Alcatel-Lucent 7750 Reference Manual page 121

Service router radius attributes

Hide thumbs Also See for 7750:

Configuration manual (788 pages)

Quality of service manual (912 pages)

Basic system configuration manual (576 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

page of 244

/ 244
Contents
Table of Contents
Bookmarks

Table of Contents

Table 38: IPSEC (description) (Continued)

Attribute ID

Attribute Name

Acct-Session-Time

EAP-Message

Message-Authenticator

Nas-Port-Id

Framed-IPv6-Prefix

26-311-16

MS-MPPE-Send-Key

26-311-17

MS-MPPE-Recv-Key

26-6527-9

Alc-Primary-Dns

26-6527-10

Alc-Secondary-Dns

26-6527-61

Alc-IPsec-Serv-Id

7750 SR RADIUS Attributes Reference Guide

This attribute represents the tunnel's lifetime in seconds. It is included in an

Accounting-Stop packet.

This attribute encapsulates the received IKEv2 EAP payload in access-

request. A RADIUS server can include this attribute in an access-challenge or

access-accept.

This attribute is used in EAP authentication and provides message integrity

verification.

The public SAP ID of IKEv2 remote-access tunnel. The attribute can be

included/excluded with configure ipsec radius-authentication-policy

<policy-name> include-radius-attribute nas-port-id or configure ipsec

radius-accounting-policy <policy-name> include-radius-attribute nas-

port-id.

The IPv6 address to be assigned to IKEv2 remote-access tunnel client via

IKEv2 configuration payload: INTERNAL_IP6_ADDRESS. The prefix and

prefix-length of Framed-IPv6-Prefix are conveyed in the corresponding part

of INTERNAL_IP6_ADDRESS. The attribute is included in RADIUS

accounting request packet.

This attribute along with [26-311-17] MS-MPPE-Recv-Key hold the Master

Session Key (MSK) of the EAP authentication. It is expected in access-accept

when EAP authentication succeed with certain EAP methods.

This attribute along with [26-311-16] MS-MPPE-Send-Key hold the Master

Session Key (MSK) of the EAP authentication. It is expected in access-accept

when EAP authentication succeed with certain EAP methods.

The IPv4 DNS server address to be assigned to an IKEv1/v2 remote-access

tunnel client via configuration payload: INTERNAL_IP4_DNS. In case of

IKEv2, up to four DNS server addresses can be returned to a client, including

Alc-Primary-Dns, Alc-Secondary-Dns, Alc-Ipv6-Primary-Dns and Alc-Ipv6-

Secondary-Dns.

The IPv4 DNS server address to be assigned to an IKEv2 remote-access

tunnel client via IKEv2 configuration payload: INTERNAL_IP4_DNS. Up to

four DNS server addresses can be returned to a client, including Alc-Primary-

Dns, Alc-Secondary-Dns, Alc-Ipv6-Primary-Dns and Alc-Ipv6-Secondary-

Dns.

IPSec private service id, used by IKEv1/v2 remote-access tunnel, referring to

the preconfigured VPRN where the IPSec tunnel terminates (configure

service vprn <service-id>). A default private service is used when this

attribute is omitted (configure service vprn interface sap ipsec-gw default-

secure-service). If the returned service id doesn't exist/out-of limits or exists

but not a VPRN service, the tunnel setup will fail.

RADIUS Attributes Reference

Description

Page 121

Table of Contents

Alcatel-Lucent 7750 Reference Manual page 121

Related Manuals for Alcatel-Lucent 7750

Related Products for Alcatel-Lucent 7750

Table of Contents