attributes (RADIUS Attributes)
Syntax
attributes { exclude { attribute-name packet-type; standard-attribute number { packet-type [ access-request | accounting-off | accounting-on | accounting-start | accounting-stop ]; } vendor-id id-number { vendor-attribute vsa-number { packet-type [ access-request | accounting-off | accounting-on | accounting-start | accounting-stop ]; } } } ignore { dynamic-iflset-name; framed-ip-netmask; idle-timeout; input-filter; logical-system-routing-instance; output-filter; session-timeout; standard-attribute number; vendor-id id-number { vendor-attribute vsa-number; } } }
Hierarchy Level
[edit access profile profile-name radius]
Description
Specify how the router or switch processes RADIUS attributes.
Options
exclude | Configure the router
or switch to exclude the specified attributes from being sent in the
specified type of RADIUS message. Exclusion can be useful, for example,
for attributes that do not change values over the lifetime of a subscriber.
By not sending these attributes, you reduce the packet size without
losing information. Contrast this behavior with that provided by the The options for this statement are explained separately. Click the linked statement for details. |
ignore | Configure the
router or switch to ignore the specified attributes in RADIUS Access-Accept
messages. Standard attributes and VSAs received in RADIUS messages
take precedence over internally provisioned attribute values. Ignoring
the attributes enables your internally provisioned values to be used
instead. Contrast this behavior with that provided by the Starting in Junos OS Release 18.1R1, you can specify RADIUS standard attributes with the attribute number. You can specify vendor-specific attributes (VSAs) with the IANA-assigned vendor ID and the VSA number. With this flexible configuration method, you can configure any standard attribute and VSA supported by your platform to be ignored. The configuration has no effect if you can configure unsupported attributes, vendors, and VSAs. The legacy method allows you to configure only those attributes and VSAs for which the statement syntax includes a specific option. Consequently, you can use the legacy method to ignore only a subset of all attributes that can be received in Access-Accept messages.
|
The remaining statements are explained separately. Search for a statement in CLI Explorer or click a linked statement in the Syntax section for details.
Required Privilege Level
admin—To view this statement in the configuration.
admin-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 9.1.