Related Documentation
- M, MX Series
- Configuring Router or Switch Interaction with RADIUS Servers
- Configuring Authentication and Accounting Parameters for Subscriber Access
- Specifying RADIUS Authentication and Accounting Servers for Subscriber Access
- Configuring RADIUS Server Options for Subscriber Access
- Example: Configuring RADIUS-Based Subscriber Authentication and Accounting
Configuring How RADIUS Attributes Are Used for Subscriber Access
You can specify the attributes RADIUS ignores in RADIUS Access-Accept messages, and the attributes RADIUS excludes from specified message types.
To configure the attributes RADIUS ignores or excludes:
- Specify that you want to configure RADIUS.[edit access profile isp-bos-metro-fiber-basic]user@host# edit radius
- Specify that you want to configure how RADIUS attributes
are ignored or excluded.[edit access profile isp-bos-metro-fiber-basic radius]user@host# edit attributes
- Specify the attributes you want RADIUS to ignore when
the attributes are in Access-Accept messages. See Table 1 for the attributes you can
configure.[edit access profile isp-bos-metro-fiber-basic radius attributes]user@host# set ignore input-filter output-filter
- Configure RADIUS to exclude the specified attribute from
the specified RADIUS message type. See Table 2 for the attributes and message
type combinations you can configure. [edit access profile isp-bos-metro-fiber-basic radius attributes]user@host# set exclude input-filter output-filter
You use the ignore statement to configure the router or switch to ignore a particular attribute in RADIUS Access-Accept messages. By default, the router or switch processes the attributes received from the external AAA server. Table 1 lists the attributes supported in the ignore statement.
Table 1: Attributes That Can Be Ignored in RADIUS Access-Accept Messages
CLI Entry | Attribute Name | Attribute Number |
|---|---|---|
dynamic-iflset-name | Interface-Set-Name | Juniper Networks VSA 26-130 |
framed-ip-netmask | Framed-Ip-Netmask | RADIUS attribute 9 |
input-filter | Ingress-Policy-Name | Juniper Networks VSA 26–10 |
logical-system:routing-instance | Virtual-Router | Juniper Networks VSA 26–1 |
output-filter | Egress-Policy-Name | Juniper Networks VSA 26–11 |
You use the exclude statement to configure the router or switch to exclude the specified attributes from the specified type of RADIUS message. Not all attributes appear in all types of RADIUS messages—the CLI indicates the RADIUS message type. By default, the router or switch includes the specified attributes in RADIUS Access-Request, Acct-On, Acct-Off, Acct-Start, and Acct-Stop messages. Table 2 lists the attributes and message types supported in the exclude statement.
Table 2: Attributes That Can Be Excluded from RADIUS Messages
CLI Entry | Attribute Name | Attribute Number | Supported Message Type |
|---|---|---|---|
accounting-authentic | Acct-Authentic | RADIUS attribute 45 | Accounting-On Accounting-Off |
accounting-delay-time | Acct-Delay-Time | RADIUS attribute 41 | Accounting-On Accounting-Off |
accounting-session-id | Acct-Session-Id | RADIUS attribute 44 | Access-Request Accounting-On Accounting-Off Accounting-Stop |
accounting-terminate-cause | Acct-Terminate-Cause | RADIUS attribute 49 | Accounting-Off |
called-station-id | Called-Station-Id | RADIUS attribute 30 | Access-Request Accounting-Start Accounting-Stop |
calling-station-id | Calling-Station-Id | RADIUS attribute 31 | Access-Request Accounting-Start Accounting-Stop |
class | Class | RADIUS attribute 25 | Accounting-Start Accounting-Stop |
cos-shaping-rate | Cos-Shaping-Rate | Juniper Networks VSA 26-177 | Accounting-Start Accounting-Stop |
delegated-ipv6-prefix | Delegated-IPv6-Prefix | RADIUS attribute 123 | Accounting-Start Accounting-Stop |
dhcp-gi-address | DHCP-GI-Address | Juniper Networks VSA 26–57 | Access-Request Accounting-Start Accounting-Stop |
dhcp-mac-address | DHCP-MAC-Address | Juniper Networks VSA 26–56 | Access-Request Accounting-Start Accounting-Stop |
dhcp-options | DHCP-Options | Juniper Networks VSA 26–55 | Access-Request Accounting-Start Accounting-Stop |
downstream-calculated-qos-rate | Downstream-Calculated-QoS-Rate | Juniper Networks VSA 26-141 | Access-Request Accounting-Start Accounting-Stop Interim-accounting |
dsl-forum-attributes | Not applicable | Excludes the DSL Forum VSA (IANA vendor ID 3561) | Access-Request Accounting-Start Accounting-Stop Interim-accounting |
dynamic-iflset-name | Qos-Set-Name | Juniper Networks VSA 26–130 | Accounting-Start Accounting-Stop |
event-timestamp | Event-Timestamp | RADIUS attribute 55 | Accounting-On Accounting-Off Accounting-Start Accounting-Stop |
filter-id | Filter-Id | RADIUS attribute 11 | Accounting-Start Accounting-Stop |
framed-ip-address | Framed-IP-Address | RADIUS attribute 8 | Accounting-Start Accounting-Stop |
framed-ip-netmask | Framed-IP-Netmask | RADIUS attribute 9 | Accounting-Start Accounting-Stop |
framed-ip-route | Framed-Route | RADIUS attribute 22 | Accounting-Start Accounting-Stop |
framed-ipv6-pool | Framed-IPv6-Pool | RADIUS attribute 100 | Accounting-Start Accounting-Stop |
framed-ipv6-prefix | Framed-IPv6-Prefix | RADIUS attribute 97 | Accounting-Start Accounting-Stop |
framed-ipv6-route | Framed-IPv6-Route | RADIUS attribute 99 | Accounting-Start Accounting-Stop |
framed-pool | Framed-Pool | RADIUS attribute 88 | Accounting-Start Accounting-Stop |
input-filter | Ingress-Policy-Name | Juniper Networks VSA 26–10 | Accounting-Start Accounting-Stop |
input-gigapackets | Acct-Input-Gigapackets | Juniper Networks VSA 26–42 | Accounting-Stop |
input-gigawords | Acct-Input-Gigawords | RADIUS attribute 52 | Accounting-Stop |
input-ipv6-gigawords | IPv6-Acct-Input-Gigawords | Juniper Networks VSA 26–155 | Accounting-Stop |
input-ipv6-octets | IPv6-Acct-Input-Octets | Juniper Networks VSA 26–151 | Accounting-Stop |
input-ipv6-packets | IPv6-Acct-Input-Packets | Juniper Networks VSA 26–153 | Accounting-Stop |
interface-description | Interface-Desc | Juniper Networks VSA 26–53 | Access-Request Accounting-Start Accounting-Stop |
nas-identifier | NAS-Identifier | RADIUS attribute 32 | Access-Request Accounting-on Accounting-off Accounting-Start Accounting-Stop |
nas-port | NAS-Port | RADIUS attribute 5 | Access-Request Accounting-Start Accounting-Stop |
nas-port-id | NAS-Port-Id | RADIUS attribute 87 | Access-Request Accounting-Start Accounting-Stop |
nas-port-type | NAS-Port-Type | RADIUS attribute 61 | Access-Request Accounting-Start Accounting-Stop |
output-filter | Egress-Policy-Name | Juniper Networks VSA 26–11 | Accounting-Start Accounting-Stop |
ouput-gigapackets | Acct-Output-Gigapackets | Juniper Networks VSA 26–43 | Accounting-Stop |
output-gigawords | Acct-Output-Gigawords | RADIUS attribute 53 | Accounting-Stop |
output-ipv6-gigawords | IPv6-Acct-Output-Gigawords | Juniper Networks VSA 26–156 | Accounting-Stop |
output-ipv6-octets | IPv6-Acct-Output-Octets | Juniper Networks VSA 26–152 | Accounting-Stop |
output-ipv6-packets | IPv6-Acct-Output-Packets | Juniper Networks VSA 26–154 | Accounting-Stop |
upstream-calculated-qos-rate | Upstream-Calculated-QoS-Rate | Juniper Networks VSA 26-142 | Access-Request Accounting-Start Accounting-Stop Interim-accounting |
Related Documentation
- M, MX Series
- Configuring Router or Switch Interaction with RADIUS Servers
- Configuring Authentication and Accounting Parameters for Subscriber Access
- Specifying RADIUS Authentication and Accounting Servers for Subscriber Access
- Configuring RADIUS Server Options for Subscriber Access
- Example: Configuring RADIUS-Based Subscriber Authentication and Accounting
Published: 2013-07-31
Related Documentation
- M, MX Series
- Configuring Router or Switch Interaction with RADIUS Servers
- Configuring Authentication and Accounting Parameters for Subscriber Access
- Specifying RADIUS Authentication and Accounting Servers for Subscriber Access
- Configuring RADIUS Server Options for Subscriber Access
- Example: Configuring RADIUS-Based Subscriber Authentication and Accounting
