Session Termination Causes and RADIUS Termination Cause Codes
Understanding Session Termination Causes and RADIUS Termination Cause Codes
When a RADIUS Acct-Stop message is issued as a result of the termination of a subscriber session or service session, the RADIUS Acct-Terminate-Cause attribute (49) reports the cause or reason for the termination. This attribute is included only in RADIUS Acct-Stop messages. The termination cause is conveyed as a code value in the attribute. RFC 2866, RADIUS Accounting, defines the standard mapping between 18 code values and termination causes.
Junos OS defines a set of internal termination cause codes that are mapped to the RFC-defined code values. Default mappings exist for AAA, DHCP, L2TP, PPP, and VLAN subscriber and service sessions. When a subscriber or service session is terminated, the router logs a message for the internal termination cause and logs another message for the RADIUS Acct-Terminate-Cause attribute.
You can use the logged information to help monitor and troubleshoot the events. For example, the AAA termination causes include session and service terminations as well as access denials. You might want to route the access failures to a team that monitors attempts to hack the network, the timeout failures to a AAA server team, and resource failures to a team that manages the routers.
Because there are many different Junos OS internal identifiers for termination causes and only 18 standard code values defined in the RFC, by default a given code value can map to multiple identifiers. Instead of using the default code values, you can optionally map any of the internally defined termination causes to any 32-bit number (1 through 4,294,967,295). The flexibility of customized mapping greatly increases the possibilities for fine-grained analytics and failure tracking.
A single mapping for RADIUS account termination is shared by all clients.
Table 1 lists the RFC-defined standard RADIUS Acct-Terminate-Cause codes and the corresponding causes.
Code Value |
Termination Cause |
Description |
|---|---|---|
1 |
User Request |
User initiated the disconnect (logout). |
2 |
Lost Carrier |
DCD was dropped on the port. |
3 |
Lost Service |
Service can no longer be provided; for example, the user’s connection to a host was interrupted. |
4 |
Idle Timeout |
Idle timer expired. |
5 |
Session Timeout |
Subscriber reached the maximum continuous time allowed for the service or session. |
6 |
Admin Reset |
System administrator reset the port or session. |
7 |
Admin Reboot |
System administrator terminated the session on the NAS; for example, prior to rebooting the NAS. |
8 |
Port Error |
NAS detected an error on the port that required ending the session. |
9 |
NAS Error |
NAS detected an error (other than on the port) that required ending the session. |
10 |
NAS Request |
NAS ended the session for a non-error reason. |
11 |
NAS Reboot |
NAS ended the session due to a non-administrative reboot. |
12 |
Port Unneeded |
NAS ended the session because the resource usage fell below the low threshold; for example, the bandwidth-on-demand algorithm determined that the port was no longer needed. |
13 |
Port Preempted |
NAS ended the session to allocate the port to a higher-priority use. |
14 |
Port Suspended |
NAS ended the session to suspend a virtual session. |
15 |
Service Unavailable |
NAS was unable to provide the requested service. |
16 |
Callback |
NAS is terminating the current session in order to perform callback for a new session. |
17 |
User Error |
Error in the user input caused the session to be terminated. |
18 |
Host Request |
Login host terminated the session normally. |
Benefits of Session and Service Termination Cause Codes
Termination cause codes mapped to Junos OS internal identifiers can help you monitor, analyze, and troubleshoot the events that resulted in termination of subscriber sessions or service sessions.
Customized mappings enable you to map internal termination cause identifiers for termination cause codes to a code value of your choosing for more fine-grained tracking and analysis of termination events.
Mapping Session Termination Causes to Custom Termination Cause Codes
By default, Junos OS uses the RFC-defined termination cause codes for the internal identifiers that identify the causes of session termination and that are reported in the RADIUS Acct-Terminate-Cause attribute (49). Internal identifiers are available for AAA, DHCP, L2TP, PPP, and VLAN subscriber and service session failures. When a subscriber or service session is terminated or denied, the router logs a message for the internal termination cause and logs another message for the RADIUS Acct-Terminate-Cause attribute. The Acct-Terminate-Cause attribute is included in RADIUS Acct-Stop messages. You can use the logged information to help monitor and troubleshoot terminated sessions.
You can optionally create customized mappings between any of the internal termination cause identifiers for the protocol and termination cause codes. You can specify any 32-bit value for the code, enabling you to track and analyze particular termination events at a more fine-grained level.
To configure customized mappings between a termination cause and a RADIUS cause code:
Use the show network-access
aaa terminate-code command to display the mapping
between AAA termination causes and cause code values.