RADIUS Vendor-Proprietary Attributes
|
|
- Kory Heath
- 5 years ago
- Views:
Transcription
1 RADIUS s Finding Feature Information RADIUS s Last Updad: July 18, 2011 The IETF draft standard for RADIUS specifies a method for communicating vendorpropri information between the network access sv and the RADIUS sv. Howev, some vendors have exnded the RADIUS attribu set for specific applications. This document provides Cisco IOS support information for these vendorpropri RADIUS attrubus. Finding Feature Information, page 1 Suppord RADIUS s, page 1 Comprehensive List of RADIUS Descriptions, page 15 Feature Information for RADIUS s, page 26 Finding Feature Information Your software release may not support all the features documend in this module. For the last feature information and caveats, see the release nos for your platform and software release. To find information about the features documend in this module, and to see a list of the releases in which each feature is suppord, see the Feature Information Table at the end of this document. Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to An account on Cisco.com is not required. Suppord RADIUS s The table below lists Ciscosuppord vendorpropri RADIUS attribus and the Cisco IOS release in which they are implemend. In cases whe the attribu has a security svspecific format, the format is specified. Ref to RADIUS s table for a list of descriptions. 1
2 Suppord RADIUS s RADIUS s No s implemend in special (AA) or early development (T) releases will be added to the next mainline image. Table 1 Suppord RADIUS s 17 Chang e Passw ord 21 Passw ord Expira tion 68 Tunnel ID 108 My Endpoi nt Disc Alias 109 My Name Alias 110 Remot efw 111 Multic ast GLeav e Delay 112 CBCP Enable 113 CBCP Mode no no yes yes yes yes yes yes no no no no yes yes yes yes yes yes no no no no no no no no no yes yes yes 2
3 RADIUS s Suppord RADIUS s 114 CBCP Delay 115 CBCP Trunk Group 116 Applet alk Rou 117 Applet alk Pe Mode 118 Rou Applet alk 119 FCP Param et 120 Mode m PortNo 121 Mode m SlotNo 122 Mode m ShelfN o 123 Call Atm pt Limit 124 Call Block Durati on 3
4 Suppord RADIUS s RADIUS s 125 Maxim um Call Durati on 126 Rout Prefe nce 127 Tunnel ing Protoc ol 128 Shared Profile Enable 129 Primar y Home Agent 130 Secon dary Home Agent 131 Dialou t Allow ed 133 BACP Enable 134 DHCP Maxim um Leases no no no no no no no no yes yes 4
5 RADIUS s Suppord RADIUS s 135 Primar y DNS Sv 136 Secon dary DNS Sv 137 Ascen d Client Assign DNS 138 Us Acct Type 139 Us Acct Host 140 Us Acct Port 141 Us Acct Key 142 Us Acct Base 143 Us Acct Time 144 Assign IP Client no no no no yes yes yes yes yes yes no no no no yes yes yes yes yes yes no no no no no no no no yes yes 5
6 Suppord RADIUS s RADIUS s 145 Assign IP Sv 146 Assign IP Global Pool 147 DHCP Reply 148 DHCP Pool 149 Expect Callba ck 150 Event Type 151 Ascen d Sessio nsvr Key 152 Ascen d Multic ast Ra Limit 153 IF Netma sk no no no yes no no yes yes yes yes no no no yes no no yes yes yes yes 6
7 RADIUS s Suppord RADIUS s 154 h323 Remot e Addres s 155 Ascen d Multic ast Client 156 FR Circuit Name 157 FR LinkU p 158 FR Nailed Grp 159 FR Type 160 FR Link Mgt 161 FR N FR DCE N FR DTE N FR DCE N393 no no no no no no no no yes yes no no no yes no no yes yes yes yes 7
8 Suppord RADIUS s RADIUS s 165 FR DTE N FR T FR T Bridge Addres s 169 TS Idle Limit 170 TS Idle Mode 171 DBA Monit or 172 Base Chann el Count 173 Minim um Chann els 174 IPX Rou 175 FT1 Call 8
9 RADIUS s Suppord RADIUS s 176 Ipsec Backu p Gaw ay 177 rm Call Type no no no no no no no no yes yes no no no no no no no no yes yes 178 Group 179 FR DLCI 180 FR Profile Name 181 Ara PW 182 IPX Node Addr 183 Home Agent IP Addr 184 Home Agent Passw ord 185 Home Netwo rk Name 186 Home Agent UDP Port 9
10 Suppord RADIUS s RADIUS s 187 Multili nkid 188 Ascen d Num In Multili nk 189 First Dest 190 Pre Input Octs 191 Pre Output Octs 192 Pre Input Packet s 193 Pre Output Packet s 194 Maxim um Time 195 Discon nect Cause 196 Conne ct Progre ss no no no yes yes yes yes yes yes yes no no no yes yes yes yes yes yes yes no no no yes yes yes yes yes no no no no no yes yes yes yes yes no no no no no yes yes yes yes yes no no no no no yes yes yes yes yes no no no no yes yes yes yes yes yes no no no no yes yes yes yes yes yes yes yes no no no no no no yes yes yes yes 10
11 RADIUS s Suppord RADIUS s 197 Data Ra 198 PreSes sion Time 199 Token Idle 201 Requir eauth 202 Sessio ns 203 Authe n Alias 204 Token Expiry 205 Menu Select or 206 Menu Im 207 PW Warnti me 208 PW Lifeti me 209 IP Direct no no no no yes yes yes yes yes yes no no no yes yes yes yes yes yes yes no no no no no no no no yes yes no no no no no no no no yes yes no no yes yes yes yes yes yes yes yes no no no no yes yes yes yes yes yes 11
12 Suppord RADIUS s RADIUS s 210 PPP VJ Slot Compr ession 211 PPP VJ PPP Async Map 213 Third Promp t 214 Send Secret 215 Receiv e Secret 216 IPX Pe Mode 217 IP Pool 218 Static Addr Pool 219 FR Direct 220 FR Direct Profile 221 FR Direct DLCI no no yes yes yes yes yes yes yes yes no no no no no no yes yes yes yes no no yes yes yes yes yes yes yes yes no no yes yes yes yes yes yes yes yes 12
13 RADIUS s Suppord RADIUS s 222 Handle IPX 223 Netwa re Timeo ut 224 IPX Alias 225 Metric 226 PRI Type 227 Dial 228 Rou IP 229 Rou IPX no no no no no no yes yes yes yes no no yes yes yes yes yes yes yes yes 230 Bridge 231 Send Auth 232 Send Passw d 233 Link Compr ession 234 Target Util no no no no no no yes yes yes yes no no yes yes yes yes yes yes yes yes no no no yes no yes yes yes yes yes 13
14 Suppord RADIUS s RADIUS s 235 Maxim um Chann els 236 Inc Chann el Count 237 Dec Chann el Count 238 Secon dsof Histor y 239 Histor y Weigh Type 240 Add Secon ds 241 Remov e Secon ds 242 Data Filt 243 Call Filt 244 Idle Limit 245 Preem pt Limit no no yes yes yes yes yes yes yes yes no no yes yes yes yes yes yes yes yes no no no no no no no no yes yes no no yes yes yes yes yes yes yes yes 14
15 RADIUS s Comprehensive List of RADIUS Descriptions 246 Callba ck 247 Data Svic e 248 Force Billing 250 Call By Call 251 Transit 252 Host Info 253 PPP Addres s 254 MPP Idle Pcen t 255 Xmit Ra no no no no no no no no yes yes no no no no no no yes yes yes yes no no no no no no yes yes yes yes no no no yes yes yes yes yes yes yes Comprehensive List of RADIUS Descriptions The table below lists and describes the known vendorpropri RADIUS attribus: 15
16 Comprehensive List of RADIUS Descriptions RADIUS s Table 2 RADIUS s Description 17 ChangePassword Specifies a request to change the password of a us. 21 PasswordExpiration Specifies an expiration da for a us s password in the us s file entry. 68 TunnelID (Ascend 5) Specifies the string assigned by RADIUS for each session using CLID or DNIS tunneling. When accounting is implemend, this value is used for accoutning. 108 MyEndpointDiscAlias (Ascend 5) No description 109 MyNameAlias (Ascend 5) No description 110 RemoFW (Ascend 5) No description 111 MulticastGLeaveDelay (Ascend 5) No description 112 CBCPEnable (Ascend 5) No description 113 CBCPMode (Ascend 5) No description 114 CBCPDelay (Ascend 5) No description 115 CBCPTrunkGroup (Ascend 5) No description 116 AppletalkRou (Ascend 5) No description 117 AppletalkPeMode (Ascend 5) No description 118 RouAppletalk (Ascend 5) No description 119 FCPParamet (Ascend 5) No description 16
17 RADIUS s Comprehensive List of RADIUS Descriptions Description 120 ModemPortNo (Ascend 5) No description 121 ModemSlotNo (Ascend 5) No description 122 ModemShelfNo (Ascend 5) No description 123 CallAtmptLimit (Ascend 5) No description 124 CallBlockDuration (Ascend 5) No description 125 MaximumCallDuration (Ascend 5) No description 126 RoutPrefence (Ascend 5) No description 127 TunnelingProtocol (Ascend 5) No description 128 SharedProfileEnable (Ascend 5) No description 129 PrimaryHomeAgent (Ascend 5) No description 130 SecondaryHomeAgent (Ascend 5) No description 131 DialoutAllowed (Ascend 5) No description 133 BACPEnable (Ascend 5) No description 134 DHCPMaximumLeases (Ascend 5) No description 135 PrimaryDNSSv Identifies a primary DNS sv that can be requesd by Microsoft PPP clients from the network access sv during IPCP negotiation. 17
18 Comprehensive List of RADIUS Descriptions RADIUS s Description 136 SecondaryDNSSv Identifies a secondary DNS sv that can be requesd by Microsoft PPP clients from the network access sv during IPCP negotiation. 137 ClientAssignDNS No description 138 UsAcctType No description 139 UsAcctHost No description 140 UsAcctPort No description 141 UsAcctKey No description 142 UsAcctBase No description 143 UsAcctTime No description 144 AssignIPClient No description 145 AssignIPSv No description 146 AssignIPGlobalPool No description 147 DHCPReply No description 148 DHCPPool No description 149 ExpectCallback No description 150 EventType No description 151 SessionSvrKey No description 152 MulticastRaLimit No description 153 IFNetmask No description 154 RemoAddr No description 155 MulticastClient No description 156 FRCircuitName No description 157 FRLinkUp No description 158 FRNailedGrp No description 159 FRType No description 160 FRLinkMgt No description 161 FRN391 No description 18
19 RADIUS s Comprehensive List of RADIUS Descriptions Description 162 FRDCEN392 No description 163 FRDTEN392 No description 164 FRDCEN393 No description 165 FRDTEN393 No description 166 FRT391 No description 167 FRT392 No description 168 BridgeAddress No description 169 TSIdleLimit No description 170 TSIdleMode No description 171 DBAMonitor No description 172 BaseChannelCount No description 173 MinimumChannels No description 174 IPXRou No description 175 FT1Call No description 176 Backup No description 177 CallType No description 178 Group No description 179 FRDLCI No description 180 FRProfileName No description 181 AraPW No description 182 IPXNodeAddr No description 183 HomeAgentIPAddr Indicas the home agent s IP address (in dotd decimal format) when using Ascend Tunnel Management Protocol (ATMP). 184 HomeAgentPassword With ATMP, specifies the password that the foreign agent uses to authentica itself. 19
20 Comprehensive List of RADIUS Descriptions RADIUS s Description 185 HomeNetworkName With ATMP, indicas the name of the connection profile to which the home agent sends all packets. 186 HomeAgentUDPPort Indicas the UDP port numb the foreign agent uses to send ATMP messages to the home agent. 187 MultilinkID Reports the identification numb of the multilink bundle when the session closes. This attribu applies to sessions that are part of a multilink bundle. The MultilinkID attribu is sent in authenticationresponse packets. 188 NumInMultilink Reports the numb of sessions remaining in a multilink bundle when the session repord in an accountingstop packet closes. This attribu applies to sessions that are part of a multilink bundle. The NumInMultilink attribu is sent in authenticationresponse packets and in some accountingrequest packets. 189 FirstDest Records the destination IP address of the first packet received aft authentication. 190 PreInputOcts Records the numb of input octs before authentication. The PreInputOcts attribu is sent in accountingstop records. 191 PreOutputOcts Records the numb of output octs before authentication. The PreOutputOcts attribu is sent in accountingstop records. 192 PreInputPackets Records the numb of input packets before authentication. The PreInputPackets attribu is sent in accountingstop records. 193 PreOutputPackets Records the numb of output packets before authentication. The PreOutputPackets attribu is sent in accountingstop records. 20
21 RADIUS s Comprehensive List of RADIUS Descriptions Description 194 MaximumTime Specifies the maximum length of time (in seconds) allowed for any session. Aft the session reaches the time limit, its connection is dropped. 195 DisconnectCause Specifies the reason a connection was taken offline. The DisconnectCause attribu is sent in accountingstop records. This attribu also causes stop records to be genad without first genating start records if disconnection occurs before authentication is pformed. For more information, ref to the table of DisconnectCause Values and their meanings. 196 ConnectProgress Indicas the connection sta before the connection is disconnecd. 197 DataRa Specifies the avage numb of bits p second ov the course of the connection s lifetime. The DataRa attribu is sent in accountingstop records. 198 PreSessionTime Specifies the length of time, in seconds, from when a call first connects to when it comples authentication. The PreSession Time attribu is sent in accountingstop records. 199 TokenIdle Indicas the maximum amount of time (in minus) a cached token can remain alive between authentications. 201 RequireAuth Defines wheth additional authentication is required for class that has been CLID authenticad. 202 Sessions Specifies the numb of active sessions (p class) repord to the RADIUS accounting sv. 21
22 Comprehensive List of RADIUS Descriptions RADIUS s Description 203 AuthenAlias Defines the RADIUS sv s login name during PPP authentication. 204 TokenExpiry Defines the lifetime of a cached token. 205 MenuSelector Defines a string to be used to cue a us to input data. 206 MenuIm Specifies a single menuim for a usprofile. Up to 20 menu ims can be assigned p profile. 207 PWWarntime (Ascend 5) No description 208 PWLifetime Enables you to specify on a pus basis the numb of days that a password is valid. 209 IPDirect When you include this attribu in a us s file entry, a framed rou is installed to the routing and bridging tables. No Packet routing is dependent upon the entire table, not just this newly installed entry. The inclusion of this attribu does not guarane that all packets should be sent to the specified IP address; thus, this attribu is not fully suppord. These attribu limitations occur because the Cisco rout cannot bypass all intnal routing and bridging tables and send packets to a specified IP address. 210 PPPVJSlotComp Instructs the Cisco rout not to use slot compression when sending VJcompressed packets ov a PPP link. 211 PPPVJ1172 Instructs PPP to use the 0x0037 value for VJ compression. 22
23 RADIUS s Comprehensive List of RADIUS Descriptions Description 212 PPPAsyncMap Gives the Cisco rout the asynchronous control charact map for the PPP session. The specified control characts are passed through the PPP link as data and used by applications running ov the link. 213 ThirdPrompt Defines a third prompt (aft usname and password) for additional us input. 214 SendSecret Enables an encrypd password to be used in place of a regular password in outdial profiles. 215 ReceiveSecret Enables an encrypd password to be vified by the RADIUS sv. 216 IPXPeMode (Ascend 5) No description 217 IPPoolDefinition Defines a pool of addresses using the following format: X a.b.c Z; whe X is the pool index numb, a.b.c is the pool s starting IP address, and Z is the numb of IP addresses in the pool. For example, allocas through for dynamic assignment. 218 AssignIPPool Tells the rout to assign the us and IP address from the IP pool. 219 FRDirect Defines wheth the connection profile opas in Frame Relay redirect mode. 220 FRDirectProfile Defines the name of the Frame Relay profile carrying this connection to the Frame Relay switch. 221 FRDirectDLCI Indicas the DLCI carrying this connection to the Frame Relay switch. 222 HandleIPX Indicas how NCP watchdog requests will be handled. 23
24 Comprehensive List of RADIUS Descriptions RADIUS s Description 223 NetwareTimeout Defines, in minus, how long the RADIUS sv responds to NCP watchdog packets. 224 IPXAlias Allows you to define an alias for IPX routs requiring numbed intfaces. 225 Metric No description 226 PRIType No description 227 Dial Defines the numb to dial. 228 RouIP Indicas wheth IP routing is allowed for the us s file entry. 229 RouIPX Allows you to enable IPX routing. 230 Bridge No description 231 SendAuth Defines the protocol to use (PAP or CHAP) for usnamepassword authentication following CLID authentication. 232 SendPasswd Enables the RADIUS sv to specify the password that is sent to the remo end of a connection on outgoing calls. 233 LinkCompression Defines wheth to turn on or turn off stac compression ov a PPP link. Link compression is defined as a numic value as follows: 0: None 1: Stac 2: StacDraft9 3: MSStac 234 TargetUtil Specifies the loadthreshold pcentage value for bringing up an additional channel when PPP multilink is defined. 235 MaximumChannels Specifies allowed/allocatable maximum numb of channels. 24
25 RADIUS s Comprehensive List of RADIUS Descriptions Description 236 IncChannelCount No description 237 DecChannelCount No description 238 SecondsofHistory No description 239 HistoryWeighType No description 240 AddSeconds No description 241 RemoveSeconds No description 242 DataFilt Defines pus IP data filts. These filts are retrieved only when a call is placed using a RADIUS outgoing profile or answed using a RADIUS incoming profile. Filt entries are applied on a firstmatch basis; thefore, the ord in which filt entries are end is important. 243 CallFilt Defines pus IP data filts. On a Cisco rout, this attribu is identical to the DataFilt attribu. 244 IdleLimit Specifies the maximum time (in seconds) that any session can be idle. When the session reaches the idle time limit, its connection is dropped. 245 PreemptLimit No description 246 Callback Allows you to enable or disable callback. 247 DataSvc No description 248 Force56 Detmines wheth the network access sv uses only the 56 K portion of a channel, even when all 64 K appear to be 249 Billing No description 250 CallByCall No description 251 Transit No description 252 HostInfo No description 25
26 Feature Information for RADIUS s RADIUS s Description 253 PPPAddress Indicas the IP address repord to the calling unit during PPP IPCP negotiations. 254 MPPIdlePcent No description 255 XmitRa (Ascend 5) No description For more information on vendorpropritary RADIUS attribus, ref to the section Configuring Rout for RADIUS Sv Communication in the chapt Configuring RADIUS. Feature Information for RADIUS s The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless nod othwise, subsequent releases of that software release train also support that feature. Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to An account on Cisco.com is not required. Table 3 Feature Information for RADIUS s Feature Name Releases Feature Information RADIUS s 12.2(1)XE The IETF draft standard for RADIUS specifies a method for communicating vendorpropri information between the network access sv and the RADIUS sv. Howev, some vendors have exnded the RADIUS attribu set for specific applications. This document provides Cisco IOS support information for these vendorpropri RADIUS attrubus. In 12.2(1) XE, this feature was introduced. Cisco and the Cisco Logo are trademarks of Cisco Sysms, Inc. and/or its affilias in the U.S. and oth countries. A listing of Cisco's trademarks can be found at Third party trademarks mentioned are the propty of their respective owns. The use of the word partn does not imply a partnship relationship between Cisco and any oth company. (1005R) 26
27 RADIUS s Any Intnet Protocol (IP) addresses and phone numbs used in this document are not innded to be actual addresses and phone numbs. Any examples, command display output, network topology diagrams, and oth figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbs in illustrative connt is uninntional and coincidental. 27
Vendor-Proprietary Attribute
RADIUS s The IETF draft standard for RADIUS specifies a method for communicating vendor-proprietary information between the network access server and the RADIUS server. However, some vendors have extended
More informationRADIUS Vendor-Proprietary Attributes
RADIUS Vendor-Proprietary Attributes Last Updated: January 17, 2012 The IETF draft standard for RADIUS specifies a method for communicating vendor-proprietary information between the network access server
More informationRADIUS Attributes. In This Appendix. RADIUS Attributes Overview. IETF Attributes Versus VSAs
RADIUS Attributes Remote Authentication Dial-In User Service (RADIUS) attributes are used to define specific authentication, authorization, and accounting elements in a user profile, which is stored on
More informationRADIUS Attributes Configuration Guide, Cisco IOS Release 12.2SX
RADIUS Attributes Configuration Guide, Cisco IOS Release 12.2SX Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS
More informationRADIUS Attributes Configuration Guide, Cisco IOS Release 15S
Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION
More informationRADIUS Attributes Overview and RADIUS IETF Attributes
RADIUS Attributes Overview and RADIUS IETF Attributes Remote Authentication Dial-In User Service (RADIUS) attributes are used to define specific authentication, authorization, and accounting (AAA) elements
More informationRADIUS Attributes Overview and RADIUS IETF Attributes
RADIUS Attributes Overview and RADIUS IETF Attributes First Published: March 19, 2001 Last Updated: September 23, 2009 Remote Authentication Dial-In User Service (RADIUS) attributes are used to define
More informationRADIUS Commands. Cisco IOS Security Command Reference SR
RADIUS Commands This chapter describes the commands used to configure RADIUS. RADIUS is a distributed client/server system that secures networks against unauthorized access. In the Cisco implementation,
More informationRADIUS Vendor-Specific Attributes (VSA) and RADIUS Disconnect-Cause Attribute Values
RADIUS Vendor-Specific Attributes (VSA) and RADIUS Disconnect-Cause Attribute Values First Published: September 23, 2005 Last Updated: August 18, 2010 The Internet Engineering Task Force (IETF) draft standard
More informationthus, the newly created attribute is accepted if the user accepts attribute 26.
Remote Authentication Dial-In User Service (RADIUS) attributes are used to define specific authentication, authorization, and accounting (AAA) elements in a user profile, which is stored on the RADIUS
More informationthus, the newly created attribute is accepted if the user accepts attribute 26.
Remote Authentication Dial-In User Service (RADIUS) attributes are used to define specific authentication, authorization, and accounting (AAA) elements in a user profile, which is stored on the RADIUS
More informationRADIUS Attributes Configuration Guide
Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION
More informationConfiguring RADIUS. Finding Feature Information. Prerequisites for RADIUS
The RADIUS security system is a distributed client/server system that secures networks against unauthorized access. In the Cisco implementation, RADIUS clients run on Cisco devices and send authentication
More informationRADIUS Attributes. RADIUS IETF Attributes
Remote Authentication Dial-In User Service (RADIUS) attributes are used to define specific authentication, authorization, and accounting (AAA) elements in a user profile, which is stored on the RADIUS
More informationImplementing ADSL and Deploying Dial Access for IPv6
Implementing ADSL and Deploying Dial Access for IPv6 Last Updated: July 31, 2012 Finding Feature Information, page 1 Restrictions for Implementing ADSL and Deploying Dial Access for IPv6, page 1 Information
More informationRADIUS Configuration Guide Cisco IOS XE Release 2
RADIUS Configuration Guide Cisco IOS XE Release 2 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387)
More informationEncrypted Vendor-Specific Attributes
Encrypted Vendor-Specific Attributes Last Updated: January 15, 2012 The Encrypted Vendor-Specific Attributes feature provides users with a way to centrally manage filters at a RADIUS server and supports
More informationThe MSCHAP Version 2 feature (introduced in Cisco IOS Release 12.2(2)XB5) allows Cisco routers to
The feature (introduced in Cisco IOS Release 12.2(2)XB5) allows Cisco routers to utilize Microsoft Challenge Handshake Authentication Protocol Version 2 (MSCHAP V2) authentication for PPP connections between
More informationConfiguring Authorization
The AAA authorization feature is used to determine what a user can and cannot do. When AAA authorization is enabled, the network access server uses information retrieved from the user s profile, which
More informationRADIUS Vendor-Specific Attributes and RADIUS Disconnect-Cause Attribute Values
RADIUS s and RADIUS Disconnect-Cause Values The Internet Engineering Task Force (IETF) draft standard specifies a method for communicating vendor-specific information between the network access server
More informationEncrypted Vendor-Specific Attributes
The feature provides users with a way to centrally manage filters at a RADIUS server and supports the following types of string vendor-specific attributes (VSAs): Tagged String VSA, on page 2 (similar
More informationRADIUS Configuration Guide, Cisco IOS XE Everest (Cisco ASR 900 Series)
RADIUS Configuration Guide, Cisco IOS XE Everest 16.5.1 (Cisco ASR 900 Series) Configuring RADIUS 2 Finding Feature Information 2 Prerequisites for RADIUS 2 Information About RADIUS 2 How to Configure
More informationaaa max-sessions maximum-number-of-sessions The default value for aaa max-sessions command is platform dependent. Release 15.0(1)M.
aaa max-sessions aaa max-sessions To set the maximum number of simultaneous authentication, authorization, and accounting (AAA) connections permitted for a user, use the aaa max-sessions command in global
More informationConfiguring Authorization
Configuring Authorization AAA authorization enables you to limit the services available to a user. When AAA authorization is enabled, the network access server uses information retrieved from the user
More informationRADIUS Logical Line ID
The feature, also known as the Logical Line Identification (LLID) Blocking feature enables administrators to track their customers on the basis of the physical lines on which customer calls originate.
More informationRADIUS for Multiple UDP Ports
RADIUS security servers are identified on the basis of their hostname or IP address, hostname and specific UDP port numbers, or IP address and specific UDP port numbers. The combination of the IP address
More informationPPP over Frame Relay
The feature allows a router to establish end-to-end Point-to-Point Protocol (PPP) sessions over Frame Relay. Finding Feature Information, page 1 Prerequisites for, page 1 Restrictions for, page 2 Information
More informationAAA Server Groups. Finding Feature Information. Information About AAA Server Groups. AAA Server Groups
Configuring a device to use authentication, authorization, and accounting (AAA) server groups provides a way to group existing server hosts. Grouping existing server hosts allows you to select a subset
More informationConfiguring the DHCP Server On-Demand Address Pool Manager
Configuring the DHCP Server On-Demand Address Pool Manager The Cisco IOS XE DHCP server on-demand address pool (ODAP) manager is used to centralize the management of large pools of addresses and simplify
More informationConfiguring the Physical Subscriber Line for RADIUS Access and Accounting
Configuring the Physical Subscriber Line for RADIUS Access and Accounting Last Updated: December 5, 2011 Configuring a physical subscriber line for RADIUS Access and Accounting enables an L2TP access concentrator
More informationConfiguring TCP Header Compression
Configuring TCP Header Compression First Published: January 30, 2006 Last Updated: May 5, 2010 Header compression is a mechanism that compresses the IP header in a packet before the packet is transmitted.
More informationRADIUS Tunnel Preference for Load Balancing
RADIUS Tunnel Preference for Load Balancing and Fail-Over Finding Feature Information RADIUS Tunnel Preference for Load Balancing and Fail-Over Last Updated: July 18, 2011 The RADIUS Tunnel Preference
More informationConfiguring RADIUS. Finding Feature Information. Prerequisites for RADIUS. Last Updated: November 2, 2012
Configuring RADIUS Last Updated: November 2, 2012 The RADIUS security system is a distributed client/server system that secures networks against unauthorized access. In the Cisco implementation, RADIUS
More informationPPPoE Client DDR Idle-Timer
The feature supports the dial-on-demand routing (DDR) interesting traffic control list functionality of the dialer interface with a PPP over Ethernet (PPPoE) client, but also keeps original functionality
More informationConfiguring TACACS. Finding Feature Information. Prerequisites for Configuring TACACS
TACACS+ is a security application that provides centralized validation of users attempting to gain access to a router or network access server. TACACS+ provides detailed accounting information and flexible
More informationHPE FlexNetwork MSR Router Series
HPE FlexNetwork MSR Router Series Comware 7 Layer 2 - WAN Access Configuration Guides Part number: 5998-8783 Software version: CMW710-E0407 Document version: 6W100-20160526 Copyright 2016 Hewlett Packard
More informationConfiguring BACP. Cisco IOS Dial Technologies Configuration Guide DC-667
This chapter describes how to configure the Bandwidth Allocation Control Protocol (BACP), described in RFC 2125. It includes the following main sections: BACP Overview How to Configure BACP Monitoring
More informationDHCP Client on WAN Interfaces
DHCP Client on WAN Interfaces First Published: February 25, 2002 Last Updated: September 12, 2008 The DHCP Client on WAN Interfaces feature extends the Dynamic Host Configuration Protocol (DHCP) to allow
More informationDHCP Server RADIUS Proxy
The Dynamic Host Configuration Protocol (DHCP) Server RADIUS Proxy is a RADIUS-based address assignment mechanism in which a DHCP server authorizes remote clients and allocates addresses based on replies
More informationRemote Access MPLS-VPNs
First Published: August 12, 2002 Last Updated: May 4, 2009 The feature allows the service provider to offer a scalable end-to-end Virtual Private Network (VPN) service to remote users. This feature integrates
More informationRADIUS Change of Authorization
The (CoA) feature provides a mechanism to change the attributes of an authentication, authorization, and accounting (AAA) session after it is authenticated. When a policy changes for a user or user group
More informationRADIUS Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 920 Series)
RADIUS Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 920 Series) Configuring RADIUS 2 Finding Feature Information 2 Prerequisites for RADIUS 2 Information About RADIUS 2 How to Configure RADIUS
More informationDiameter NASREQ Application. Status of this Memo. This document is an Internet-Draft and is subject to all provisions of Section 10 of RFC2026.
AAA Working Group Pat R. Calhoun Internet-Draft Black Storm Networks Category: Standards Track William Bulley Merit Network, Inc. Allan C. Rubens Tut Systems, Inc.
More informationRADIUS Tunnel Attribute Extensions
The feature allows a name to be specified (other than the default) for the tunnel initiator and the tunnel terminator in order to establish a higher level of security when setting up VPN tunneling. Finding
More informationConfiguring the DHCP Server On-Demand Address Pool Manager
Configuring the DHCP Server On-Demand Address Pool Manager The Cisco IOS XE DHCP server on-demand address pool (ODAP) manager is used to centralize the management of large pools of addresses and simplify
More informationConfiguring Security on the GGSN
CHAPTER 12 This chapter describes how to configure security features on the gateway GPRS support node (GGSN), including Authentication, Authorization, and Accounting (AAA), and RADIUS. IPSec on the Cisco
More informationCCNA 4 - Final Exam (A)
CCNA 4 - Final Exam (A) 1. A network administrator is asked to design a system to allow simultaneous access to the Internet for 250 users. The ISP for this network can only supply five public IPs. What
More informationConfiguring the Cisco IOS DHCP Relay Agent
All Cisco devices that run Cisco software include a DHCP server and the relay agent software. A DHCP relay agent is any host or IP device that forwards DHCP packets between clients and servers. This module
More informationHP MSR Router Series. Layer 2 - WAN Access Configuration Guide(V7)
HP MSR Router Series Layer 2 - WAN Access Configuration Guide(V7) Part number: 5998-7721b Software version: CMW710-R0304 Document version: 6PW104-20150914 Legal and notice information Copyright 2015 Hewlett-Packard
More informationConfiguring X.25 on ISDN Using AO/DI
Configuring X.25 on ISDN Using AO/DI The chapter describes how to configure the X.25 on ISDN using the Always On/Dynamic ISDN (AO/DI) feature. It includes the following main sections: AO/DI Overview How
More informationConfiguring RTP Header Compression
Configuring RTP Header Compression First Published: January 30, 2006 Last Updated: July 23, 2010 Header compression is a mechanism that compresses the IP header in a packet before the packet is transmitted.
More informationImplementing NAT-PT for IPv6
Implementing NAT-PT for IPv6 Last Updated: August 1, 2012 Network Address Translation--Protocol Translation (NAT-PT) is an IPv6 to IPv4 translation mechanism, as defined in RFC 2765 and RFC 2766, allowing
More informationTACACS+ Configuration Guide, Cisco IOS XE Release 3S
Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION
More informationConfiguring Web-Based Authentication
This chapter describes how to configure web-based authentication on the switch. It contains these sections: Finding Feature Information, page 1 Web-Based Authentication Overview, page 1 How to Configure
More informationDebugging a Virtual Access Service Managed Gateway
Debugging a Virtual Access Service Managed Gateway Issue: 1.0 Date: 09 July 2013 Table of Contents 1 About this document... 3 1.1 Scope... 3 2 WAN connectivity... 4 2.1 ADSL... 4 2.1.1 Active data connections...
More informationAuthentication, Authorization, and Accounting Configuration Guide, Cisco IOS Release 15M&T
Authentication, Authorization, and Accounting Configuration Guide, Cisco IOS Release 15M&T Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com
More informationRedirecting Subscriber Traffic Using ISG Layer
Redirecting Subscriber Traffic Using ISG Layer 4 Redirect Finding Feature Information Redirecting Subscriber Traffic Using ISG Layer 4 Redirect Last Updated: August 21, 2011 Intelligent Services Gateway
More informationConfiguring Legacy DDR Hubs
Configuring Legacy DDR Hubs This chapter describes how to configure legacy dial-on-demand routing (DDR) on interfaces functioning as the hub in a hub-and-spoke network topology. It includes the following
More informationRADIUS Authentication and Authorization Technical Note
RADIUS Authentication and Authorization Technical Note VERSION: 9.0 UPDATED: July 2017 Copyright Notices Copyright 2002-2017 KEMP Technologies, Inc. All rights reserved. KEMP Technologies and the KEMP
More informationPPPoE Session Limit per NAS Port
PPPoE Session Limit per NAS Port First Published: March 17, 2003 Last Updated: February 28, 2006 The PPPoE Session Limit per NAS Port feature enables you to limit the number of PPP over Ethernet (PPPoE)
More informationTerminal Services Commands translate lat
translate lat translate lat To translate a connection request to another protocol connection type when receiving a local-area transport (LAT) request, use the translate lat command in global configuration
More informationRADIUS Configuration. Overview. Introduction to RADIUS. Client/Server Model
Table of Contents RADIUS Configuration 1 Overview 1 Introduction to RADIUS 1 Client/Server Model 1 Security and Authentication Mechanisms 2 Basic Message Exchange Process of RADIUS 2 RADIUS Packet Format
More informationA device that bridges the wireless link on one side to the wired network on the other.
GLOSSARY A Access point Analog Channel ARP ATM ATO A device that bridges the wireless link on one side to the wired network on the other. A circuit-switched communication path intended to carry 3.1 KHz
More informationUsing the Command Line Interface
CHAPTER 2 Using the Command Line Interface 2.1 Commonly Used Commands This section documents the Cisco Broadband Operating System (CBOS) commands and command arguments that manage the Cisco 67x. CBOS runs
More informationUsing Multilink PPP over Frame Relay
Using Multilink PPP over Frame Relay Multilink PPP is a method used to reduce latency and jitter for real-time traffic. This module contains conceptual information and configuration tasks for using Multilink
More informationPPPoE Agent Remote-ID and DSL Line Characteristics Enhancement
PPPoE Agent Remote-ID and DSL Line Characteristics Enhancement The PPPoE Agent Remote-ID and DSL Line Characteristics Enhancement feature provides a method by which the digital subscriber line access multiplexer
More informationConfiguring ISG Control Policies
Intelligent Services Gateway (ISG) is a Cisco software feature set that provides a structured framework in which edge devices can deliver flexible and scalable services to subscribers. ISG control policies
More informationAAA Authorization and Authentication Cache
AAA Authorization and Authentication Cache First Published: March 16, 2006 Last Updated: March 1, 2006 The AAA Authorization and Authentication Cache feature allows you to cache authorization and authentication
More informationConfiguring RADIUS Servers
CHAPTER 7 This chapter describes how to enable and configure the Remote Authentication Dial-In User Service (RADIUS), that provides detailed accounting information and flexible administrative control over
More informationIEEE 802.1X RADIUS Accounting
The feature is used to relay important events to the RADIUS server (such as the supplicant's connection session). The information in these events is used for security and billing purposes. Finding Feature
More informationFirewall Authentication Proxy for FTP and Telnet Sessions
Firewall Authentication Proxy for FTP and Telnet Sessions Last Updated: January 18, 2012 Before the introduction of the Firewall Authentication Proxy for FTP and Telnet Sessions feature, users could enable
More informationVirtual Private Networks (VPNs)
CHAPTER 19 Virtual Private Networks (VPNs) Virtual private network is defined as customer connectivity deployed on a shared infrastructure with the same policies as a private network. The shared infrastructure
More informationIP and Network Technologies. IP over WAN. Agenda. Agenda
IP and Network Technologies IP over WAN Address Resolution, Encapsulation, Routing, NBMA PPP, Inverse ARP, Overview IP over ATM for transport of IP datagrams over a network encapsulation and address resolution
More informationConfiguring Dial-on-Demand Routing
C H A P T E R 7 Configuring Dial-on-Demand Routing This chapter describes how to configure your communication server for dial-on-demand routing (DDR) and dial backup. For a complete description of the
More informationElastic Charging Engine 11.3 RADIUS Gateway Protocol Implementation Conformance Statement Release 7.5
[1]Oracle Communications Billing and Revenue Management Elastic Charging Engine 11.3 RADIUS Gateway Protocol Implementation Conformance Statement Release 7.5 E72005-01 April 2016 Oracle Communications
More informationvirtual-template virtual-template template-number no virtual-template Syntax Description
VPDN Commands virtual-template virtual-template To specify which virtual template will be used to clone virtual access interfaces (VAI), use the virtual-template command in BBA group configuration mode
More informationConfiguring Resource Pool Management
Configuring Resource Pool Management This chapter describes the Cisco Resource Pool Management (RPM) feature. It includes the following main sections: RPM Overview How to Configure RPM Verifying RPM Components
More informationConfiguring Client-Initiated Dial-In VPDN Tunneling
Configuring Client-Initiated Dial-In VPDN Tunneling Client-initiated dial-in virtual private dialup networking (VPDN) tunneling deployments allow remote users to access a private network over a shared
More informationQoS: Classification, Policing, and Marking on LAC Configuration Guide, Cisco IOS Release 12.4T
QoS: Classification, Policing, and Marking on LAC Configuration Guide, Cisco IOS Release 12.4T Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com
More informationCategory: Standards Track Cisco Systems Inc. David Spence Interlink Networks Inc. David Mitton Circular Networks. Feb 2004
AAA Working Group Internet-Draft Category: Standards Track Pat R. Calhoun Airespace Inc. Glen Zorn Cisco Systems Inc. David Spence Interlink Networks Inc. David Mitton Circular Networks Feb 2004 Diameter
More informationNetwork Working Group. Category: Informational February 1997
Network Working Group K. Hamzeh Request for Comments: 2107 Ascend Communications Category: Informational February 1997 Status of this Memo Ascend Tunnel Management Protocol - ATMP This memo provides information
More informationIPsec NAT Transparency
sec NAT Transparency First Published: November 25, 2002 Last Updated: March 1, 2011 The sec NAT Transparency feature introduces support for Security (sec) traffic to travel through Network Address Translation
More informationDHCP Server Port-Based Address Allocation
DHCP Server Port-Based Address Allocation Finding Feature Information DHCP Server Port-Based Address Allocation Last Updated: July 04, 2011 First Published: June 4, 2010 Last Updated: Sept 9, 2010 The
More informationConfiguring TCP Header Compression
Header compression is a mechanism that compresses the IP header in a packet before the packet is transmitted. Header compression reduces network overhead and speeds up the transmission of either Real-Time
More informationConfiguring Web-Based Authentication
This chapter describes how to configure web-based authentication on the switch. It contains these sections: Finding Feature Information, page 1 Web-Based Authentication Overview, page 1 How to Configure
More informationConfiguring Virtual Asynchronous Traffic over ISDN
Configuring Virtual Asynchronous Traffic over ISDN Cisco IOS software offers two solutions to send virtual asynchronous traffic over ISDN: Using International Telecommunication Union Telecommunication
More informationPoint-to-Point Protocol (PPP)
Point-to-Point Protocol (PPP) Accessing the WAN Chapter 2 Version 4.0 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 1 Objectives Describe the fundamental concepts of point-to-point serial
More informationL2TP Network Server. LNS Service Operation
This chapter describes the support for Layer 2 Tunneling Protocol (L2TP) Network Server (LNS) functionality on Cisco ASR 5500 chassis and explains how it is configured. The product Administration Guides
More informationPoint-to-Point Protocol (PPP) Accessing the WAN Chapter 2
Point-to-Point Protocol (PPP) Accessing the WAN Chapter 2 ITE I Chapter 6 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 1 Objectives Describe the fundamental concepts of point-to-point serial
More informationTestsDumps. Latest Test Dumps for IT Exam Certification
TestsDumps http://www.testsdumps.com Latest Test Dumps for IT Exam Certification Exam : 200-105 Title : Interconnecting Cisco Networking Devices Part 2 (ICND2 v3.0) Vendor : Cisco Version : DEMO Get Latest
More informationL2TP IPsec Support for NAT and PAT Windows Clients
L2TP IPsec Support for NAT and PAT Windows Clients The L2TP IPsec Support for NAT and PAT Windows Clients feature allows mulitple Windows client to connect to an IPsec-enabled Cisco IOS Layer 2 Tunneling
More informationConfiguring IKEv2 Packet of Disconnect
The IKEv2 Remote Access Change of Authorization (CoA) Packet of Disconnect feature terminates an active crypto IKEv2 session on Cisco supported devices. Finding Feature Information, page 1 Information
More informationConfiguring RADIUS and TACACS+ Servers
CHAPTER 13 This chapter describes how to enable and configure the Remote Authentication Dial-In User Service (RADIUS) and Terminal Access Controller Access Control System Plus (TACACS+), that provides
More informationDIAMETER Attributes. BNG DIAMETER Gx Application AVPs
DIAETER Attributes BNG Supports DIAETER Gx interface for Policy and Charging Provisioning with the PCRF, and DIAETER Gy interface for Online Charging Service with OCS. This Appendix lists the applicable
More informationConfiguring NAT for High Availability
Configuring NAT for High Availability Last Updated: December 18, 2011 This module contains procedures for configuring Network Address Translation (NAT) to support the increasing need for highly resilient
More informationDHCP Client. Finding Feature Information. Restrictions for the DHCP Client
The Cisco Dynamic Host Configuration Protocol (DHCP) Client feature allows a Cisco device to act as a host requesting configuration parameters, such as an IP address, from a DHCP server. Finding Feature
More informationHTTP 1.1 Web Server and Client
HTTP 1.1 Web Server and Client Finding Feature Information HTTP 1.1 Web Server and Client Last Updated: June 01, 2011 The HTTP 1.1 Web Server and Client feature provides a consistent interface for users
More informationConfiguring NAS-Initiated Dial-In VPDN Tunneling
Configuring NAS-Initiated Dial-In VPDN Tunneling Network access server (NAS)-initiated dial-in tunneling provides secure tunneling of a PPP session from a NAS to a tunnel server without any special knowledge
More informationConfiguring Security for the ML-Series Card
19 CHAPTER Configuring Security for the ML-Series Card This chapter describes the security features of the ML-Series card. This chapter includes the following major sections: Understanding Security, page
More informationPasswords and Privileges Commands
Passwords and Privileges Commands This chapter describes the commands used to establish password protection and configure privilege levels. Password protection lets you restrict access to a network or
More information