Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

attributes (RADIUS Attributes)

Syntax

Hierarchy Level

Description

Specify how the router or switch processes RADIUS attributes.

Options

exclude

Configure the router or switch to exclude the specified attributes from being sent in the specified type of RADIUS message. Exclusion can be useful, for example, for attributes that do not change values over the lifetime of a subscriber. By not sending these attributes, you reduce the packet size without losing information. Contrast this behavior with that provided by the ignore statement.

The options for this statement are explained separately. Click the linked statement for details.

ignore

Configure the router or switch to ignore the specified attributes in RADIUS Access-Accept messages. Standard attributes and VSAs received in RADIUS messages take precedence over internally provisioned attribute values. Ignoring the attributes enables your internally provisioned values to be used instead. Contrast this behavior with that provided by the exclude statement.

Starting in Junos OS Release 18.1R1, you can specify RADIUS standard attributes with the attribute number. You can specify vendor-specific attributes (VSAs) with the IANA-assigned vendor ID and the VSA number. With this flexible configuration method, you can configure any standard attribute and VSA supported by your platform to be ignored. The configuration has no effect if you can configure unsupported attributes, vendors, and VSAs.

The legacy method allows you to configure only those attributes and VSAs for which the statement syntax includes a specific option. Consequently, you can use the legacy method to ignore only a subset of all attributes that can be received in Access-Accept messages.

  • Values:

    • dynamic-iflset-name—Ignore Juniper Networks VSA 26-130, Qos-Set-Name.

    • framed-ip-netmask—Ignore RADIUS attribute 9, Framed-IP-Netmask.

    • idle-timeout—Ignore RADIUS attribute 28, Idle-Timeout.

    • input-filter—Ignore Juniper Networks VSA 26-10, Ingress-Policy-Name.

    • logical-system-routing-instance—Ignore Juniper Networks VSA 26-1.

    • output-filter—Ignore Juniper Networks VSA 26-11, Egress-Policy-Name.

    • session-timeout—Ignore RADIUS attribute 27, Session-Timeout.

    • standard-attribute number—RADIUS standard attribute number supported by your platform. You can enclose multiple values in square brackets to specify a list of attributes. If you configure an unsupported attribute, that configuration has no effect. Range: 1 through 255.

    • vendor-attribute vsa-number—Number identifying a VSA belonging to the specified vendor; both must be supported by your platform. You can enclose multiple values in square brackets to specify a list of VSAs. If you configure an unsupported VSA, that configuration has no effect. Range: 1 through 255.

    • vendor-id id-number—IANA vendor ID supported by your platform. If you configure an unsupported vendor ID, that configuration has no effect. Range: 1 through 16777215.

The remaining statements are explained separately. Search for a statement in CLI Explorer or click a linked statement in the Syntax section for details.

Required Privilege Level

admin—To view this statement in the configuration.

admin-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 9.1.