RADIUS Vendor-Proprietary Attributes

Transcription

1 RADIUS s Finding Feature Information RADIUS s Last Updad: July 18, 2011 The IETF draft standard for RADIUS specifies a method for communicating vendorpropri information between the network access sv and the RADIUS sv. Howev, some vendors have exnded the RADIUS attribu set for specific applications. This document provides Cisco IOS support information for these vendorpropri RADIUS attrubus. Finding Feature Information, page 1 Suppord RADIUS s, page 1 Comprehensive List of RADIUS Descriptions, page 15 Feature Information for RADIUS s, page 26 Finding Feature Information Your software release may not support all the features documend in this module. For the last feature information and caveats, see the release nos for your platform and software release. To find information about the features documend in this module, and to see a list of the releases in which each feature is suppord, see the Feature Information Table at the end of this document. Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to An account on Cisco.com is not required. Suppord RADIUS s The table below lists Ciscosuppord vendorpropri RADIUS attribus and the Cisco IOS release in which they are implemend. In cases whe the attribu has a security svspecific format, the format is specified. Ref to RADIUS s table for a list of descriptions. 1

2 Suppord RADIUS s RADIUS s No s implemend in special (AA) or early development (T) releases will be added to the next mainline image. Table 1 Suppord RADIUS s 17 Chang e Passw ord 21 Passw ord Expira tion 68 Tunnel ID 108 My Endpoi nt Disc Alias 109 My Name Alias 110 Remot efw 111 Multic ast GLeav e Delay 112 CBCP Enable 113 CBCP Mode no no yes yes yes yes yes yes no no no no yes yes yes yes yes yes no no no no no no no no no yes yes yes 2

3 RADIUS s Suppord RADIUS s 114 CBCP Delay 115 CBCP Trunk Group 116 Applet alk Rou 117 Applet alk Pe Mode 118 Rou Applet alk 119 FCP Param et 120 Mode m PortNo 121 Mode m SlotNo 122 Mode m ShelfN o 123 Call Atm pt Limit 124 Call Block Durati on 3

4 Suppord RADIUS s RADIUS s 125 Maxim um Call Durati on 126 Rout Prefe nce 127 Tunnel ing Protoc ol 128 Shared Profile Enable 129 Primar y Home Agent 130 Secon dary Home Agent 131 Dialou t Allow ed 133 BACP Enable 134 DHCP Maxim um Leases no no no no no no no no yes yes 4

5 RADIUS s Suppord RADIUS s 135 Primar y DNS Sv 136 Secon dary DNS Sv 137 Ascen d Client Assign DNS 138 Us Acct Type 139 Us Acct Host 140 Us Acct Port 141 Us Acct Key 142 Us Acct Base 143 Us Acct Time 144 Assign IP Client no no no no yes yes yes yes yes yes no no no no yes yes yes yes yes yes no no no no no no no no yes yes 5

6 Suppord RADIUS s RADIUS s 145 Assign IP Sv 146 Assign IP Global Pool 147 DHCP Reply 148 DHCP Pool 149 Expect Callba ck 150 Event Type 151 Ascen d Sessio nsvr Key 152 Ascen d Multic ast Ra Limit 153 IF Netma sk no no no yes no no yes yes yes yes no no no yes no no yes yes yes yes 6

7 RADIUS s Suppord RADIUS s 154 h323 Remot e Addres s 155 Ascen d Multic ast Client 156 FR Circuit Name 157 FR LinkU p 158 FR Nailed Grp 159 FR Type 160 FR Link Mgt 161 FR N FR DCE N FR DTE N FR DCE N393 no no no no no no no no yes yes no no no yes no no yes yes yes yes 7

8 Suppord RADIUS s RADIUS s 165 FR DTE N FR T FR T Bridge Addres s 169 TS Idle Limit 170 TS Idle Mode 171 DBA Monit or 172 Base Chann el Count 173 Minim um Chann els 174 IPX Rou 175 FT1 Call 8

9 RADIUS s Suppord RADIUS s 176 Ipsec Backu p Gaw ay 177 rm Call Type no no no no no no no no yes yes no no no no no no no no yes yes 178 Group 179 FR DLCI 180 FR Profile Name 181 Ara PW 182 IPX Node Addr 183 Home Agent IP Addr 184 Home Agent Passw ord 185 Home Netwo rk Name 186 Home Agent UDP Port 9

10 Suppord RADIUS s RADIUS s 187 Multili nkid 188 Ascen d Num In Multili nk 189 First Dest 190 Pre Input Octs 191 Pre Output Octs 192 Pre Input Packet s 193 Pre Output Packet s 194 Maxim um Time 195 Discon nect Cause 196 Conne ct Progre ss no no no yes yes yes yes yes yes yes no no no yes yes yes yes yes yes yes no no no yes yes yes yes yes no no no no no yes yes yes yes yes no no no no no yes yes yes yes yes no no no no no yes yes yes yes yes no no no no yes yes yes yes yes yes no no no no yes yes yes yes yes yes yes yes no no no no no no yes yes yes yes 10

11 RADIUS s Suppord RADIUS s 197 Data Ra 198 PreSes sion Time 199 Token Idle 201 Requir eauth 202 Sessio ns 203 Authe n Alias 204 Token Expiry 205 Menu Select or 206 Menu Im 207 PW Warnti me 208 PW Lifeti me 209 IP Direct no no no no yes yes yes yes yes yes no no no yes yes yes yes yes yes yes no no no no no no no no yes yes no no no no no no no no yes yes no no yes yes yes yes yes yes yes yes no no no no yes yes yes yes yes yes 11

12 Suppord RADIUS s RADIUS s 210 PPP VJ Slot Compr ession 211 PPP VJ PPP Async Map 213 Third Promp t 214 Send Secret 215 Receiv e Secret 216 IPX Pe Mode 217 IP Pool 218 Static Addr Pool 219 FR Direct 220 FR Direct Profile 221 FR Direct DLCI no no yes yes yes yes yes yes yes yes no no no no no no yes yes yes yes no no yes yes yes yes yes yes yes yes no no yes yes yes yes yes yes yes yes 12

13 RADIUS s Suppord RADIUS s 222 Handle IPX 223 Netwa re Timeo ut 224 IPX Alias 225 Metric 226 PRI Type 227 Dial 228 Rou IP 229 Rou IPX no no no no no no yes yes yes yes no no yes yes yes yes yes yes yes yes 230 Bridge 231 Send Auth 232 Send Passw d 233 Link Compr ession 234 Target Util no no no no no no yes yes yes yes no no yes yes yes yes yes yes yes yes no no no yes no yes yes yes yes yes 13

14 Suppord RADIUS s RADIUS s 235 Maxim um Chann els 236 Inc Chann el Count 237 Dec Chann el Count 238 Secon dsof Histor y 239 Histor y Weigh Type 240 Add Secon ds 241 Remov e Secon ds 242 Data Filt 243 Call Filt 244 Idle Limit 245 Preem pt Limit no no yes yes yes yes yes yes yes yes no no yes yes yes yes yes yes yes yes no no no no no no no no yes yes no no yes yes yes yes yes yes yes yes 14

15 RADIUS s Comprehensive List of RADIUS Descriptions 246 Callba ck 247 Data Svic e 248 Force Billing 250 Call By Call 251 Transit 252 Host Info 253 PPP Addres s 254 MPP Idle Pcen t 255 Xmit Ra no no no no no no no no yes yes no no no no no no yes yes yes yes no no no no no no yes yes yes yes no no no yes yes yes yes yes yes yes Comprehensive List of RADIUS Descriptions The table below lists and describes the known vendorpropri RADIUS attribus: 15

16 Comprehensive List of RADIUS Descriptions RADIUS s Table 2 RADIUS s Description 17 ChangePassword Specifies a request to change the password of a us. 21 PasswordExpiration Specifies an expiration da for a us s password in the us s file entry. 68 TunnelID (Ascend 5) Specifies the string assigned by RADIUS for each session using CLID or DNIS tunneling. When accounting is implemend, this value is used for accoutning. 108 MyEndpointDiscAlias (Ascend 5) No description 109 MyNameAlias (Ascend 5) No description 110 RemoFW (Ascend 5) No description 111 MulticastGLeaveDelay (Ascend 5) No description 112 CBCPEnable (Ascend 5) No description 113 CBCPMode (Ascend 5) No description 114 CBCPDelay (Ascend 5) No description 115 CBCPTrunkGroup (Ascend 5) No description 116 AppletalkRou (Ascend 5) No description 117 AppletalkPeMode (Ascend 5) No description 118 RouAppletalk (Ascend 5) No description 119 FCPParamet (Ascend 5) No description 16

17 RADIUS s Comprehensive List of RADIUS Descriptions Description 120 ModemPortNo (Ascend 5) No description 121 ModemSlotNo (Ascend 5) No description 122 ModemShelfNo (Ascend 5) No description 123 CallAtmptLimit (Ascend 5) No description 124 CallBlockDuration (Ascend 5) No description 125 MaximumCallDuration (Ascend 5) No description 126 RoutPrefence (Ascend 5) No description 127 TunnelingProtocol (Ascend 5) No description 128 SharedProfileEnable (Ascend 5) No description 129 PrimaryHomeAgent (Ascend 5) No description 130 SecondaryHomeAgent (Ascend 5) No description 131 DialoutAllowed (Ascend 5) No description 133 BACPEnable (Ascend 5) No description 134 DHCPMaximumLeases (Ascend 5) No description 135 PrimaryDNSSv Identifies a primary DNS sv that can be requesd by Microsoft PPP clients from the network access sv during IPCP negotiation. 17

18 Comprehensive List of RADIUS Descriptions RADIUS s Description 136 SecondaryDNSSv Identifies a secondary DNS sv that can be requesd by Microsoft PPP clients from the network access sv during IPCP negotiation. 137 ClientAssignDNS No description 138 UsAcctType No description 139 UsAcctHost No description 140 UsAcctPort No description 141 UsAcctKey No description 142 UsAcctBase No description 143 UsAcctTime No description 144 AssignIPClient No description 145 AssignIPSv No description 146 AssignIPGlobalPool No description 147 DHCPReply No description 148 DHCPPool No description 149 ExpectCallback No description 150 EventType No description 151 SessionSvrKey No description 152 MulticastRaLimit No description 153 IFNetmask No description 154 RemoAddr No description 155 MulticastClient No description 156 FRCircuitName No description 157 FRLinkUp No description 158 FRNailedGrp No description 159 FRType No description 160 FRLinkMgt No description 161 FRN391 No description 18

19 RADIUS s Comprehensive List of RADIUS Descriptions Description 162 FRDCEN392 No description 163 FRDTEN392 No description 164 FRDCEN393 No description 165 FRDTEN393 No description 166 FRT391 No description 167 FRT392 No description 168 BridgeAddress No description 169 TSIdleLimit No description 170 TSIdleMode No description 171 DBAMonitor No description 172 BaseChannelCount No description 173 MinimumChannels No description 174 IPXRou No description 175 FT1Call No description 176 Backup No description 177 CallType No description 178 Group No description 179 FRDLCI No description 180 FRProfileName No description 181 AraPW No description 182 IPXNodeAddr No description 183 HomeAgentIPAddr Indicas the home agent s IP address (in dotd decimal format) when using Ascend Tunnel Management Protocol (ATMP). 184 HomeAgentPassword With ATMP, specifies the password that the foreign agent uses to authentica itself. 19

20 Comprehensive List of RADIUS Descriptions RADIUS s Description 185 HomeNetworkName With ATMP, indicas the name of the connection profile to which the home agent sends all packets. 186 HomeAgentUDPPort Indicas the UDP port numb the foreign agent uses to send ATMP messages to the home agent. 187 MultilinkID Reports the identification numb of the multilink bundle when the session closes. This attribu applies to sessions that are part of a multilink bundle. The MultilinkID attribu is sent in authenticationresponse packets. 188 NumInMultilink Reports the numb of sessions remaining in a multilink bundle when the session repord in an accountingstop packet closes. This attribu applies to sessions that are part of a multilink bundle. The NumInMultilink attribu is sent in authenticationresponse packets and in some accountingrequest packets. 189 FirstDest Records the destination IP address of the first packet received aft authentication. 190 PreInputOcts Records the numb of input octs before authentication. The PreInputOcts attribu is sent in accountingstop records. 191 PreOutputOcts Records the numb of output octs before authentication. The PreOutputOcts attribu is sent in accountingstop records. 192 PreInputPackets Records the numb of input packets before authentication. The PreInputPackets attribu is sent in accountingstop records. 193 PreOutputPackets Records the numb of output packets before authentication. The PreOutputPackets attribu is sent in accountingstop records. 20

21 RADIUS s Comprehensive List of RADIUS Descriptions Description 194 MaximumTime Specifies the maximum length of time (in seconds) allowed for any session. Aft the session reaches the time limit, its connection is dropped. 195 DisconnectCause Specifies the reason a connection was taken offline. The DisconnectCause attribu is sent in accountingstop records. This attribu also causes stop records to be genad without first genating start records if disconnection occurs before authentication is pformed. For more information, ref to the table of DisconnectCause Values and their meanings. 196 ConnectProgress Indicas the connection sta before the connection is disconnecd. 197 DataRa Specifies the avage numb of bits p second ov the course of the connection s lifetime. The DataRa attribu is sent in accountingstop records. 198 PreSessionTime Specifies the length of time, in seconds, from when a call first connects to when it comples authentication. The PreSession Time attribu is sent in accountingstop records. 199 TokenIdle Indicas the maximum amount of time (in minus) a cached token can remain alive between authentications. 201 RequireAuth Defines wheth additional authentication is required for class that has been CLID authenticad. 202 Sessions Specifies the numb of active sessions (p class) repord to the RADIUS accounting sv. 21

22 Comprehensive List of RADIUS Descriptions RADIUS s Description 203 AuthenAlias Defines the RADIUS sv s login name during PPP authentication. 204 TokenExpiry Defines the lifetime of a cached token. 205 MenuSelector Defines a string to be used to cue a us to input data. 206 MenuIm Specifies a single menuim for a usprofile. Up to 20 menu ims can be assigned p profile. 207 PWWarntime (Ascend 5) No description 208 PWLifetime Enables you to specify on a pus basis the numb of days that a password is valid. 209 IPDirect When you include this attribu in a us s file entry, a framed rou is installed to the routing and bridging tables. No Packet routing is dependent upon the entire table, not just this newly installed entry. The inclusion of this attribu does not guarane that all packets should be sent to the specified IP address; thus, this attribu is not fully suppord. These attribu limitations occur because the Cisco rout cannot bypass all intnal routing and bridging tables and send packets to a specified IP address. 210 PPPVJSlotComp Instructs the Cisco rout not to use slot compression when sending VJcompressed packets ov a PPP link. 211 PPPVJ1172 Instructs PPP to use the 0x0037 value for VJ compression. 22

23 RADIUS s Comprehensive List of RADIUS Descriptions Description 212 PPPAsyncMap Gives the Cisco rout the asynchronous control charact map for the PPP session. The specified control characts are passed through the PPP link as data and used by applications running ov the link. 213 ThirdPrompt Defines a third prompt (aft usname and password) for additional us input. 214 SendSecret Enables an encrypd password to be used in place of a regular password in outdial profiles. 215 ReceiveSecret Enables an encrypd password to be vified by the RADIUS sv. 216 IPXPeMode (Ascend 5) No description 217 IPPoolDefinition Defines a pool of addresses using the following format: X a.b.c Z; whe X is the pool index numb, a.b.c is the pool s starting IP address, and Z is the numb of IP addresses in the pool. For example, allocas through for dynamic assignment. 218 AssignIPPool Tells the rout to assign the us and IP address from the IP pool. 219 FRDirect Defines wheth the connection profile opas in Frame Relay redirect mode. 220 FRDirectProfile Defines the name of the Frame Relay profile carrying this connection to the Frame Relay switch. 221 FRDirectDLCI Indicas the DLCI carrying this connection to the Frame Relay switch. 222 HandleIPX Indicas how NCP watchdog requests will be handled. 23

24 Comprehensive List of RADIUS Descriptions RADIUS s Description 223 NetwareTimeout Defines, in minus, how long the RADIUS sv responds to NCP watchdog packets. 224 IPXAlias Allows you to define an alias for IPX routs requiring numbed intfaces. 225 Metric No description 226 PRIType No description 227 Dial Defines the numb to dial. 228 RouIP Indicas wheth IP routing is allowed for the us s file entry. 229 RouIPX Allows you to enable IPX routing. 230 Bridge No description 231 SendAuth Defines the protocol to use (PAP or CHAP) for usnamepassword authentication following CLID authentication. 232 SendPasswd Enables the RADIUS sv to specify the password that is sent to the remo end of a connection on outgoing calls. 233 LinkCompression Defines wheth to turn on or turn off stac compression ov a PPP link. Link compression is defined as a numic value as follows: 0: None 1: Stac 2: StacDraft9 3: MSStac 234 TargetUtil Specifies the loadthreshold pcentage value for bringing up an additional channel when PPP multilink is defined. 235 MaximumChannels Specifies allowed/allocatable maximum numb of channels. 24

25 RADIUS s Comprehensive List of RADIUS Descriptions Description 236 IncChannelCount No description 237 DecChannelCount No description 238 SecondsofHistory No description 239 HistoryWeighType No description 240 AddSeconds No description 241 RemoveSeconds No description 242 DataFilt Defines pus IP data filts. These filts are retrieved only when a call is placed using a RADIUS outgoing profile or answed using a RADIUS incoming profile. Filt entries are applied on a firstmatch basis; thefore, the ord in which filt entries are end is important. 243 CallFilt Defines pus IP data filts. On a Cisco rout, this attribu is identical to the DataFilt attribu. 244 IdleLimit Specifies the maximum time (in seconds) that any session can be idle. When the session reaches the idle time limit, its connection is dropped. 245 PreemptLimit No description 246 Callback Allows you to enable or disable callback. 247 DataSvc No description 248 Force56 Detmines wheth the network access sv uses only the 56 K portion of a channel, even when all 64 K appear to be 249 Billing No description 250 CallByCall No description 251 Transit No description 252 HostInfo No description 25

26 Feature Information for RADIUS s RADIUS s Description 253 PPPAddress Indicas the IP address repord to the calling unit during PPP IPCP negotiations. 254 MPPIdlePcent No description 255 XmitRa (Ascend 5) No description For more information on vendorpropritary RADIUS attribus, ref to the section Configuring Rout for RADIUS Sv Communication in the chapt Configuring RADIUS. Feature Information for RADIUS s The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless nod othwise, subsequent releases of that software release train also support that feature. Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to An account on Cisco.com is not required. Table 3 Feature Information for RADIUS s Feature Name Releases Feature Information RADIUS s 12.2(1)XE The IETF draft standard for RADIUS specifies a method for communicating vendorpropri information between the network access sv and the RADIUS sv. Howev, some vendors have exnded the RADIUS attribu set for specific applications. This document provides Cisco IOS support information for these vendorpropri RADIUS attrubus. In 12.2(1) XE, this feature was introduced. Cisco and the Cisco Logo are trademarks of Cisco Sysms, Inc. and/or its affilias in the U.S. and oth countries. A listing of Cisco's trademarks can be found at Third party trademarks mentioned are the propty of their respective owns. The use of the word partn does not imply a partnship relationship between Cisco and any oth company. (1005R) 26

27 RADIUS s Any Intnet Protocol (IP) addresses and phone numbs used in this document are not innded to be actual addresses and phone numbs. Any examples, command display output, network topology diagrams, and oth figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbs in illustrative connt is uninntional and coincidental. 27