Vendor-Proprietary Attribute

Similar documents
RADIUS Vendor-Proprietary Attributes

RADIUS Attributes. In This Appendix. RADIUS Attributes Overview. IETF Attributes Versus VSAs

RADIUS Attributes Configuration Guide, Cisco IOS Release 15S

RADIUS Attributes Overview and RADIUS IETF Attributes

thus, the newly created attribute is accepted if the user accepts attribute 26.

thus, the newly created attribute is accepted if the user accepts attribute 26.

Configuring RADIUS. Finding Feature Information. Prerequisites for RADIUS

RADIUS Commands. Cisco IOS Security Command Reference SR

RADIUS Attributes. RADIUS IETF Attributes

RADIUS Attributes Overview and RADIUS IETF Attributes

RADIUS Attributes Configuration Guide, Cisco IOS Release 12.2SX

Configuring Authorization

RADIUS Vendor-Specific Attributes and RADIUS Disconnect-Cause Attribute Values

RADIUS Configuration Guide Cisco IOS XE Release 2

RADIUS Vendor-Specific Attributes (VSA) and RADIUS Disconnect-Cause Attribute Values

aaa max-sessions maximum-number-of-sessions The default value for aaa max-sessions command is platform dependent. Release 15.0(1)M.

Configuring Authorization

RADIUS Attributes Configuration Guide

The MSCHAP Version 2 feature (introduced in Cisco IOS Release 12.2(2)XB5) allows Cisco routers to

PPP over Frame Relay

DHCP Server RADIUS Proxy

Configuring TACACS. Finding Feature Information. Prerequisites for Configuring TACACS

Encrypted Vendor-Specific Attributes

Configuring BACP. Cisco IOS Dial Technologies Configuration Guide DC-667

Configuring X.25 on ISDN Using AO/DI

Configuring Legacy DDR Hubs

Configuring RADIUS Servers

RADIUS for Multiple UDP Ports

RADIUS Configuration Guide, Cisco IOS XE Everest (Cisco ASR 900 Series)

AAA Server Groups. Finding Feature Information. Information About AAA Server Groups. AAA Server Groups

Implementing ADSL and Deploying Dial Access for IPv6

RADIUS Logical Line ID

Configuring the DHCP Server On-Demand Address Pool Manager

DDR Routing Commands

Diameter NASREQ Application. Status of this Memo. This document is an Internet-Draft and is subject to all provisions of Section 10 of RFC2026.

RADIUS Configuration. Overview. Introduction to RADIUS. Client/Server Model

Configuring RADIUS. Finding Feature Information. Prerequisites for RADIUS. Last Updated: November 2, 2012

Using the Command Line Interface

HPE FlexNetwork MSR Router Series

Configuring the DHCP Server On-Demand Address Pool Manager

Configuring RADIUS and TACACS+ Servers

virtual-template virtual-template template-number no virtual-template Syntax Description

AAA Authorization and Authentication Cache

Virtual Private Networks (VPNs)

RADIUS Tunnel Attribute Extensions

Configuring NAS-Initiated Dial-In VPDN Tunneling

HP MSR Router Series. Layer 2 - WAN Access Configuration Guide(V7)

Number of seconds that elapse after the primary line goes down before the router activates the secondary line. The default is 0 seconds.

RADIUS Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 920 Series)

Configuring Dial-on-Demand Routing

Configuring Security on the GGSN

IEEE 802.1X RADIUS Accounting

Configuring Client-Initiated Dial-In VPDN Tunneling

Configuring Accounting

Terminal Services Commands translate lat

Autosense for ATM PVCs and MUX SNAP Encapsulation

Configuring Accounting

PPP Configuration Options

Configuring Security for the ML-Series Card

RADIUS - QUICK GUIDE AAA AND NAS?

RADIUS Attribute 66 Tunnel-Client-Endpoint Enhancements

Operation Manual AAA RADIUS HWTACACS H3C S5500-EI Series Ethernet Switches. Table of Contents

RADIUS Change of Authorization

Understanding and Troubleshooting Idle Timeouts

Configuring ISG Control Policies

Configuring Virtual Asynchronous Traffic over ISDN

frame-relay lapf n201

A device that bridges the wireless link on one side to the wired network on the other.

L2TP Network Server. LNS Service Operation

Authentication, Authorization, and Accounting Configuration Guide, Cisco IOS Release 15M&T

Configuring SIP Registration Proxy on Cisco UBE

Configuring TCP Header Compression

Category: Standards Track Cisco Systems Inc. David Spence Interlink Networks Inc. David Mitton Circular Logic. Oct 2003

Passwords and Privileges Commands

Elastic Charging Engine 11.3 RADIUS Gateway Protocol Implementation Conformance Statement Release 7.5

AAA Support for IPv6

TACACS+ Configuration Guide, Cisco IOS XE Release 3S

Configuring Resource Pool Management

Configuring Switch-Based Authentication

Category: Standards Track Cisco Systems Inc. David Spence Interlink Networks Inc. David Mitton Circular Networks. Feb 2004

RADIUS Vendor-Proprietary Attributes

Debugging a Virtual Access Service Managed Gateway

DIAMETER Attributes. BNG DIAMETER Gx Application AVPs

PPP configuration commands

Network Working Group Request for Comments: 2059 Category: Informational January 1997

SSL VPN - IPv6 Support

SSL VPN - IPv6 Support

Operation Manual User Access. Table of Contents

ppp accounting through quit

Configuring Virtual Private Networks

Encrypted Vendor-Specific Attributes

Actual4Test. Actual4test - actual test exam dumps-pass for IT exams

Table of Contents 1 AAA Overview AAA Configuration 2-1

HP VSR1000 Virtual Services Router

Effective with Cisco IOS Release 15.0(1)M, the ssg default-network command is not available in Cisco IOS software.

Configuring PPP Callback

IP and Network Technologies. IP over WAN. Agenda. Agenda

Network Working Group. Category: Informational February 1997

CCNA 4 - Final Exam Answers

Configuring Web-Based Authentication

Transcription:

RADIUS s The IETF draft standard for RADIUS specifies a method for communicating vendor-proprietary information between the network access server and the RADIUS server. However, some vendors have extended the RADIUS attribute set for specific applications. This document provides Cisco IOS support information for these vendor-proprietary RADIUS attrubutes. Finding Feature Information, page 1 Comprehensive List of Vendor-Proprietary RADIUS Attribute s, page 1 Feature Information for RADIUS s, page 13 Finding Feature Information Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module. Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required. Comprehensive List of Vendor-Proprietary RADIUS Attribute s The table below lists and describes the known vendor-proprietary RADIUS attributes: Table 1: Vendor-Proprietary RADIUS Attributes 17 Change-Password Specifies a request to change the password of a user. 1

Comprehensive List of Vendor-Proprietary RADIUS Attribute s RADIUS s 21 68 108 109 110 111 112 113 114 115 116 117 118 119 120 Password-Expiration Tunnel-ID My-Endpoint-Disc-Alias My-Name-Alias Remote-FW Multicast-GLeave-Delay CBCP-Enable CBCP-Mode CBCP-Delay CBCP-Trunk-Group Appletalk-Route Appletalk-Peer-Mode Route-Appletalk FCP-Parameter Modem-PortNo Specifies an expiration date for a user s password in the user s file entry. (Ascend 5) Specifies the string assigned by RADIUS for each session using CLID or DNIS tunneling. When accounting is implemented, this value is used for accoutning. 2

RADIUS s Comprehensive List of Vendor-Proprietary RADIUS Attribute s 121 122 123 124 125 126 127 128 129 130 131 133 134 135 Modem-SlotNo Modem-ShelfNo Call-Attempt-Limit Call-Block-Duration Maximum-Call-Duration Router-Preference Tunneling-Protocol Shared-Profile-Enable Primary-Home-Agent Secondary-Home-Agent Dialout-Allowed BACP-Enable DHCP-Maximum-Leases Primary-DNS-Server Identifies a primary DNS server that can be requested by Microsoft PPP clients from the network access server during IPCP negotiation. 3

Comprehensive List of Vendor-Proprietary RADIUS Attribute s RADIUS s 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 Secondary-DNS-Server Client-Assign-DNS User-Acct-Type User-Acct-Host User-Acct-Port User-Acct-Key User-Acct-Base User-Acct-Time Assign-IP-Client Assign-IP-Server Assign-IP-Global-Pool DHCP-Reply DHCP-Pool- Expect-Callback Event-Type Session-Svr-Key Multicast-Rate-Limit IF-Netmask Remote-Addr Multicast-Client FR-Circuit-Name FR-LinkUp FR-Nailed-Grp Identifies a secondary DNS server that can be requested by Microsoft PPP clients from the network access server during IPCP negotiation. 4

RADIUS s Comprehensive List of Vendor-Proprietary RADIUS Attribute s 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 FR-Type FR-Link-Mgt FR-N391 FR-DCE-N392 FR-DTE-N392 FR-DCE-N393 FR-DTE-N393 FR-T391 FR-T392 Bridge-Address TS-Idle-Limit TS-Idle-Mode DBA-Monitor Base-Channel-Count Minimum-Channels IPX-Route FT1-Caller Backup Call-Type Group FR-DLCI FR-Profile-Name Ara-PW IPX-Node-Addr 5

Comprehensive List of Vendor-Proprietary RADIUS Attribute s RADIUS s 183 184 185 186 187 188 189 190 191 Home-Agent-IP-Addr Home-Agent-Password Home-Network-Name Home-Agent-UDP-Port Multilink-ID Num-In-Multilink First-Dest Pre-Input-Octets Pre-Output-Octets Indicates the home agent s IP address (in dotted decimal format) when using Ascend Tunnel Management Protocol (ATMP). With ATMP, specifies the password that the foreign agent uses to authenticate itself. With ATMP, indicates the name of the connection profile to which the home agent sends all packets. Indicates the UDP port number the foreign agent uses to send ATMP messages to the home agent. Reports the identification number of the multilink bundle when the session closes. This attribute applies to sessions that are part of a multilink bundle. The Multilink-ID attribute is sent in authentication-response packets. Reports the number of sessions remaining in a multilink bundle when the session reported in an accounting-stop packet closes. This attribute applies to sessions that are part of a multilink bundle. The Num-In-Multilink attribute is sent in authentication-response packets and in some accounting-request packets. Records the destination IP address of the first packet received after authentication. Records the number of input octets before authentication. The Pre-Input-Octets attribute is sent in accounting-stop records. Records the number of output octets before authentication. The Pre-Output-Octets attribute is sent in accounting-stop records. 6

RADIUS s Comprehensive List of Vendor-Proprietary RADIUS Attribute s 192 193 194 195 196 197 198 Pre-Input-Packets Pre-Output-Packets Maximum-Time Disconnect-Cause Connect-Progress Data-Rate PreSession-Time Records the number of input packets before authentication. The Pre-Input-Packets attribute is sent in accounting-stop records. Records the number of output packets before authentication. The Pre-Output-Packets attribute is sent in accounting-stop records. Specifies the maximum length of time (in seconds) allowed for any session. After the session reaches the time limit, its connection is dropped. Specifies the reason a connection was taken offline. The Disconnect-Cause attribute is sent in accounting-stop records. This attribute also causes stop records to be generated without first generating start records if disconnection occurs before authentication is performed. For more information, refer to the table of Disconnect-Cause Attribute Values and their meanings. Indicates the connection state before the connection is disconnected. Specifies the average number of bits per second over the course of the connection s lifetime. The Data-Rate attribute is sent in accounting-stop records. Specifies the length of time, in seconds, from when a call first connects to when it completes authentication. The PreSession-Time attribute is sent in accounting-stop records. 7

Comprehensive List of Vendor-Proprietary RADIUS Attribute s RADIUS s 199 201 202 203 204 205 206 207 208 Token-Idle Require-Auth -Sessions Authen-Alias Token-Expiry Menu-Selector Menu-Item PW-Warntime PW-Lifetime Indicates the maximum amount of time (in minutes) a cached token can remain alive between authentications. Defines whether additional authentication is required for class that has been CLID authenticated. Specifies the number of active sessions (per class) reported to the RADIUS accounting server. Defines the RADIUS server s login name during PPP authentication. Defines the lifetime of a cached token. Defines a string to be used to cue a user to input data. Specifies a single menu-item for a user-profile. Up to 20 menu items can be assigned per profile. Enables you to specify on a per-user basis the number of days that a password is valid. 8

RADIUS s Comprehensive List of Vendor-Proprietary RADIUS Attribute s 209 210 211 212 213 214 215 IP-Direct PPP-VJ-Slot-Comp PPP-VJ-1172 PPP-Async-Map Third-Prompt Send-Secret Receive-Secret When you include this attribute in a user s file entry, a framed route is installed to the routing and bridging tables. Note Packet routing is dependent upon the entire table, not just this newly installed entry. The inclusion of this attribute does not guarantee that all packets should be sent to the specified IP address; thus, this attribute is not fully supported. These attribute limitations occur because the Cisco router cannot bypass all internal routing and bridging tables and send packets to a specified IP address. Instructs the Cisco router not to use slot compression when sending VJ-compressed packets over a PPP link. Instructs PPP to use the 0x0037 value for VJ compression. Gives the Cisco router the asynchronous control character map for the PPP session. The specified control characters are passed through the PPP link as data and used by applications running over the link. Defines a third prompt (after username and password) for additional user input. Enables an encrypted password to be used in place of a regular password in outdial profiles. Enables an encrypted password to be verified by the RADIUS server. 9

Comprehensive List of Vendor-Proprietary RADIUS Attribute s RADIUS s 216 217 218 219 220 221 222 223 224 225 226 227 228 IPX-Peer-Mode IP-Pool-Definition Assign-IP-Pool FR-Direct FR-Direct-Profile FR-Direct-DLCI Handle-IPX Netware-Timeout IPX-Alias Metric PRI--Type Dial- Route-IP Defines a pool of addresses using the following format: X a.b.c Z; where X is the pool index number, a.b.c is the pool s starting IP address, and Z is the number of IP addresses in the pool. For example, 3 10.0.0.1 5 allocates 10.0.0.1 through 10.0.0.5 for dynamic assignment. Tells the router to assign the user and IP address from the IP pool. Defines whether the connection profile operates in Frame Relay redirect mode. Defines the name of the Frame Relay profile carrying this connection to the Frame Relay switch. Indicates the DLCI carrying this connection to the Frame Relay switch. Indicates how NCP watchdog requests will be handled. Defines, in minutes, how long the RADIUS server responds to NCP watchdog packets. Allows you to define an alias for IPX routers requiring numbered interfaces. Defines the number to dial. Indicates whether IP routing is allowed for the user s file entry. 10

RADIUS s Comprehensive List of Vendor-Proprietary RADIUS Attribute s 229 230 231 232 233 Route-IPX Bridge Send-Auth Send-Passwd Link-Compression Allows you to enable IPX routing. Defines the protocol to use (PAP or CHAP) for username-password authentication following CLID authentication. Enables the RADIUS server to specify the password that is sent to the remote end of a connection on outgoing calls. Defines whether to turn on or turn off stac compression over a PPP link. Link compression is defined as a numeric value as follows: 0: None 1: Stac 2: Stac-Draft-9 3: MS-Stac 234 235 236 237 238 239 240 241 Target-Util Maximum-Channels Inc-Channel-Count Dec-Channel-Count Seconds-of-History History-Weigh-Type Add-Seconds Remove-Seconds Specifies the load-threshold percentage value for bringing up an additional channel when PPP multilink is defined. Specifies allowed/allocatable maximum number of channels. 11

Comprehensive List of Vendor-Proprietary RADIUS Attribute s RADIUS s 242 243 244 245 246 247 248 249 250 251 252 253 254 255 Data-Filter Call-Filter Idle-Limit Preempt-Limit Callback Data-Svc Force-56 Billing Call-By-Call Transit- Host-Info PPP-Address MPP-Idle-Percent Xmit-Rate Defines per-user IP data filters. These filters are retrieved only when a call is placed using a RADIUS outgoing profile or answered using a RADIUS incoming profile. Filter entries are applied on a first-match basis; therefore, the order in which filter entries are entered is important. Defines per-user IP data filters. On a Cisco router, this attribute is identical to the Data-Filter attribute. Specifies the maximum time (in seconds) that any session can be idle. When the session reaches the idle time limit, its connection is dropped. Allows you to enable or disable callback. Determines whether the network access server uses only the 56 K portion of a channel, even when all 64 K appear to be Indicates the IP address reported to the calling unit during PPP IPCP negotiations. 12

RADIUS s Feature Information for RADIUS s For more information on vendor-propritary RADIUS attributes, refer to the section Configuring Router for Vendor-Proprietary RADIUS Server Communication in the chapter Configuring RADIUS. Feature Information for RADIUS s The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature. Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required. Table 2: Feature Information for RADIUS s Feature Name RADIUS Vendor-Proprietary Attributes Releases 12.2(1)XE Feature Information The IETF draft standard for RADIUS specifies a method for communicating vendor-proprietary information between the network access server and the RADIUS server. However, some vendors have extended the RADIUS attribute set for specific applications. This document provides Cisco IOS support information for these vendor-proprietary RADIUS attrubutes. In 12.2(1) XE, this feature was introduced. 13

Feature Information for RADIUS s RADIUS s 14

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback