thus, the newly created attribute is accepted if the user accepts attribute 26.

Similar documents
RADIUS Attributes. RADIUS IETF Attributes

thus, the newly created attribute is accepted if the user accepts attribute 26.

RADIUS Vendor-Specific Attributes and RADIUS Disconnect-Cause Attribute Values

RADIUS Vendor-Specific Attributes (VSA) and RADIUS Disconnect-Cause Attribute Values

RADIUS Attributes Overview and RADIUS IETF Attributes

RADIUS Attributes Overview and RADIUS IETF Attributes

RADIUS Attributes. In This Appendix. RADIUS Attributes Overview. IETF Attributes Versus VSAs

RADIUS Attribute 66 Tunnel-Client-Endpoint Enhancements

Configuring RADIUS. Finding Feature Information. Prerequisites for RADIUS

RADIUS Tunnel Attribute Extensions

Configuring RADIUS Servers

DIAMETER Attributes. BNG DIAMETER Gx Application AVPs

Configuring RADIUS. Finding Feature Information. Prerequisites for RADIUS. Last Updated: November 2, 2012

RADIUS Attributes Configuration Guide

Configuring Client-Initiated Dial-In VPDN Tunneling

Implementing ADSL and Deploying Dial Access for IPv6

HP VSR1000 Virtual Services Router

Vendor-Proprietary Attribute

Configuring NAS-Initiated Dial-In VPDN Tunneling

RADIUS Logical Line ID

virtual-template virtual-template template-number no virtual-template Syntax Description

Configuring Security for the ML-Series Card

RADIUS Vendor-Proprietary Attributes

Per VRF AAA. Finding Feature Information. Last Updated: January 18, 2012

RADIUS Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 920 Series)

RADIUS Configuration Guide Cisco IOS XE Release 2

Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Command Reference, Release 4.2.x

Configuring RADIUS and TACACS+ Servers

VPDN Tunnel Management

RADIUS Configuration Guide, Cisco IOS XE Everest (Cisco ASR 900 Series)

Broadband Access Aggregation and DSL Configuration Guide, Cisco IOS XE Release 3S

RADIUS Configuration. Overview. Introduction to RADIUS. Client/Server Model

HPE FlexNetwork MSR Router Series

Configuring Authentication, Authorization, and Accounting Functions

Configuring the Managed IPv6 Layer 2 Tunnel Protocol Network Server

Operation Manual AAA RADIUS HWTACACS H3C S5500-EI Series Ethernet Switches. Table of Contents

AAA Support for IPv6

Configuring Security on the GGSN

HP MSR Router Series. Layer 2 - WAN Access Configuration Guide(V7)

Configuring the Physical Subscriber Line for RADIUS Access and Accounting

RADIUS Attributes Configuration Guide, Cisco IOS Release 15S

RADIUS Commands. Cisco IOS Security Command Reference SR

HP MSR Router Series. Layer 2 - WAN Access Configuration Guide(V7)

DHCP Server RADIUS Proxy

QoS: Classification, Policing, and Marking on LAC Configuration Guide, Cisco IOS Release 12.4T

RADIUS Attributes Configuration Guide, Cisco IOS Release 12.2SX

RADIUS Tunnel Preference for Load Balancing

QoS: Per-Session Shaping and Queuing on LNS

Broadband Access Aggregation and DSL Configuration Guide, Cisco IOS XE Release 3S (ASR 1000)

Cisco IOS VPDN Command Reference

Network Working Group Request for Comments: D. Mitton RSA, Security Division of EMC B. Aboba Microsoft Corporation January 2008

Encrypted Vendor-Specific Attributes

Configuring Virtual Private Networks

L2TP Configuration. L2TP Overview. Introduction. Typical L2TP Networking Application

Remote Access MPLS-VPNs

IP Router Command Reference

PPPoE Service Selection

aaa max-sessions maximum-number-of-sessions The default value for aaa max-sessions command is platform dependent. Release 15.0(1)M.

Configuring the Managed IPv6 Layer 2 Tunnel Protocol Network Server

L2TP Network Server. LNS Service Operation

Broadband Access Aggregation and DSL Configuration Guide, Cisco IOS XE Fuji 16.8.x

Broadband Access Aggregation and DSL Configuration Guide, Cisco IOS XE Fuji 16.7.x

Finding Feature Information

TACACS+ Attribute-Value Pairs

Configuring the Physical Subscriber Line for RADIUS Access and Accounting

HWTACACS Technology White Paper

Configuring the DHCP Server On-Demand Address Pool Manager

Configuring TACACS+ Information About TACACS+ Send document comments to CHAPTER

IPv4 and IPv6 Commands

Lawful Intercept Architecture

Configuring RADIUS. Information About RADIUS. RADIUS Network Environments. Send document comments to

Authentication, Authorization, and Accounting Configuration Guide, Cisco IOS Release 15M&T

Diameter NASREQ Application. Status of this Memo. This document is an Internet-Draft and is subject to all provisions of Section 10 of RFC2026.

PPPoE Session Limit per NAS Port

Configuring the DHCP Server On-Demand Address Pool Manager

L2TP Access Concentrator

isco Cisco PPPoE Baseline Architecture for the Cisco UAC

ppp accounting through quit

Virtual Private Networks (VPNs)

Configuring Basic AAA on an Access Server

Broadband Scalability and Performance

The MSCHAP Version 2 feature (introduced in Cisco IOS Release 12.2(2)XB5) allows Cisco routers to

Cisco PPPoE Baseline Architecture for the Cisco UAC 6400

Network Working Group Request for Comments: 2059 Category: Informational January 1997

Cisco Nexus 1000V for KVM Security Configuration Guide, Release 5.x

Configuring Additional VPDN Features

Symbols & Numerics I N D E X

TACACS Attribute-Value Pairs

management server password through sessions throttle

Dynamic Domain Name Server Updates

show aaa servers sg show aaa servers sg sg-name Syntax Description

Cisco recommends that you have knowledge of End-to-End Layer 1 connectivity is User Priority (UP).

WiFi Command Reference

RADIUS Tunnel Preference for Load Balancing and Fail-Over

Configuring IKEv2 Packet of Disconnect

Configuring PPP Callback

Configuring Modem Transport Support for VoIP

Configuring Accounting

Operation Manual User Access. Table of Contents

Per-Session QoS. Finding Feature Information

Transcription:

Remote Authentication Dial-In User Service (RADIUS) attributes are used to define specific authentication, authorization, and accounting (AAA) elements in a user profile, which is stored on the RADIUS daemon. This appendix describes the following types of RADIUS attributes supported in Broadband Network Gateway (BNG): RADIUS IETF Attributes, page RADIUS Vendor-Specific Attributes, page 4 RADIUS ADSL Attributes, page 9 RADIUS ASCEND Attributes, page 0 RADIUS Microsoft Attributes, page 0 RADIUS Disconnect-Cause Attributes, page RADIUS IETF Attributes IETF Attributes Versus VSAs RADIUS Internet Engineering Task Force (IETF) attributes are the original set of 255 standard attributes that are used to communicate AAA information between a client and a server. Because IETF attributes are standard, the attribute data is predefined and well known; thus all clients and servers who exchange AAA information via IETF attributes must agree on attribute data such as the exact meaning of the attributes and the general bounds of the values for each attribute. RADIUS vendor-specific attributes (VSAs) derived from one IETF attribute-vendor-specific (attribute 26). Attribute 26 allows a vendor to create an additional 255 attributes however they wish. That is, a vendor can create an attribute that does not match the data of any IETF attribute and encapsulate it behind attribute 26; thus, the newly created attribute is accepted if the user accepts attribute 26. Table : Supported RADIUS IETF Attributes Acct-Authentic 45 Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03

RADIUS IETF Attributes Acct-Delay-Time Acct-Input-Giga-Words Acct-Input-Octets Acct-Input-Packets Acct-Interim-Interval Acct-Link-Count Acct-Output-Giga-Words Acct-Output-Octets Acct-Output-Packets Acct-Session-Time Acct-Status- Acct-Terminate-Cause CHAP-Challenge CHAP-Password Dynamic-Author-Error-Cause Event-Timestamp Filter-Id Framed-Protocol Framed-IP-Address Framed-Route login-ip-addr-host Multilink-Session-ID Nas-Identifier NAS-IP-Address NAS-Port Reply-Message Service- Tunnel-Assignment-Id Tunnel-Packets-Lost X-Ascend-Client-Primary-DNS X-Ascend-Client-Secondary-DNS "" 4 52 42 47 85 5 53 43 48 46 40 49 40 3 0 55 7 8 22 4 50 32 4 5 8 6 32 86 35 36 Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x 2 OL-28375-03

IETF Tagged Attributes on LAC NAS-IPv6-Address Delegated-IPv6-Prefix Stateful-IPv6-Address-Pool Framed-IPv6-Prefix Framed-Interface-Id Framed-IPv6-Pool Framed-IPv6-Route login-ip-addr-host 95 23 23 97 96 00 99 98 IETF Tagged Attributes on LAC The IETF Tagged Attributes support on L2TP Access Concentrator (LAC) provides a means of grouping tunnel attributes referring to the same tunnel in an Access-Accept packet sent from the RADIUS server to the LAC. The Access-Accept packet can contain multiple instances of same RADIUS attributes, but with different tags. The tagged attributes support ensures that all attributes pertaining to a given tunnel contain the same value in their respective tag fields, and that each set includes an appropriately-valued instance of the Tunnel-Preference attribute. This conforms to the tunnel attributes that are to be used in a multi-vendor network environment, thereby eliminating interoperability issues among Network Access Servers (NASs) manufactured by different vendors. For details of for Tunnel Protocol Support, refer RFC 2868. These examples describe the format of IETF Tagged Attributes: Tunnel- = :0:L2TP, Tunnel-Medium- = :0:IP, Tunnel-Server-Endpoint = :0:"...", Tunnel-Assignment-Id = :0:"", Tunnel-Preference = :0:, Tunnel-Password = :0:"hello" A tag value of 0 is used in the above example in the format of :0:, to group those attributes in the same packet that refer to the same tunnel. Similar examples are: Tunnel- = ::L2TP, Tunnel-Medium- = ::IP, Tunnel-Server-Endpoint = ::"2.2.2.2", Tunnel-Assignment-Id = ::"", Tunnel-Preference = ::, Tunnel-Password = ::"hello" Tunnel- = :2:L2TP, Tunnel-Medium- = :2:IP, Tunnel-Server-Endpoint = :2:"3.3.3.3", Tunnel-Assignment-Id = :2:"", Tunnel-Preference = :2:2, Tunnel-Password = :2:"hello" Tunnel- = :3:L2TP, Tunnel-Medium- = :3:IP, Tunnel-Server-Endpoint = :3:"4.4.4.4", Tunnel-Assignment-Id = :3:"", Tunnel-Preference = :3:2, Tunnel-Password = :3:"hello" Tunnel- = :4:L2TP, Tunnel-Medium- = :4:IP, Tunnel-Server-Endpoint = :4:"5.5.5.5", Tunnel-Assignment-Id = :4:"", Tunnel-Preference = :4:3, Tunnel-Password = :4:"hello" Tunnel- = :5:L2TP, Tunnel-Medium- = :5:IP, Tunnel-Server-Endpoint = :5:"6.6.6.6", Tunnel-Assignment-Id = :5:"", Tunnel-Preference = :5:3, Tunnel-Password = :5:"hello" Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03 3

RADIUS Vendor-Specific Attributes Table 2: Supported IETF Tagged Attributes IETF Tagged Attribute Tunnel- Tunnel-Medium- Tunnel-Client-Endpoint Tunnel-Server-Endpoint Tunnel-Password Tunnel-Assignment-ID Tunnel-Preference Tunnel-Client-Auth-ID Tunnel-Server-Auth-ID 64 65 66 67 69 82 83 90 9 RADIUS Vendor-Specific Attributes The Internet Engineering Task Force (IETF) draft standard specifies a method for communicating vendor-specific information between the network access server and the RADIUS server by using the vendor-specific attribute (attribute 26). Attribute 26 encapsulates vendor specific attributes, thereby, allowing vendors to support their own extended attributes otherwise not suitable for general use. The Cisco RADIUS implementation supports one vendor-specific option using the format recommended in the specification. Cisco's vendor-id is 9, and the supported option has vendor-type, which is named "cisco-avpair." The value is a of this format: protocol : attribute sep value * "Protocol" is a value of the Cisco "protocol" attribute for a particular type of authorization; protocols that can be used include IP, IPX, VPDN, VOIP, SHELL, RSVP, SIP, AIRNET, OUTBOUND. "Attribute" and "value" are an appropriate attribute-value (AV) pair defined in the Cisco TACACS+ specification, and "sep" is "=" for mandatory attributes and "*" for optional attributes. This allows the full set of features available for TACACS+ authorization to also be used for RADIUS. For example, the following AV pair causes Cisco's "multiple named ip address pools" feature to be activated during IP authorization (during PPP's IPCP address assignment): cisco-avpair= "ip:addr-pool=first" If you insert an "*", the AV pair "ip:addr-pool=first" becomes optional. Note that any AV pair can be made optional. IETF Attribute 26 (Vendor-Specific) encapsulates vendor specific attributes, thereby, allowing vendors to support their own extended attributes otherwise not suitable for general use. cisco-avpair= "ip:addr-pool*first" The following example shows how to cause a user logging in from a network access server to have immediate access to EXEC commands: cisco-avpair= "shell:priv-lvl=5" Attribute 26 contains these three elements: Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x 4 OL-28375-03

RADIUS Vendor-Specific Attributes Length String (also known as data) Vendor-ID Vendor- Vendor-Length Vendor-Data Note It is up to the vendor to specify the format of their VSA. The Attribute-Specific field (also known as Vendor-Data) is dependent on the vendor's definition of that attribute. Table 3: Supported Cisco Vendor-Specific Present in AAA message type access-loop-encapsulation, accounting-list, CoA, acct-input-gigawords-ipv4 acct-input-octets-ipv4 acct-input-packets-ipv4 acct-input-gigawords-ipv6 acct-input-octets-ipv6 acct-input-packets-ipv6 acct-output-gigawords-ipv4 acct-output-octets-ipv4 acct-output-packets-ipv4 acct-output-gigawords-ipv6 acct-output-octets-ipv6 acct-output-packets-ipv6 acct-policy-in Access-request acct-policy-map Access-request acct-policy-out Access-request Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03 5

RADIUS Vendor-Specific Attributes Present in AAA message type actual-data-rate-downstream, actual-data-rate-upstream, actual-interleaving-delay-downstream, actual-interleaving-delay-upstream, addr-pool Note This is for IPv4 subscriber. addrv6, attainable-data-rate-downstream, attainable-data-rate-upstream, circuit-id-tag, cisco-nas-port 2, client-mac-address, command CoA connect-progress connect-rx-speed, connect-tx-speed, delegated-ipv6-pool dhcp-client-id dhcp-vendor-class dhcpv6-class disc-cause-ext disconnect-cause Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x 6 OL-28375-03

RADIUS Vendor-Specific Attributes Present in AAA message type idle-timeout, CoA if-handle inacl intercept-id ip-addresses ipv4-unnumbered Note This AVPair is preferred for BNG in Cisco IOS XR Software, and it is equivalent to the ip-unnumbered AVPair in Cisco IOS Software. ipv6_inacl, CoA ipv6_outacl, CoA ipv6-addr-pool ipv6-dns-servers-addr ipv6-enable ipv6-mtu ipv6-strict-rpf ipv6-unreachable l2tp-tunnel-password login-ip-host maximum-interleaving-delay-downstream maximum-interleaving-delay-upstream maximum-data-rate-downstream maximum-data-rate-upstream md-dscp md-ip-addr ipaddr md-port minimum-data-rate-downstream Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03 7

RADIUS Vendor-Specific Attributes Present in AAA message type minimum-data-rate-downstream-low-power minimum-data-rate-upstream minimum-data-rate-upstream-low-power outacl parent-if-handle parent-session-id pppoe_session_id primary-dns ipaddr qos-policy-in, CoA qos-policy-out, CoA redirect-vrf remote-id-tag sa, CoA sd RADIUS CoA secondary-dns ipaddr service-name Stateful-IPv6-Address-Pool sub-pbr-policy-in, CoA sub-qos-policy-in sub-qos-policy-out Tunnel-Client-endpoint ipaddr, tunnel-id tunnel-medium-type Tunnel-Server-endpoint ipaddr, tunnel-tos-reflect tunnel-tos-setting Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x 8 OL-28375-03

Vendor-Specific Attributes for Account Operations Present in AAA message type tunnel-type username vpdn-template vpn-id vpn-vrf vrf-id, wins-server ipaddr Vendor-Specific Attributes for Account Operations Table 4: Supported Vendor-Specific Attributes for Account Operations RADIUS AVP Action subscriber:command=account-logon account logon subscriber:command=account-logoff account logoff subscriber:command=account-update account update subscriber:sa=<service-name> service activate subscriber:sd=<service-name> service de-activate RADIUS ADSL Attributes Table 5: Supported RADIUS ADSL Attributes Access-Loop-Encapsulation Actual-Interleaving-Delay-Downstream Actual-Interleaving-Delay-Upstream Actual-Data-Rate-Downstream Actual-Data-Rate-Upstream Attainable-Data-Rate-Downstream 44 42 40 30 29 34 Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03 9

RADIUS ASCEND Attributes Attainable-Data-Rate-Upstream Agent-Circuit-Id IWF-Session Maximum-Interleaving-Delay-Downstream Maximum-Interleaving-Delay-Upstream Maximum-Data-Rate-Downstream Maximum-Data-Rate-Upstream Minimum-Data-Rate-Downstream Minimum-Data-Rate-Downstream-Low-Power Minimum-Data-Rate-Upstream Minimum-Data-Rate-Upstream-Low-Power Agent-Remote-Id boolean social 33 254 4 39 36 35 32 38 3 37 2 RADIUS ASCEND Attributes Table 6: Supported RADIUS Ascend Attributes Ascend-Client-Primary-DNS Ascend-Client-Secondary-DNS Ascend-Connection-Progress Ascend-Disconnect-Cause Ascend-Multilink-Session-ID Ascend-Num-In-Multilink 35 36 96 95 87 88 RADIUS Microsoft Attributes Table 7: Supported RADIUS Microsoft Attributes MS-st-NBNS-Server 30 Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x 0 OL-28375-03

RADIUS Disconnect-Cause Attributes MS-2nd-NBNS-Server MS-CHAP-ERROR MS-Primary-DNS MS-Secondary-DNS 3 2 28 29 RADIUS Disconnect-Cause Attributes Disconnect-cause attribute values specify the reason a connection was taken offline. The attribute values are sent in Accounting request packets. These values are sent at the end of a session, even if the session fails to be authenticated. If the session is not authenticated, the attribute can cause stop records to be generated without first generating start records. lists the cause codes, values, and descriptions for the Disconnect-Cause (95) attribute. Note The Disconnect-Cause is incremented by 000 when it is used in RADIUS AVPairs; for example, disc-cause 4 becomes 004. Table 8: Supported Disconnect-Cause Attributes Cause Code 0 2 3 4 9 0 No-Reason No-Disconnect Unknown Call-Disconnect CLID-Authentication-Failure No-Modem-Available No-Carrier Lost-Carrier Description No reason is given for the disconnect. The event was not disconnected. Reason unknown. The call has been disconnected. Failure to authenticate number of the calling-party. A modem in not available to connect the call. No carrier detected. Note Codes 0,, and 2 can be sent if there is a disconnection during initial modem connection. Loss of carrier. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03

RADIUS Disconnect-Cause Attributes Cause Code 2 20 2 22 23 24 25 26 27 28 29 30 3 32 33 40 4 42 43 44 No-Detected-Result-Codes User-Ends-Session Idle-Timeout Exit-Telnet-Session No-Remote-IP-Addr Exit-Raw-TCP Password-Fail Raw-TCP-Disabled Control-C-Detected EXEC-Process-Destroyed Close-Virtual-Connection End-Virtual-Connection Exit-Rlogin Invalid-Rlogin-Option Insufficient-Resources Timeout-PPP-LCP Failed-PPP-LCP-Negotiation Failed-PPP-PAP-Auth-Fail Failed-PPP-CHAP-Auth Failed-PPP-Remote-Auth Description Failure to detect modem result codes. User terminates a session. Note Codes 20, 22, 23, 24, 25, 26, 27, and 28 apply to EXEC sessions. Timeout waiting for user input. Note Codes 2, 00, 0, 02, and 20 apply to all session types. Disconnect due to exiting Telnet session. Could not switch to SLIP/PPP; the remote end has no IP address. Disconnect due to exiting raw TCP. Bad passwords. Raw TCP disabled. Control-C detected. EXEC process destroyed. User closes a virtual connection. Virtual connected has ended. User exists Rlogin. Invalid Rlogin option selected. Insufficient resources. PPP LCP negotiation timed out. Note Codes 40 through 49 apply to PPP sessions. PPP LCP negotiation failed. PPP PAP authentication failed. PPP CHAP authentication failed. PPP remote authentication failed. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x 2 OL-28375-03

RADIUS Disconnect-Cause Attributes Cause Code 45 46 47 48 49 50 5 52 53 54 60 6 62 63 64 65 66 67 00 0 02 20 PPP-Remote-Terminate PPP-Closed-Event NCP-Closed-PPP MP-Error-PPP PPP-Maximum-Channels Tables-Full Resources-Full Invalid-IP-Address Bad-Hostname Bad-Port Reset-TCP TCP-Connection-Refused Timeout-TCP Foreign-Host-Close-TCP TCP-Network-Unreachable TCP-Host-Unreachable TCP-Network-Admin Unreachable TCP-Port-Unreachable Session-Timeout Session-Failed-Security Session-End-Callback Invalid-Protocol Description PPP received a Terminate Request from remote end. Upper layer requested that the session be closed. PPP session closed because there were no NCPs open. PPP session closed because of an MP error. PPP session closed because maximum channels were reached. Disconnect due to full terminal server tables. Disconnect due to full internal resources. IP address is not valid for Telnet host. Hostname cannot be validated. Port number is invalid or missing. TCP connection has been reset. Note Codes 60 through 67 apply to Telnet or raw TCP sessions. TCP connection has been refused by the host. TCP connection has timed out. TCP connection has been closed. TCP network is unreachable. TCP host is unreachable. TCP network is unreachable for administrative reasons. TCP port in unreachable. Session timed out. Session failed for security reasons. Session terminated due to callback. Call refused because the detected protocol is disabled. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03 3

RADIUS Disconnect-Cause Attributes Cause Code 50 5 52 60 70 80 85 90 95 600 60 602 603 RADIUS-Disconnect Local-Admin-Disconnect SNMP-Disconnect V0-Retries PPP-Authentication-Timeout Local-Hangup Remote-Hangup T-Quiesced Call-Duration VPN-User-Disconnect VPN-Carrier-Loss VPN-No-Resources VPN-Bad-Control-Packet Description Disconnected by RADIUS request. Administrative disconnect. Disconnected by SNMP request. Allowed V.0 retries have been exceeded. PPP authentication timed out. Disconnected by local hangup. Disconnected by remote end hangup. Disconnected because T line was quiesced. Disconnected because the maximum duration of the call was exceeded. Call disconnected by client (through PPP). Code is sent if the LNS receives a PPP terminate request from the client. Loss of carrier. This can be the result of a physical line going dead. Code is sent when a client is unable to dial out using a dialer. No resources available to handle the call. Code is sent when the client is unable to allocate memory (running low on memory). Bad L2TP or L2F control packets. This code is sent when an invalid control packet, such as missing mandatory Attribute- pairs (AVP), from the peer is received. When using L2TP, the code will be sent after six retransmits; when using L2F, the number of retransmits is user configurable. Note VPN-Tunnel-Shut will be sent if there are active sessions in the tunnel. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x 4 OL-28375-03

RADIUS Disconnect-Cause Attributes Cause Code 604 605 606 607 608 VPN-Admin-Disconnect VPN-Tunnel-Shut VPN-Local-Disconnect VPN-Session-Limit VPN-Call-Redirect Description Administrative disconnect. This can be the result of a VPN soft shutdown, which is when a client reaches maximum session limit or exceeds maximum hopcount. Code is sent when a tunnel is brought down by issuing the clear vpdn tunnel command. Tunnel teardown or tunnel setup has failed. Code is sent when there are active sessions in a tunnel and the tunnel goes down. Note This code is not sent when tunnel authentication fails. Call is disconnected by LNS PPP module. Code is sent when the LNS sends a PPP terminate request to the client. It indicates a normal PPP disconnection initiated by the LNS. VPN soft shutdown is enabled. Code is sent when a call has been refused due to any of the soft shutdown restrictions previously mentioned. VPN call redirect is enabled. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03 5

RADIUS Disconnect-Cause Attributes Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x 6 OL-28375-03

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback