Radius Attributes In Preauthentication Request; Table 5: Radius Ietf Attributes In Preauthentication Request - Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - BROADBAND ACCESS CONFIGURATION GUIDE 2010-10-12 Configuration Manual
Software for e series broadband services routers broadband access configuration guide
Hide thumbs
Also See for JUNOSE SOFTWARE FOR E SERIES 11.3.X - BROADBAND ACCESS CONFIGURATION GUIDE 2010-10-12:
- Configuration manual (750 pages)
Table of Contents
Advertisement
RADIUS Attributes in Preauthentication Request
Copyright © 2010, Juniper Networks, Inc.
The router ignores any RADIUS attributes other than the Calling-Station-Id that are
returned in the preauthentication Access-Accept message.
The router encodes the LLID in the RADIUS Calling-Station-Id and sends an
4.
Access-Request message to the RADIUS authentication server.
This step is referred to as the authentication request.
The RADIUS authentication server returns an Access-Accept message to the router
5.
that includes the tunnel attributes for the subscriber session.
For tunneled PPP subscribers, the router, acting as an L2TP access concentrator
6.
(LAC), encodes the LLID into L2TP Calling Number AVP 22 and sends this to the L2TP
network server (LNS) in an incoming-call request (ICRQ) packet.
After a successful preauthentication request, the router always encodes the LLID in
Calling Number AVP 22. The use of aaa commands such as aaa tunnel
calling-number-format to control or change the inclusion of the LLID in Calling Number
AVP 22 has no effect.
Table 5 on page 75 describes the RADIUS IETF attributes that are always included in a
preauthentication request to obtain the LLID. The attributes are listed in ascending order
by standard number.
Table 5: RADIUS IETF Attributes in Preauthentication Request
Attribute
Number
Attribute Name
[1]
User-Name
[2]
User-Password
[4]
NAS-IP-Address
[5]
NAS-Port
[6]
Service-Type
[61]
NAS-Port-Type
[77]
Connect-Info
Chapter 1: Configuring Remote Access
Description
Name of the user associated with the LLID, in the format:
NAS-Port:<NAS-IP-Address>:<Nas-Port-Id>
For example, nas-port:172.28.30.117:atm 4/1.104:2.104
Password of the user to be authenticated; always set to "
juniper"
IP address of the network access server (NAS) that is
requesting authentication of the user; for example,
172.28.30.117
Physical port number of the NAS that is authenticating the
user; this is always interpreted as a bit field
Type of service the user has requested or the type of service
to be provided; for example, framed
Type of physical port the NAS is using to authenticate the
user
Actual user name; for example, jdoe@xyzcorp.east.com
75
Advertisement
Table of Contents
Troubleshooting
