Creating Attributes Of Specific Format; Cisco Asr 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide - Cisco ASR 9000 Series Configuration Manual

Configuring Authentication, Authorization, and Accounting Functions

Creating Attributes of Specific Format

BNG supports the use of configurable AAA attributes. The configurable AAA attributes have specific
user-defined formats. The following sections list some of the configurable AAA attributes used by BNG.
Username
BNG has the ability to construct AAA username and other format-supported attributes for subscribers using
MAC address, circuit-ID, remote-ID, and DHCP Option-60 (and a larger set of values available in CLI). The
DHCP option-60 is one of the newer options that is communicated by the DHCP client to the DHCP server
in its requests; it carries Vendor Class Identifier (VCI) of the DHCP client's hardware.
The MAC address attribute is specified in the CLI format in either of these forms:
• mac-address: for example, 0000.4096.3e4a
• mac-address-ietf: for example, 00-00-40-96-3E-4A
• mac-address-raw: for example, 000040963e4a
An example of constructing a username in the form "mac-address@vendor-class-ID" is:
aaa attribute format USERNAME-FORMAT format-string "%s@%s" mac-address dhcp-vendor-class
NAS-Port-ID
The NAS-Port-ID is constructed by combining BNG port information and access-node information. The BNG
port information consists of a string in this form:
"eth phy_slot/phy_subslot/phy_port:XPI.XCI"
For 802.1Q tunneling (QinQ), XPI is the outer VLAN tag and XCI is the inner VLAN tag.
If the interface is QinQ, the default format of nas-port-ID includes both the VLAN tags; if the interface is
single tag, it includes a single VLAN tag.
In the case of a single VLAN, only the outer VLAN is configured, using this syntax:
<slot>/<subslot>/<port>/<outer_vlan>
In the case of QinQ, the VLAN is configured using this syntax:
<slot>/<subslot>/<port>/<inner_vlan>.<outer_vlan>
The nas-port-ID command is extended to use the 'nas-port-type' option so that the customized format (configured
with the command shown above) can be used on a specific interface type (nas-port-type). The extended
nas-port-ID command is:
aaa radius attribute nas-port-id format <FORMAT_NAME> [type <NAS_PORT_TYPE>]
If 'type' option is not specified, then the nas-port-ID for all interface types is constructed according to the
format name specified in the command. An example of constructing a maximum 128 byte NAS-Port-ID, by
combining the BNG port information and Circuit-ID is:
aaa attribute format NAS-PORT-ID-FORMAT1 format-string length 128 "eth %s/%s/%s:%s.%s %s"
physical-slot physical-subslot physical-port outer-vlan-Id inner-vlan-id circuit-id-tag
An example of constructing the NAS-Port-ID from just the BNG port information, and with "0/0/0/0/0/0"
appended at the end for circuit-ID, is:
aaa attribute format NAS-PORT-ID-FORMAT2 format-string "eth %s/%s/%s:%s.%s 0/0/0/0/0/0"
physical-slot physical-subslot physical-port outer-vlan-Id inner-vlan-id
OL-28375-03
Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release
Creating Attributes of Specific Format
4.3.x
33