[x]

Appendixes > Appendix C RADIUS subattributes (vendor ID 25506)

 

 Next

Appendix C RADIUS subattributes (vendor ID 25506)

Table 4 lists all RADIUS subattributes with a vendor ID of 25506. Support for these subattributes depends on the device model.

Table 4: RADIUS subattributes (vendor ID 25506)

No.

Subattribute

Description

1

Input-Peak-Rate

Peak rate in the direction from the user to the NAS, in bps.

2

Input-Average-Rate

Average rate in the direction from the user to the NAS, in bps.

3

Input-Basic-Rate

Basic rate in the direction from the user to the NAS, in bps.

4

Output-Peak-Rate

Peak rate in the direction from the NAS to the user, in bps.

5

Output-Average-Rate

Average rate in the direction from the NAS to the user, in bps.

6

Output-Basic-Rate

Basic rate in the direction from the NAS to the user, in bps.

15

Remanent_Volume

Total amount of data available for the connection, in different units for different server types.

17

ISP-ID

ISP domain where the user obtains authorization information.

20

Command

Operation for the session, used for session control. Possible values include:

  • 1—Trigger-Request.

  • 2—Terminate-Request.

  • 3—SetPolicy.

  • 4—Result.

  • 5—PortalClear.

25

Result_Code

Result of the Trigger-Request or SetPolicy operation, zero for success and any other value for failure.

26

Connect_ID

Index of the user connection.

27

PortalURL

PADM redirect URL assigned to PPPoE users.

28

Ftp_Directory

FTP, SFTP, or SCP user working directory.

When the RADIUS client acts as the FTP, SFTP, or SCP server, this attribute is used to set the working directory for an FTP, SFTP, or SCP user on the RADIUS client.

29

Exec_Privilege

EXEC user priority.

32

NAT-IP-Address

Public IP address assigned to the user when the source IP address and port are translated.

33

NAT-Start-Port

Start port number of the port range assigned to the user when the source IP address and port are translated.

34

NAT-End-Port

End port number of the port range assigned to the user when the source IP address and port are translated.

59

NAS_Startup_Timestamp

Startup time of the NAS in seconds, which is represented by the time elapsed after 00:00:00 on Jan. 1, 1970 (UTC).

60

Ip_Host_Addr

User IP address and MAC address included in authentication and accounting requests, in the format A.B.C.D hh:hh:hh:hh:hh:hh. A space is required between the IP address and the MAC address.

61

User_Notify

Information that must be sent from the server to the client transparently.

62

User_HeartBeat

Hash value assigned after an 802.1X user passes authentication, which is a 32-byte string. This attribute is stored in the user list on the NAS and verifies the handshake packets from the 802.1X user. This attribute only exists in Access-Accept and Accounting-Request packets.

98

Multicast_Receive_Group

IP address of the multicast group that the user's host joins as a receiver. This subattribute can appear multiple times in a multicast packet to indicate that the user belongs to multiple multicast groups.

100

IP6_Multicast_Receive_Group

IPv6 address of the multicast group that the user's host joins as a receiver. This subattribute can appear multiple times in a multicast packet to indicate that the user belongs to multiple multicast groups.

101

MLD-Access-Limit

Maximum number of MLD multicast groups that the user can join concurrently.

102

local-name

L2TP local tunnel name.

103

IGMP-Access-Limit

Maximum number of IGMP multicast groups that the user can join concurrently.

104

VPN-Instance

MPLS L3VPN instance to which a user belongs.

105

ANCP-Profile

ANCP profile name.

135

Client-Primary-DNS

IP address of the primary DNS server.

136

Client-Secondary-DNS

IP address of the secondary DNS server.

140

User_Group

User groups assigned after the SSL VPN user passes authentication. A user can belong to multiple user groups that are separated by semicolons. This attribute is used to work with the SSL VPN device.

144

Acct_IPv6_Input_Octets

Bytes of IPv6 packets in the inbound direction. The measurement unit depends on the configuration on the device.

145

Acct_IPv6_Output_Octets

Bytes of IPv6 packets in the outbound direction. The measurement unit depends on the configuration on the device.

146

Acct_IPv6_Input_Packets

Number of IPv6 packets in the inbound direction. The measurement unit depends on the configuration on the device.

147

Acct_IPv6_Output_Packets

Number of IPv6 packets in the outbound direction. The measurement unit depends on the configuration on the device.

148

Acct_IPv6_Input_Gigawords

Bytes of IPv6 packets in the inbound direction. The measurement unit is 4G bytes.

149

Acct_IPv6_Output_Gigawords

Bytes of IPv6 packets in the outbound direction. The measurement unit is 4G bytes.

155

User-Roles

List of space-separated user roles.

210

Av-Pair

User-defined attribute pair. Available attribute pairs include:

  • Server-assigned voice VLAN in the format of device-traffic-class=voice.

  • Server-assigned user role in the format of shell:role=xxx.

  • Server-assigned ACL in the format of url-redirect-acl=xxx.

  • Server-assigned Web redirect URL in the format of url-redirect=xxx.

  • Server-deployed command to reboot a port, in the format of subscriber:command=bounce-host-port.

  • Server-assigned port shutdown duration in the format of bounce:seconds=xxx.

  • Server-deployed command to shut down a port, in the format of subscriber:command=disable-host-port.

  • Server-assigned VSI in the format of vxlan:vsi-name=xxx.

  • VSI-based ACL resource assignment capability in the format of ACL:match-by-vsiindex=x. Value 1 of x indicates that this feature is supported, and the other values of x are reserved.

  • Server-assigned blackhole MAC address attribute in the format of mac:block-mac=xxx.

215

Accounting-Level

ITA traffic level in the range of 1 to 8.

216

Ita-Policy

ITA policy name.

230

NAS-Port-Name

Interface through which the user is connected to the NAS.

246

Auth_Detail_Result

Accounting details. The server sends Access-Accept packets with subattributes 246 and 250 in the following situations:

  • 1—The subscriber charge is overdue. The subscriber is allowed to access network resources in the whitelist. If the subscriber accesses other network resources, the device redirects it to the URL specified by subattribute 250.

  • 2—The broadband lease of the subscriber expires. The device redirects the subscriber to the URL specified by subattribute 250 when the subscriber requests to access webpages for the first time.

247

Input-Committed-Burst-Size

Committed burst size from the user to the NAS, in bits. The total length cannot exceed 4 bytes for this field.

This subattribute must be assigned together with the Input-Average-Rate attribute.

248

Output-Committed-Burst-Size

Committed burst size from the NAS to the user, in bits. The total length cannot exceed 4 bytes for this field.

This subattribute must be assigned together with the Output-Average-Rate attribute.

249

authentication-type

Authentication type. The value can be:

  • 1—Intranet access authentication.

  • 2—Internet access authentication.

If the packet does not contain this subattribute, common authentication applies.

250

WEB-URL

Redirect URL for users.

251

Subscriber-ID

Family plan ID.

252

Subscriber-Profile

QoS policy name for the family plan of the subscriber.

255

Product_ID

Product name.

prev

 

up

 next

Appendix B Descriptions for commonly used standard RADIUS attributes 

home

 802.1X overview

© Copyright 2017 Hewlett Packard Enterprise Development LP