy (L2TP accounting). Page 204 7750 SR RADIUS Attributes Reference Guide...
  • Page 205 For Tunnel Stop this attribute represent an aggregate of output packets of all sessions that belong/belonged to this tunnel over the course of this service being provided. Acct-Terminate-Cause indicates how the L2TP session or L2TP tunnel was terminated 7750 SR RADIUS Attributes Reference Guide Page 205...
  • Page 206 Accounting this attribute is always included on LAC and LNS as untagged. Tunnel-Server- The dotted-decimal IP address of the server end of the tunnel and is on the Endpoint LAC the dest-ip for all L2TP packets for that tunnel. Page 206 7750 SR RADIUS Attributes Reference Guide...
  • Page 207 Host Name from the received LNS SCCRP. Authentication from LAC point of view passes if both attributes are the same. This authentication check is not performed if the RADIUS attribute is omitted. 7750 SR RADIUS Attributes Reference Guide Page 207...
  • Page 208 “Base” or “VPRN” — The ipv6 address of the system interface (configure router interface system ipv6 address <ipv6-address>). The address can be overwritten with the configured ipv6-source-address (configure aaa radius-server-policy <policy-name> servers ipv6-source- address <ipv6-address>). Page 208 7750 SR RADIUS Attributes Reference Guide...

  • Page 209: Table 63: L2Tp Tunnel Accounting (Limits)

    PPPoE session ASID (No useful information can be extracted from the string). For example:# for tunnel accountingAcct-Session- Id = 18120579.84213760# for tunnel-link accountingAcct-Session-Id = 241AFF0000029B4FD5C03E Acct-Session-Time integer For example:Acct-Session-Time = 870 Bytes4294967 295 seconds 7750 SR RADIUS Attributes Reference Guide Page 209...
  • Page 210 0x1F, it is interpreted as the first byte of the following string field For example: # untagged Tunnel-Client-Endpoint = 312e312e312e31Tunnel-Client-Endpoint = 1.1.1.1# tagged 0 Tunnel-Client-Endpoint = 00312e312e312e31Tunnel-Client-Endpoint:0 = 1.1.1.1# tagged 1 Tunnel-Client-Endpoint = 01312e312e312e31Tunnel-Client-Endpoint:1 = 1.1.1.1 Page 210 7750 SR RADIUS Attributes Reference Guide...
  • Page 211 64 chars. For example: Tunnel-Client-Auth-Id:0 = LAC- Auth-ID Antwerp-1 Tunnel-Server- string 64 chars. For example: Tunnel-Server-Auth-ID:0 = LNS- Auth-ID Antwerp-1 NAS-IPv6- ipv6addr 16 Bytes # ipv6-address Address For example: NAS-IPv6-Address = 2001:db8::1 7750 SR RADIUS Attributes Reference Guide Page 211...

  • Page 212: Table 64: L2Tp Tunnel Accounting (Applicability)

    Table 64: L2TP Tunnel Accounting (applicability) Attibute ID Attribute Name User-Name NAS-IP-Address NAS-Port Service-Type NAS-Identifier Acct-Delay-Time Acct-Input-Octets Acct-Output-Octets Acct-Session-Id Acct-Session-Time Acct-Input-Packets Acct-Output-Packets Acct-Terminate-Cause Acct-Input-Gigawords Acct-Output-Gigawords Event-Timestamp NAS-Port-Type Tunnel-Type Tunnel-Medium-Type Tunnel-Client-Endpoint Tunnel-Server-Endpoint Acct-Tunnel-Connection Page 212 7750 SR RADIUS Attributes Reference Guide...
  • Page 213 RADIUS Attributes Reference Table 64: L2TP Tunnel Accounting (applicability) (Continued) Attibute ID Attribute Name Tunnel-Assignment-ID Acct-Tunnel-Packets-Lost NAS-Port-Id Tunnel-Client-Auth-ID Tunnel-Server-Auth-ID NAS-IPv6-Address 7750 SR RADIUS Attributes Reference Guide Page 213...

  • Page 214: Application Assurance (Aa) Accounting

    RADIUS Acct session is independent from the ESM RADIUS Acct session. An AA Acct Off is sent when accounting stats is disabled (removing of radius-acct policy) Acct-Terminate-Cause Indicates how the session was terminated. Page 214 7750 SR RADIUS Attributes Reference Guide...
  • Page 215 AARP (asymmetry removal that is required to remove routing asymmetry when using redundant transit-aa-nodes), meaning you have 2 redundant transit 7750 node, we expect PCRF(DSC) to push a CoA create to both 7x50 nodes. This is achieved by adding the peer-identifier information in the original Accounting-start sent by the primary 7x50.

  • Page 216: Table 66: Application Assurance Accounting (Limits)

    <Type of second byte> = 0x50 indicates byte 2 is AA app-group export-id <Type of second byte> = 0x60 indicates byte 2 is AA application export-id <export-id> =<1..255> For example: 500 bytes reported in CG id 2 Alc-Acct- I-Inprof-Octets-64 = 0x400200000000000001f4 Page 216 7750 SR RADIUS Attributes Reference Guide...
  • Page 217 < export-id> = <1…255> For example:Alc-Acct-O-Inprof-Pkts-64 = 0x400200000000004368c4 26-6527-45 Alc-App-Prof-Str string 16 char For example:Alc-App-Prof-Str = MyAppProfile 26-6527-156 Alc-AA-Group- string <Group ID>:<Partition ID>:<ISA slot>/<ISA MDA> Partition-Isa-Id limits For example:Alc-AA-Group-Partition-Isa-Id = 2:4:3/2 7750 SR RADIUS Attributes Reference Guide Page 217...
  • Page 218 Table 66: Application Assurance Accounting (limits) (Continued) Attribute ID Attribute Name Type Limits SR OS Format 26-6527-157 Alc-AA-Peer-Identifier string <AARP ID>@<Peer IP address>@<Peer Port-id> limits For example:# system-ip 10.1.1.2 remote redundant transit-aa-node Alc-AA-Peer-Identifier = 200@10.1.1.2@1/1/1/4:200 Page 218 7750 SR RADIUS Attributes Reference Guide...

  • Page 219: Table 67: Application Assurance Accounting (Applicability)

    Table 67: Application Assurance Accounting (applicability) Attribute ID Attribute Name User-Name NAS-IP-Address NAS-Identifier Acct-Status-Type Acct-Session-Id Acct-Terminate-Cause Event-Timestamp 26-6527-11 Alc-Subsc-ID-Str 26-6527-19 Alc-Acct-I-Inprof-Octets-64 26-6527-21 Alc-Acct-O-Inprof-Octets-64 26-6527-23 Alc-Acct-I-Inprof-Pkts-64 26-6527-25 Alc-Acct-O-Inprof-Pkts-64 26-6527-45 Alc-App-Prof-Str 26-6527-156 Alc-AA-Group-Partition-Isa-Id 26-6527-157 Alc-AA-Peer-Identifier 7750 SR RADIUS Attributes Reference Guide Page 219...

  • Page 220: Dynamic Data Service Accounting

    In case an accounting stop is sent as a result of a failure scenario, the acct-session-time will be zero. Page 220 7750 SR RADIUS Attributes Reference Guide...
  • Page 221 Alc-Dyn-Serv-Script-Params value in an Access-Accept or CoA message for this dynamic service. Multiple attributes may be present if the total length does not fit a single attribute. 7750 SR RADIUS Attributes Reference Guide Page 221...

  • Page 222: Table 69: Dynamic Data Service Accounting (Limits)

    For example:Acct-Terminate-Cause = User- Request Acct-Multi- string 22 bytes For example:Acct-Multi-Session-Id = Session-Id 24ADFF0000000250C8EA5E Event-Timestamp date 4 Bytes For example:# Jul 6 2012 17:28:23 CEST is reported as 4FF70417Event-Timestamp = 4FF70417 Page 222 7750 SR RADIUS Attributes Reference Guide...
  • Page 223 “data_svc_1 = { 'as_id' : '100', 'comm_id' : '200', 'if_name' : 'itf1', 'ipv4_address' : '1.1.1.1', 'egr_ip_filter' : '100' , 'routes' : [{'to' : '200.1.1.0/ 24', 'next-hop' : '20.1.1.1'}, {'to' : '200.1.2.0/24', 'next-hop' : '20.1.1.1'}]} 7750 SR RADIUS Attributes Reference Guide Page 223...

  • Page 224: Table 70: Dynamic Data Service Accounting (Applicability)

    Table 70: Dynamic Data Service Accounting (applicability) Attribute ID Attribute Name Acct Start Acct Stop Acct Interim-Update User-Name NAS-IP-Address Class NAS-Identifier Acct-Status-Type Acct-Delay-Time Acct-Session-Id Acct-Session-Time Acct-Terminate-Cause Acct-Multi-Session-Id Event-Timestamp NAS-Port-Id NAS-IPv6-Address 26-3561-1 Agent-Circuit-Id 26-3561-2 Agent-Remote-Id 26-6527-165 Alc-Dyn-Serv-Script-Params Page 224 7750 SR RADIUS Attributes Reference Guide...

  • Page 225: Cli User Access Accounting

    “Base” — The IPv6 address of the system interface (configure router interface system ipv6 address <ipv6-address>). The address can be overwritten with the configured ipv6-source-address (configure system security source-address application6 radius <ipv6-address>) 7750 SR RADIUS Attributes Reference Guide Page 225...
  • Page 226 [1]User-Name is always created (show system security profile) and executed as last profile. This temporary profile is build from the mandatory attribute [26-6527-5]Timetra-Default-Action and optional attributes [26-6527-6] Timetra-Cmd, [26-6527-7] Timetra-Action. Page 226 7750 SR RADIUS Attributes Reference Guide...

  • Page 227: Table 72: Cli User Access Accounting (Limits)

    Timetra-Cmd += configure router isis;show attribute subscriber-mgmt sub-profile Timetra-Cmd += show router Table 73: CLI User Access Accounting (applicability) Attribute ID Attribute Name Acct Start Acct Stop User-Name NAS-IP-Address Calling-Station-Id Acct-Session-Id NAS-Port-Type NAS-IPv6-Address 26-6527-6 Timetra-Cmd 7750 SR RADIUS Attributes Reference Guide Page 227...

  • Page 228: Accounting Terminate Causes

    NAS was unable to provide requested service Unavailable Callback NAS is terminating current session in order to perform callback for a new session User-Error Input from user is in error, causing termination of session. Page 228 7750 SR RADIUS Attributes Reference Guide...
  • Page 229 (dot1x) Port Reinitialized Termination cause indicates that the Port's MAC has been reinitialized (dot1x) Port Indicates that the Port has been administratively disabled (dot1x) Administratively Disabled Lost Power — 7750 SR RADIUS Attributes Reference Guide Page 229...

  • Page 230: Accounting Triggered Reason Vsa Values

    An sla-stop followed by an sla-start is generated — — when a CoA with new sla-profile is received. sla-stop An sla-stop followed by an sla-start is generated — — when a CoA with new sla-profile is received. Page 230 7750 SR RADIUS Attributes Reference Guide...
  • Page 231 Interim Updates are send, is changed.(Radius Access-Accept or CoA with attribute [85] Acct- Interim-Interval received). Notifies the Accounting server that this host uses a different Accounting Interim Update interval than the configured update-interval in the radius-accounting-policy. 7750 SR RADIUS Attributes Reference Guide Page 231...
  • Page 232 RADIUS accounting server of the acquisition or release of an IP address or prefix during the lifetime of a session. (2) requires host-update to be configured for session-accounting mode (configure subscriber- mgmt radius-accounting-policy <name> session-accounting interim-update host-update) Page 232 7750 SR RADIUS Attributes Reference Guide...

  • Page 233: Radius Coa And Disconnect Message Attributes

    (3) Maximum 32 hosts can be targeted in a single CoA or Disconnect Message. When more than 32 hosts are identified, the CoA and Disconnect Message is rejected with [101] Error-Cause attri- bute value 501 (Administratively Prohibited). 7750 SR RADIUS Attributes Reference Guide Page 233...
  • Page 234 Address (prio 1) only if the host is also identified by [44] Acct-Session-Id (prio 2), else the CoA is NAKed. Following attributes are accepted only if the CoA is targeted to a single host: • [26-6527-14] Alc-Force-Renew • [26-6527-15] Alc-Create-Host • [26-6527-98] Alc-Force-Nak • [26-6527-130] Alc-AA-Transit-IP Page 234 7750 SR RADIUS Attributes Reference Guide...

  • Page 235: Wlan-Gw Migrant Users Identification Attributes

    CoA and Disconnect Message to identify a single DSM UE. Table 78: CoA and Disconnect Message: DSM UE Identification Attributes # (priority) Attribute ID Attribute Name Notes Acct-Session-Id User-Name Must be MAC format 7750 SR RADIUS Attributes Reference Guide Page 235...

  • Page 236: Ipsec Tunnel Identification Attributes

    Disconnect-NAK with [101] Error-Cause value set to 404 (Invalid Request). 2. If there are multiple tunnels having the specified IDi, then all these tunnels will be terminated. Page 236 7750 SR RADIUS Attributes Reference Guide...

  • Page 237: Overview Of Coa Attributes

    Attribute ID Attribute Name User-Name Service-Type Framed-Protocol Framed-IP-Address Class Session-Timeout Idle-Timeout Called-Station-Id Calling-Station-Id Acct-Session-Id NAS-Port-Type Acct-Interim-Interval NAS-Port-Id NAS-Filter-Rule Framed-IPv6-Prefix Error-Cause Delegated-IPv6-Prefix Ascend-Data-Filter 26-4874-47 ERX-Ipv6-Primary-Dns 26-4874-48 ERX-Ipv6-Secondary-Dns 26-6527-11 Alc-Subsc-ID-Str 26-6527-12 Alc-Subsc-Prof-Str 26-6527-13 Alc-SLA-Prof-Str 7750 SR RADIUS Attributes Reference Guide Page 237...
  • Page 238 26-6527-105 Alc-Ipv6-Primary-Dns 26-6527-106 Alc-Ipv6-Secondary-Dns 26-6527-122 Alc-LI-Action 26-6527-123 Alc-LI-Destination 26-6527-124 Alc-LI-FC 26-6527-125 Alc-LI-Direction 26-6527-126 Alc-Subscriber-QoS-Override 26-6527-130 Alc-AA-Transit-IP 26-6527-132 Alc-Access-Loop-Rate-Down 26-6527-134 Alc-Subscriber-Filter 26-6527-136 Alc-Onetime-Http-Redirection-Filter-Id 26-6527-137 Alc-Authentication-Policy-Name 26-6527-138 Alc-LI-Intercept-Id 26-6527-139 Alc-LI-Session-Id 26-6527-151 Alc-Sub-Serv-Activate 26-6527-152 Alc-Sub-Serv-Deactivate Page 238 7750 SR RADIUS Attributes Reference Guide...
  • Page 239 26-6527-167 Alc-Dyn-Serv-Policy 26-6527-168 Alc-Dyn-Serv-Acct-Interim-Ivl-1 26-6527-169 Alc-Dyn-Serv-Acct-Interim-Ivl-2 26-6527-170 Alc-Dyn-Serv-Acct-Stats-Type-1 26-6527-171 Alc-Dyn-Serv-Acct-Stats-Type-2 26-6527-177 Alc-Portal-Url 26-6527-178 Alc-Ipv6-Portal-Url 26-6527-179 Alc-GTP-Local-Breakout 26-6527-182 Alc-AA-Sub-Http-Url-Param 26-6527-185 Alc-Onetime-Http-Redirect-Reactivate 26-6527-186 Alc-Wlan-Dsm-Ot-Http-Redirect-Url 26-6527-187 Alc-Wlan-Dsm-Ip-Filter 26-6527-188 Alc-Wlan-Dsm-Ingress-Policer 26-6527-189 Alc-Wlan-Dsm-Egress-Policer 26-6527-193 Alc-AA-App-Service-Options 26-6527-217 Alc-UPnP-Sub-Override-Policy 7750 SR RADIUS Attributes Reference Guide Page 239...

  • Page 240: [101] Error-Cause Attribute Values

    Disconnect-Request contains an attribute with an unsupported value. Administratively Administratively Prohibited is a fatal error sent if the NAS is Prohibited configured to prohibit honoring of CoA-Request or Disconnect- Request packets for the specified session. Page 240 7750 SR RADIUS Attributes Reference Guide...
  • Page 241 Multiple Session Selection Unsupported is a fatal error sent by a Selection Unsupported NAS in response to a CoA-Request or Disconnect-Request whose session identification attributes match multiple sessions, where the NAS does not support Requests applying to multiple sessions. 7750 SR RADIUS Attributes Reference Guide Page 241...

  • Page 242: Table 82: Radius Disconnect Message [101] Error-Cause Values For Ipsec Tunnel

    A fatal error sent if the tunnel identified in the Disconnect-Request does not Found exist. Session Context Not A fatal error sent if all identified tunnels belong to a tunnel-group in MC- Removable IPsec standby status. Page 242 7750 SR RADIUS Attributes Reference Guide...
  • Page 243 Customer Documentation and Product Support Customer Documentation http://documentation.alcatel-lucent.com Technical Support http://support.alcatel-lucent.com Documentation Feedback documentation.feedback@alcatel-lucent.com...
  • Page 244 © 2015 Alcatel-Lucent. All rights reserved. 3HE 09835 AAAB TQZZA 01...

Table of Contents