Juniper Networks VSAs Supported by the AAA Service Framework
Table 1 describes Juniper Networks VSAs supported by the Junos OS AAA Service Framework. The AAA Service Framework uses vendor ID 4874, which is assigned to Juniper Networks by the Internet Assigned Numbers Authority (IANA).
 | Note: A “Yes” entry in the Dynamic CoA Support column indicates that the attribute can be dynamically configured by Access-Accept messages and dynamically modified by CoA-Request messages. |
Table 1: Supported Juniper Networks VSAs
Attribute Number | Attribute Name | Description | Value | Dynamic CoA |
|---|---|---|---|---|
26-1 | Virtual-Router | Client logical system:routing instance name. Allowed only from AAA server for “default” logical system:routing instance. When this VSA is not included in the subscriber profile, the routing instance assigned to the subscriber—the one in which the subscriber session comes up—varies by subscriber type. For DHCP and PPPoE subscribers, it is the default routing instance. For L2TP tunnel subscribers, it is the routing instance in which the tunnel resides, whether default or non-default. If the tunnel routing instance is not default and you want the L2TP session to be in the default routing instance, you must use the Virtual-Router VSA to set the desired routing instance. | string: logical system:routing instance | No |
26-4 | Primary-DNS | Client DNS address negotiated during IPCP. | integer: 4-byte primary-dns-address | No |
26-5 | Secondary-DNS | Client DNS address negotiated during IPCP | integer: 4-byte secondary-dns-address | No |
26-6 | Primary-WINS | Client WINS (NBNS) address negotiated during IPCP. | integer: 4-byte primary-wins-address | No |
26-7 | Secondary-WINS | Client WINS (NBNS) address negotiated during IPCP. | integer: 4-byte secondary-wins-address | No |
26-8 | Tunnel-Virtual-Router | Virtual router name for tunnel connection. | string: tunnel-virtual-router | No |
26-9 | Tunnel-Password | Tunnel password in cleartext. Do not use both this VSA and the standard RADIUS attribute Tunnel-Password [69]. The standard attribute is recommended because the password is encrypted when that attribute is used. | string: tunnel-password | No |
26-10 | Ingress-Policy-Name | Input policy name to apply to client interface. | string: input-policy-name | Yes |
26-11 | Egress-Policy-Name | Output policy name to apply to client interface. | string: output-policy-name | Yes |
26-23 | IGMP-Enable | Whether IGMP is enabled or disabled on a client interface. | integer:
| Yes |
26-25 | Redirect-VRouter-Name | Client logical system:routing instance name indicating to which logical system:routing instance the request is redirected for user authentication. | string: logical-system:routing-instance | No |
26-33 | Tunnel-Max-Sessions | Maximum number of sessions allowed in a tunnel. | integer: 4-octet | No |
26-34 | Framed-IP-Route-Tag | Route tag to apply to returned framed-ip-address. | integer: 4-octet | No |
26-42 | Input-Gigapackets | Number of times the input-packets attribute rolls over its 4-octet field. | Integer | No |
26-43 | Output-Gigapackets | Number of times the output-packets attribute rolls over its 4-octet field. | Integer | No |
26-47 | Ipv6-Primary-DNS | Client primary IPv6 DNS address negotiated by DHCP. | hexadecimal string: ipv6-primary-dns-address | No |
26-48 | Ipv6-Secondary-DNS | Client secondary IPv6 DNS address negotiated by DHCP. | hexadecimal string: ipv6-secondary-dns-address | No |
26-55 | DHCP-Options | Client DHCP options. | string: dhcp-options | No |
26-56 | DHCP-MAC-Address | Client MAC address. | string: mac-address | No |
26-57 | DHCP-GI-Address | DHCP relay agent IP address. | integer: 4-octet | No |
26-58 | LI-Action | Traffic mirroring action. For dynamic CoA, VSA 26-58 changes the action on the mirrored traffic identified by VSA 26–59. | Salt-encrypted integer 0=stop mirroring 1=start mirroring 2=no action | Yes |
26-59 | Med-Dev-Handle | Identifier that associates mirrored traffic to a specific subscriber. For dynamic CoA, VSA 26-58 changes the action on the mirrored traffic identified by VSA 26–59. | Salt-encrypted string | Yes |
26-60 | Med-Ip-Address | IP address of content destination device to which mirrored traffic is forwarded. | Salt-encrypted IP address | No |
26-61 | Med-Port-Number | UDP port in the content destination device to which mirrored traffic is forwarded. | Salt-encrypted integer | No |
26-63 | Interface-Desc | Text string that identifies the subscriber’s access interface. | string: interface-description | No |
26-64 | Tunnel-Group | Name of the tunnel group (profile) assigned to a domain map. | string: tunnel-group-name | No |
26-65 | Activate-Service | Service to activate for the subscriber. Tagged VSA, which supports 8 tags (1-8). | string: service-name | Yes |
26-66 | Deactivate-Service | Service to deactivate for the subscriber. | string: service-name | No |
26-69 | Service-Statistics | Whether statistics for the service is enabled or disabled. Tagged VSA, which supports 8 tags (1-8). |
| Yes |
26-71 | IGMP-Access-Name | Access list to use for the group (G) filter. | string: 32-octet | Yes |
26-72 | IGMP-Access-Src-Name | Access list to use for the source-group (S,G) filter. | string: 32-octet | Yes |
26-74 | MLD-Access-Name | Access list to use for the group (G) filter. | string: 32-octet | Yes |
26-75 | MLD-Access-Src-Name | Access list to use for the source-group (S,G) filter. | string: 32-octet | Yes |
26-77 | MLD-Version | MLD protocol version. | integer: 1-octet
| Yes |
26-78 | IGMP-Version | IGMP protocol version. | integer: 1-octet
| Yes |
26-83 | Service-Session | Name of the service. | string: service-name | No |
26–84 | Mobile-IP-Algorithm | Authentication algorithm used for Mobile IP registration. | integer: 4-octet | No |
26–85 | Mobile-IP-SPI | Security parameter index number for Mobile IP registration. | integer: 4-octet | No |
26–86 | Mobile-IP-Key | Security association MD5 key for Mobile IP registration. | string: key | No |
26–87 | Mobile-IP-Replay | Replay timestamp for Mobile IP registration. | integer: 4-octet | No |
26–89 | Mobile-IP-Lifetime | Registration lifetime for Mobile IP registration. | integer: 4-octet | No |
26–92 | L2C-Up-Stream-Data | Actual upstream rate access loop parameter (ASCII encoded) as defined in GSMP extensions for layer2 control (L2C) Topology Discovery and Line Configuration. | string: actual upstream rate access loop parameter (ASCII encoded) | |
26–93 | L2C-Down-Stream-Data | Actual downstream rate access loop parameter (ASCII encoded) as defined in GSMP extensions for layer2 control (L2C) Topology Discovery and Line Configuration. | string: actual downstream rate access loop parameter (ASCII encoded) | |
26-97 | IGMP-Immediate-Leave | IGMP Immediate Leave. | integer: 4-octet
| Yes |
26-100 | MLD-Immediate-Leave | MLD Immediate Leave. | integer: 4-octet
| Yes |
26-106 | IPv6-Ingress-Policy-Name | Input policy name to apply to a user IPv6 interface. | string: policy-name | Yes |
26-107 | IPv6-Egress-Policy-Name | Output policy name to apply to a user IPv6 interface. | string: policy-name | Yes |
26-108 | CoS-Traffic-Control- | CoS traffic-shaping parameter type and description:
| Two parts, delimited by white space:
Examples:
| Yes |
26-109 | DHCP-Guided-Relay-Server | IP address of DHCP server that DHCP relay agent uses to forward the discover PDUs. | integer: 4-byte ip-address | No |
26–110 | Acc-Loop-Cir-Id | Identification of the subscriber node connection to the access node. | string: up to 63 ASCII characters | |
26–111 | Acc-Aggr-Cir-Id-Bin | Unique identification of the DSL line. | integer: 8-octet | |
26–112 | Acc-Aggr-Cir-Id-Asc | Identification of the uplink on the access node, as in the following examples:
| string: up to 63 ASCII characters | |
26–113 | Act-Data-Rate-Up | Actual upstream data rate of the subscriber’s synchronized DSL link. | integer: 4-octet | |
26–114 | Act-Data-Rate-Dn | Actual downstream data rate of the subscriber’s synchronized DSL link. | integer: 4-octet | |
26–115 | Min-Data-Rate-Up | Minimum upstream data rate configured for the subscriber. | integer: 4-octet | |
26–116 | Min-Data-Rate-Dn | Minimum downstream data rate configured for the subscriber. | integer: 4-octet | |
26–117 | Att-Data-Rate-Up | Maximum upstream data rate that the subscriber can attain. | integer: 4-octet | |
26–118 | Att-Data-Rate-Dn | Maximum downstream data rate that the subscriber can attain. | integer: 4-octet | |
26–119 | Max-Data-Rate-Up | Maximum upstream data rate configured for the subscriber. | integer: 4-octet | |
26–120 | Max-Data-Rate-Dn | Maximum downstream data rate configured for the subscriber. | integer: 4-octet | |
26–121 | Min-LP-Data-Rate-Up | Minimum upstream data rate in low power state configured for the subscriber. | integer: 4-octet | |
26–122 | Min-LP-Data-Rate-Dn | Minimum downstream data rate in low power state configured for the subscriber. | integer: 4-octet | |
26–123 | Max-Interlv-Delay-Up | Maximum one-way upstream interleaving delay configured for the subscriber. | integer: 4-octet | |
26–124 | Act-Interlv-Delay-Up | Subscriber’s actual one-way upstream interleaving delay.. | integer: 4-octet | |
26–125 | Max-Interlv-Delay-Dn | Maximum one-way downstream interleaving delay configured for the subscriber. | integer: 4-octet | |
26–126 | Act-Interlv-Delay-Dn | Subscriber’s actual one-way downstream interleaving delay. | integer: 4-octet | |
26–127 | DSL-Line-State | State of the DSL line. | integer: 4-octet
| |
26–128 | DSL-Type | Encapsulation used by the subscriber associated with the DSLAM interface from which requests are initiated. | ||
26-130 | Qos-Set-Name | Interface set to apply to the dynamic profile. | string: interface-set-name | No |
26-140 | Service-Interim-Acct-Interval | Amount of time between interim accounting updates for this service. Tagged VSA, which supports 8 tags (1-8). |
Note: Values are rounded up to the next higher multiple of 10 minutes. For example, a setting of 900 seconds (15 minutes) is rounded up to 20 minutes (1200 seconds). | Yes |
26–141 | Downstream-Calculated- | Calculated (adjusted) downstream QoS rate in Kbps as set by the ANCP configuration. | range = 1000 through 4,294,967,295 | |
26–142 | Upstream-Calculated- | Calculated (adjusted) upstream QoS rate in Kbps as set by the ANCP configuration. | range = 1000 through 4,294,967,295 | |
26-143 | Max-Clients-Per-Interface | Maximum allowable client sessions per interface. For DHCP clients, this value is the maximum sessions per logical interface. For PPPoE clients, this value is the maximum sessions (PPPoE interfaces) per PPPoE underlying interface. | integer: 4-octet | No |
26-146 | CoS-Scheduler-Pmt-Type | CoS scheduler parameter type and description:
| Three parts, delimited by white space:
Examples:
| Yes |
26-151 | IPv6-Acct-Input-Octets | IPv6 receive octets. | integer | No |
26-152 | IPv6-Acct-Output-Octets | IPv6 transmit octets. | integer | No |
26-153 | IPv6-Acct-Input-Packets | IPv6 receive packets. | integer | No |
26-154 | IPv6-Acct-Output-Packets | IPv6 transmit packets. | integer | No |
26-155 | IPv6-Acct-Input-Gigawords | IPv6 receive gigawords. | integer | No |
26-156 | IPv6-Acct-Output-Gigawords | IPv6 transmit gigawords. | integer | No |
26-158 | PPPoE-Padn | Route add for PPPoE sessions | string | No |
26-161 | IPv6-Delegated-Pool-Name | Address pool used to locally allocate a delegated prefix (IA_PD). | string | No |
