Extended NAS-Port-Type and NAS-Port Support

Available Languages

Download Options

  • PDF     (283.0 KB)
    View with Adobe Reader on a variety of devices
Updated:March 15, 2005

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Extended NAS-Port-Type and NAS-Port Support

Table Of Contents

Extended NAS-Port-Type and NAS-Port Support

Contents

Prerequisites for Extended NAS-Port-Type and NAS-Port Support

Information About Extended NAS-Port-Type and NAS-Port Support

Extended NAS-Port-Type (RADIUS Attribute 61)

NAS-Port (RADIUS Attribute 5)

Relationship Between NAS-Port-Type (RADIUS Attribute 61) and NAS-Port (RADIUS Attribute 5)

NAS-Port-ID (RADIUS Attribute 87)

How to Configure Extended NAS-Port-Type and NAS-Port Support

Enabling Extended NAS-Port-Type Attribute and NAS-Port Attribute Support

Examples

Overriding Global NAS-Port-Type Configuration

Configuration Examples for Extended NAS-Port-Type and NAS-Port Support

Configuring Global Support for Extended NAS-Port-Type Attribute: Example

Configuring a Customized Format String and Port Type: Example

Additional References

Related Documents

Standards

MIBs

RFCs

Technical Assistance

Command Reference

radius attribute nas-port-type

radius-server attribute 61 extended

radius-server attribute nas-port format


Extended NAS-Port-Type and NAS-Port Support

First Published: March 20, 2006
Last Updated: March 20, 2006

RADIUS attributes are used to define specific authentication, authorization, and accounting (AAA) elements in a user profile. NAS-Port-Type (RADIUS IETF attribute 61) indicates the type of physical port the network access server (NAS) is using to authenticate the user. NAS-Port-ID (RADIUS IEFT attribute 87) contains a text string that identifies the NAS port that is authenticating the user.

The Extended NAS-Port-Type and NAS-Port Support feature allows you to better identify what service type is taking place on specific ports with non-RADIUS RFC supported types. Identifying traffic based on service type gives you flexibility to use your own coding mechanism to track users or to track shared resources, such as Ethernet or ATM interfaces.

Feature History for Extended NAS-Port-Type and NAS-Port Support

Release
Modification

12.3(7)XI1

This feature was introduced to support the Cisco 10000 series router.

12.2(28)SB

This feature was integrated into Cisco IOS Release 12.2(28)SB.


Finding Support Information for Platforms and Cisco IOS Software Images

Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.

Contents

Prerequisites for Extended NAS-Port-Type and NAS-Port Support

Information About Extended NAS-Port-Type and NAS-Port Support

How to Configure Extended NAS-Port-Type and NAS-Port Support

Configuration Examples for Extended NAS-Port-Type and NAS-Port Support

Additional References

Prerequisites for Extended NAS-Port-Type and NAS-Port Support

You must be running a Cisco IOS image that contains the AAA component.

AAA must be enabled and set up to use RADIUS.

Information About Extended NAS-Port-Type and NAS-Port Support

To use the Extended NAS-Port-Type and NAS-Port Support feature, you should understand:

Extended NAS-Port-Type (RADIUS Attribute 61)

NAS-Port (RADIUS Attribute 5)

NAS-Port-ID (RADIUS Attribute 87)

Extended NAS-Port-Type (RADIUS Attribute 61)

Prior to the attribute 61 extension, attribute 61 allowed you to identify virtual or Ethernet resources only. Now, by enabling the extended attribute 61 you can also do the following:

Track specific service port information for broadband environments.

Identify service port type sessions PPP over ATM (PPPoA), PPP over Ethernet (PPPoE) over Ethernet (PPPoEoE), PPPoE over ATM (PPPoEoA), PPPoE over VLAN (PPPoEoVLAN), and PPPoE over Q-in-Q (PPPoEoQinQ) with a corresponding RADIUS value, which allows you to identify physical NAS port types based on service types.

Benefits of Using the Extended NAS-Port-Type Attribute

The benefits of using the extended attribute 61 include:

Establishing your own coding scheme to track users on specific physical ports. For example, service providers may want to track customers using shared resources such as Ethernet or ATM interfaces that have virtual LANs (VLANs), stacked VLAN (Q-in-Q), or virtual circuits (VCs) connected to certain customers.

Allowing additional granularity for subinterfaces such as VLAN, Q-in-Q, VC, or VC ranges by overriding the attribute 61 value to be sent on any session that resides on the port. For example, this capability provides an extra level of detail for service providers in managing their end users and allows for further detail of different customer usage.

The value for the extended 61 attribute can be any number you choose. In particular, customizing your own value is useful when you need to distinguish among NAS port types based on the type of end client using a port. For example, if you want to track mobile clients behind a specific private virtual connection (PVC), you can define your own attribute 61 value for mobile clients.

The non-RFC compliant broadband service port types with their corresponding values that can be set with the extended attribute 61 are shown in Table 1.

Table 1 Service Port Types and Corresponding RADIUS Values

Service Port Type
RADIUS Value

PPPoA

30

PPPoEoA

31

PPPoEoE

32

PPPoEoVLAN

33

PPPoEoQinQ

34


NAS-Port (RADIUS Attribute 5)

NAS-Port (RADIUS attribute 5) indicates the physical NAS port number that is authenticating the user. A logical port can be represented by the virtual path identifier (VPI) and virtual channel identifier (VCI) for an ATM interface, or by the VLAN ID or Q-in-Q ID for an Ethernet interface.

Each platform and service may have different port information, which is relevant to its environment; therefore there is no unique way to populate this attribute. There are four service-specific non-configurable formats (a, b, c, and d) and one configurable format (e) that can be tailored to customer and platform needs.

Previously, format e allowed customization of only one global format for all call types on a device, which had limitations for devices that contained multiple services. With the extended attribute 5 support, you can now configure a custom format e string for any service type based on the value of attribute 61. When building the RADIUS access or accounting request, the encoding routine will apply the specific format e string defined for the session of the value of attribute 61.

Note Setting a specific format e string for the value of attribute 61 overrides the default global format e string.

Relationship Between NAS-Port-Type (RADIUS Attribute 61) and NAS-Port (RADIUS Attribute 5)

The radius-server attribute nas-port format command has been enhanced to support the custom format e string with the type nas-port-type keyword and option. The type keyword allows you to specify format strings to represent physical port types for any of the extended NAS-Port-Type values.

The relationship between the extended attribute 61 and extended attribute 5 support is that the format e string chosen by the encoding routine will depend on the value of attribute 61 for the session. If you use the extended attribute 61 values (values 30-34) and want to further customize the NAS port type, configure a different format string.

For example, you can specify the string "SSSSAAAAPPPPIIIIIIIICCCCCCCCCCCC" for type 30 (all PPPoA ports), and you can also specify string "SSSSAPPPVVVVVVVVVVVVVVVVVVVVVVVV" for type 33 (all PPPoAoVLAN ports). In this case, you can track VPI/VCI-specific information for a PPPoA user and VLAN-specific information for a PPPoEoVLAN user.

Note If you enable the extended attribute 61, format e with either type 5 (Virtual) or type 15 (Ethernet) will not function, as these types require an additional value to be set (the extended attribute 61 values 30—34).

NAS-Port-ID (RADIUS Attribute 87)

The NAS-Port-ID (RADIUS attribute 87) contains the character text string identifier of the NAS port that is authenticating the user. This text string typically matches the interface description found under the CLI configuration. This attribute was previously available under Cisco Vendor Specific Attribute (VSA) Cisco-NAS-Port and is now sent by default under IETF attribute 87.

How to Configure Extended NAS-Port-Type and NAS-Port Support

This section contains the following procedures that allow you to configure extended NAS-Port-Type attribute and NAS-Port attribute:

Enabling Extended NAS-Port-Type Attribute and NAS-Port Attribute Support

Overriding Global NAS-Port-Type Configuration

Enabling Extended NAS-Port-Type Attribute and NAS-Port Attribute Support

Use the following task to configure extended NAS-Port-Type attribute and NAS-Port attribute support.

SUMMARY STEPS

1. enable

2. configure terminal

3. radius-server attribute 61 extended

4. radius-server attribute nas-port format format [string]

5. radius-server attribute nas-port format format [string] [type nas-port-type]

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

radius-server attribute 61 extended

Example:

Router(config)# radius-server attribute 61 extended

Enables extended, non-RFC compliant attribute 61 values.

Identifies the broadband service port types such as, PPPoA, PPPoEoA, PPPoEoE, PPPoEoVLAN, and PPPoEoQinQ.

Sends the appropriate value to the AAA record.

Step 4 

radius-server attribute nas-port format format [string]

Example:

Router(config)# radius-server attribute nas-port format e SSSSAPPPUUUUUUUUUUUUUUUUUUUUUUUU

Configures a global attribute 61 session format e string that is used as the default session format.

This step does not customize a specific service port type value.

The format argument indicates the specific NAS port format.

The string argument represents all of a specific port type. The characters supported for format e, are shown in radius-server attribute nas-port format command.

Note If the global format is not set, format a is used by default.

Note Format e requires you to explicitly define the usage of the 32-bit attribute 5. The usage is defined with a given parser character for each NAS port field of interest for a given bit field.

Step 5 

radius-server attribute nas-port format format [string] [type nas-port-type]

Example:

Router(config)# radius-server attribute nas-port format e SSSSAAAAPPPPIIIIIIIICCCCCCCCCCCC type 30

Configures a specific service port type for extended attribute 61 support and

This step does customize a specific service port type value.

The format argument indicates the specific NAS port format.

The string argument represents all of a specific port type. The characters supported for format e are shown in radius-server attribute nas-port format command.

The type keyword allows you to specify different format strings to represent different physical port types.

The nas-port-type argument can be set to one of the extended attribute 61 values.

Note Format e requires you to explicitly define the usage of the 32 bit attribute 5. The usage is defined with a given parser character for each NAS port field of interest for a given bit field.

Examples

The following example displays the current configuration of RADIUS command output, where you have enabled extended attribute 61. You can use the delimiting characters to display only the relevant parts of the configuration. 

Router# show running-config | include radius


aaa authentication ppp default group radius

aaa authorization network default group radius

aaa accounting network default start-stop group radius

radius-server attribute 61 extended

radius-server attribute nas-port format e SSSSAPPPUUUUUUUUUUUUUUUUUUUUUUUU

radius-server attribute nas-port format e SSSSAPPPIIIIIIIICCCCCCCCCCCCCCCC type 30

radius-server attribute nas-port format e SSSSAPPPIIIIIIIICCCCCCCCCCCCCCCC type 31

radius-server attribute nas-port format e SSSSAAAAPPPPVVVVVVVVVVVVVVVVVVVV type 32

radius-server attribute nas-port format e SSSSAPPPVVVVVVVVVVVVVVVVVVVVVVVV type 33

radius-server attribute nas-port format e SSSSAPPPQQQQQQQQQQQQVVVVVVVVVVVV type 34

radius-server host 10.76.86.91 auth-port 1645 acct-port 1646

radius-server key rad123

.

.

.

The following example displays the current configuration of RADIUS command output, where you have globally specified the format e string for all PPPoA ports (type 30). 

Router# show running-config | include radius


aaa authentication ppp default group radius

aaa authorization network default group radius

aaa accounting network default start-stop group radius

radius-server attribute nas-port format e SSSSSSSSAAAAAAAAPPPPPPPPIIIIIIII

radius-server attribute nas-port format e SSSSAAAAPPPPIIIIIIIICCCCCCCCCCCC type 30

radius-server host 10.76.86.91 auth-port 1645 acct-port 1646

radius-server key rad123

.

.

.

Overriding Global NAS-Port-Type Configuration

You can override attribute 61 configured globally on the router at an interface or subinterface level.

Use the following task to override all global options on how the extended attribute 61 is sent to any subinterface such as Ethernet, VLAN, Q-in-Q, VC, or VC ranges.

SUMMARY STEPS

1. enable

2. configure terminal

3. interface atm interface-number [subinterface-number {mpls | multipoint | point-to-point}]

4. pvc [name] vpi/vci [ces | ilmi | qsaal | smds | l2transport]

5. radius attribute nas-port-type value

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

interface atm interface-number [subinterface-number {mpls|multipoint|point-to-point}]

Example:

Router(config)# interface atm 5/0/0.1

Enters ATM subinterface mode.

Step 4 

pvc [name] vpi/vci [ces|ilmi|qsaal|smds|l2transport]

Example:

Router(config-subif)# pvc 1/33

Enters PVC subinterface mode.

Step 5 

radius attribute nas-port-type value

Example:

Router(config-if-atm-vc)# radius attribute nas-port-type 7

To set a specific extended attribute 61 value for an interface or subinterface, select a value for a port type to override the NAS-Port type configured globally.

The range for value is 0-2147483647.

The value argument must be assigned a number 1-40 to set a customized extended NAS port type and configure a specific service port type.

Choosing a number outside of this range will force the default global NAS port format e string to be used to configure the NAS port value that is sent for that session.

You can set a specific service port type with the radius-server attribute nas-port format command.

Note This setting will override a global NAS port type session format.

Configuration Examples for Extended NAS-Port-Type and NAS-Port Support

This section provides the following extended NAS-Port-Type and NAS-Port Support configuration examples:

Configuring Global Support for Extended NAS-Port-Type Attribute: Example

Configuring a Customized Format String and Port Type: Example

Configuring Global Support for Extended NAS-Port-Type Attribute: Example

The following example shows how to configure global support for extended NAS port type ports and how to specify two separate format e strings globally for two different types of ports:

type 30 (which is PPPoA)

type 33 (which is PPPoEoVLAN) 

Router# configure terminal

Router(config)#

Router(config)# radius-server attribute 61 extended

Router(config)# radius-server attribute nas-port format e SSSSAPPPUUUUUUUUUUUUUUUUUUUUUUUU

Router(config)# radius-server attribute nas-port format e SSSSAPPPIIIIIIIICCCCCCCCCCCCCCCC 
type 30 

Router(config)#

Router(config)# radius-server attribute nas-port format e SSSSAPPPVVVVVVVVVVVVVVVVVVVVVVVV 
type 33

Router(config)#

Configuring a Customized Format String and Port Type: Example

The following example shows you first how to customize a format e string and port type for an ATM interface and then how to override the global value set for extended attribute 61 by applying the customer customized NAS port type value of 36 on the ATM interface: 

Router# configure terminal

Router(config)# radius-server attribute nas-port format e SSSSAPPPIIIIIIIICCCCCCCCCCCCCCCC 
type 36

Router(config)# interface atm 5/0/0.1

Router(config-subif)# pvc 1/33

Router(config-if-atm-vc)#

Router(config-if-atm-vc)# radius attribute nas-port-type 36

Additional References

The following sections provide references related to extended NAS-Port-Type and NAS-Port support.

Related Documents

Related Topic
Document Title

Cisco 10000 Series Router

Cisco 10000 Series Broadband Aggregation and Leased-Line Configuration Guide, Release 12.3XI, Chapter 17, "Extended NAS-Port-Type and NAS-Port Support"

RADIUS Attributes

RADIUS Attributes


Standards

Standards
Title

None


MIBs

MIBs
MIBs Link

None

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs


RFCs

RFCs
Title

None


Technical Assistance

Description
Link

The Cisco Technical Support & Documentation website contains thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.

http://www.cisco.com/techsupport


Command Reference

This section documents new and modified commands only.

New Commands

radius attribute nas-port-type

radius-server attribute 61 extended

Modified Commands

radius-server attribute nas-port format

radius attribute nas-port-type

To configure subinterfaces such as Ethernet, virtual LANs (VLAN), stacked VLAN (Q-in-Q), virtual circuit (VC), and VC ranges, use the radius attribute nas-port-type command subinterface configuration mode. To disable the interface or subinterface configuration, use the no form of this command.

radius attribute nas-port-type value

no radius attribute nas-port-type value

Syntax Description

value

Number assigned for a port type.

value must be assigned a number 1-40 to set a customized extended NAS-Port Type and configure a specific service port type.

Choosing a number outside of this range will force the default NAS port format e string to be used to configure the value for attribute 5 that is sent for that session.

You can set a specific service port type with the radius-server attribute nas-port format command.

Note This setting will override a global NAS-port-type session format.


Defaults

NAS-port-type is not configured.

Command Modes

Subinterface configuration

Command History

Release
Modification

12.3(7)XI

This command was introduced.

12.2(28)SB

This command was integrated into Cisco IOS Release 12.2(28)SB.


Usage Guidelines

You can override the attribute 61 configured globally at a subinterface level.

To set a different extended attribute 61 value for an interface or subinterface, such as for Ethernet, VLAN, Q-in-Q, VC, or VC ranges, select a value for that port type. An extended attribute 61 setting at an interface or subinterface level will override the global extended attribute 61 value.

Examples

The following example shows how to override the global value set for an extended attribute 61 by setting a separate value of type 30 (PPP over ATM [PPPoA]) on a specific ATM subinterface: 

Router# configure terminal

Router(config)#

Router(config)# interface atm 5/0/0.1

Router(config-subif)# pvc 1/33

Router(config-if-atm-vc)#

Router(config-if-atm-vc)# radius attribute nas-port-type 30

Related Commands

Command
Description

radius-server attribute 61 extended

Enables extended, non-RFC compliant RADIUS attribute 61 in global configuration mode.

radius-server attribute nas-port format

Enables selection of the NAS-Port format used for RADIUS accounting features and to restore the default NAS-Port format in global configuration mode.


radius-server attribute 61 extended

To enable extended, non-RFC compliant NAS-Port-Type attribute (RADIUS attribute 61), use the radius-server attribute 61 extended command in global configuration mode.

radius-server attribute 61 extended

no radius-server attribute 61 extended

Syntax Description

This command has no arguments or keywords.

Defaults

Extended attribute 61 is disabled by default.

Command Modes

Global configuration

Command History

Release
Modification

12.3(7)XI1

This command was introduced.

12.2(28)SB

This command was integrated into Cisco IOS Release 12.2(28)SB.


Usage Guidelines

If extended attribute 61 is not enabled the following occurs:

All PPP over ATM (PPPoA), PPP over Ethernet (PPPoE) over Ethernet (PPPoEoE), PPPoE over ATM (PPPoEoA) sessions are identified as Virtual.

All PPPoE over VLAN (PPPoEoVLAN) and PPPoE over Q-in-Q (PPPoEoQinQ) sessions are identified as VLAN.

RFC-compliant values, such as Virtual (value 5) and Ethernet (value 15) are sent to the authentication, authorization, and accounting (AAA) records.

Examples

The following example shows how to configure global support for extended attribute 61 ports and how to specify different format e strings globally for two different types of ports:

Type 30 (which is PPPoA)

Type 33 (which is PPPoEoVLAN) 

Router# configure terminal

Router(config)#

Router(config)# radius-server attribute 61 extended

Router(config)# radius-server attribute nas-port format e SSSSAPPPUUUUUUUUUUUUUUUUUUUUUUUU

Router(config)# radius-server attribute nas-port format e SSSSAPPPIIIIIIIICCCCCCCCCCCCCCCC 
type 30 

Router(config)#

Router(config)# radius-server attribute nas-port format e SSSSAPPPVVVVVVVVVVVVVVVVVVVVVVVV 
type 33

Router(config)#

Related Commands

Command
Description

radius attribute nas-port-type

Configures interfaces and subinterfaces such as Ethernet, VLAN, Q-in-Q, VC and VC ranges in global configuration mode.

radius-server attribute nas-port format

Enables selection of the NAS-Port format used for RADIUS accounting features and to restore the default NAS-Port format in global configuration mode.


radius-server attribute nas-port format

To select the NAS-Port format used for RADIUS accounting features and restore the default NAS-port format, or to set the global attribute 61 session format e string or configure a specific service port type for attribute 61 support, use the radius-server attribute nas-port format command in global configuration mode. To stop sending attribute 5 to the RADIUS server, use the no form of this command.

NAS-Port for RADIUS Accounting Features and Restoring Default NAS-Port Format

radius-server attribute nas-port format format

no radius-server attribute nas-port format format

Extended NAS-Port Support

radius-server attribute nas-port format format [string] [type nas-port-type]

no radius-server attribute nas-port format format [string] [type nas-port-type]

Syntax Description

format

NAS-Port format. Possible values for the format argument are as follows:

a - Standard NAS-Port format

b - Extended NAS-Port format

c - Carrier-based format

d - PPPoX (PPP over Ethernet or PPP over ATM) extended NAS-Port format

e - Configurable NAS-Port format

string

(Optional) Represents all of a specific port type for format e.

type nas-port-type

(Optional) Allows you to globally specify different format strings to represent specific physical port types.

You may set one of the extended NAS-Port-Type attribute values:

Value 30 - PPP over ATM (PPPoA)

Value 31 - PPP over Ethernet (PPPoE) over ATM (PPPoEoA)

Value 32 - PPPoE over Ethernet (PPPoEoE )

Value 33 - PPPoE over VLAN (PPPoEoVLAN)

Value 34 - PPPoE over Q-in-Q (PPPoEoQinQ)


Defaults

NAS-Port for RADIUS Accounting Features and Restoring Default NAS-Port Format

Standard NAS-Port format

Extended NAS-Port Support

Standard NAS-Port format

Command Modes

Global configuration

Command History

Release
Modification

11.3(7)T

This command was introduced.

11.3(9)DB

The PPP extended NAS-Port format was added.

12.1(5)T

The PPP extended NAS-Port format was expanded to support PPPoE over ATM and PPPoE over IEEE 802.1Q VLANs.

12.2(4)T

Format e was introduced.

12.2(11)T

Format e was extended to support PPPoX information.

12.3(3)

Format e was extended to support Session ID U.

12.3(7)XI1

Format e was extended to allow the format string to be NAS-Port-Type attribute specific. The following keyword and arguments were added: string, type nas-port-type.

12.2(28)SB

This command was integrated into Cisco IOS Release 12.2(28)SB.


Usage Guidelines

The radius-server attribute nas-port format command configures RADIUS to change the size and format of the NAS-Port attribute field (RADIUS IETF attribute 5).

The following NAS-Port formats are supported:

Standard NAS-Port format—This 16-bit NAS-Port format indicates the type, port, and channel of the controlling interface. This is the default format used by Cisco IOS software.

Extended NAS-Port format—The standard NAS-Port attribute field is expanded to 32 bits. The upper 16 bits of the NAS-Port attribute display the type and number of the controlling interface; the lower 16 bits indicate the interface that is undergoing authentication.

Shelf-slot NAS-Port format—This 16-bit NAS-Port format supports expanded hardware models requiring shelf and slot entries.

PPP extended NAS-Port format—This NAS-Port format uses 32 bits to indicate the interface, virtual path identifier (VPI), and virtual channel indicator (VCI) for PPPoA and PPPoEoA, and the interface and VLAN ID for PPPoE over Institute of IEEE standard 802.1Q VLANs.

Format e

The currently supported formats a through c do not work with new Cisco platforms, such as the AS5400. For this reason, a configurable format e was developed. Format e requires you to explicitly define the usage of the 32 bits of attribute 25 (NAS-Port). The usage is defined with a given parser character for each NAS-Port field of interest for a given bit field. By configuring a single character in a row, such as x, only one bit is assigned to store that given value. Additional characters of the same type, such as x, will provide a larger available range of values to be stored. Thus, the ranges may be expanded as follows:

x

0 - 1

xx

0 - 3

xxx

0 - 7

xxxx

0 - F

xxxxx

0 - 1F


and so on.

It is imperative that one know what the valid range is for a given parameter on a platform that one wishes to support. The Cisco IOS RADIUS client will bitmask the determined value to the maximum permissible value on the basis of configuration. Thus, if one has a parameter that turns out to have a value of 8, but only 3 bits (xxx) are configures, 8 and 0x7 will give a result of 0. Therefore, one must always configure enough bits to correctly capture the value required. Care must be taken to ensure that format e is configured to properly work for all NAS port types within your network environment.

Zero

0 (always sets a 0 to that bit)

One

1 (always sets a 1 to that bit)

DS0 shelf

f

DS0 slot

s

DS0 adapter

a

DS0 port

p (physical port)

DS0 subinterface

i

DS0 channel

c

Async shelf

F

Async slot

S

Async port

P

Async line

L (modem line number, that is, physical terminal [TTY] number)

PPPoX slot

S

PPPoX adapter

A

PPPoX port 

P

PPPoX VLAN ID

V

PPPoX VPI

I

PPPoX VCI

C

Session ID

U


Currently supported parameters and their representative characters are shown below.

All 32 bits that represent the NAS-Port must be set to one of the above characters because this format makes no assumptions for empty fields.

Access Router

The DS0 port on a T1-based card and on a T3-based card will give different results. On T1-based cards, the physical port is equal to the virtual port (as these are the same). So, p and d will give the same information for a T1 card. However, on a T3 system, the port will give you the physical port number (as there can be more than one T3 card for a given platform). As such, d will give you the virtual T1 line (as per configuration on a T3 controller). On a T3 system, p and d will be different, and one should capture both to properly identify the physical device. As a working example for the Cisco AS5400, the following configuration is recommended: 

Router (config)# radius-server attribute nas-port format e 
SSSSPPPPPPPPPsssspppppdddddccccc

This will give one an asynchronous slot (0 - 16), asynchronous port (0 - 512), DS0 slot (0 - 16), DS0 physical port (0 - 32), DS0 virtual port (0 - 32), and channel (0 - 32). The parser has been implemented to explicitly require 32-bit support, or it will fail.

Finally, format e is supported for channel-associated signaling (CAS), Primary Rate Interface (PRI), and basic rate interface- (BRI-) based interfaces.

Note This command replaces the radius-server attribute nas-port extended command.

Extended NAS-Port-Type Attribute Support

This command allows you to configure a specific service port type for extended attribute 61 support which overrides the default global setting.

Examples

In the following example, a RADIUS server is identified, and the NAS-Port field is set to the PPP extended format: 

radius-server host 172.31.5.96 auth-port 1645 acct-port 1646

radius-server attribute nas-port format d

The following example shows how to configure global support for extended NAS-Port-Type ports and how to specify two separate format e strings globally for two different types of ports:

type 30 (which is PPPoA)

type 33 which is (PPPoEoVLAN) 

Router# configure terminal

Router(config)#

Router(config)# radius-server attribute 61 extended

Router(config)# radius-server attribute nas-port format e SSSSAPPPUUUUUUUUUUUUUUUUUUUUUUUU

Router(config)# radius-server attribute nas-port format e SSSSAPPPIIIIIIIICCCCCCCCCCCCCCCC 
type 30 

Router(config)#

Router(config)# radius-server attribute nas-port format e SSSSAPPPVVVVVVVVVVVVVVVVVVVVVVVV 
type 33

Router(config)#

Related Commands

Command
Description

radius attribute nas-port-type

Configures interfaces and subinterfaces such as Ethernet, VLAN, Q-in-Q, VC and VC ranges in global configuration mode.

radius-server attribute 61 extended

Enables extended, non-RFC compliant NAS-Port-Type attribute (RADIUS attribute 61) in global configuration mode.

vpdn aaa attribute

Enables the LNS to send PPP extended NAS-Port format values to the RADIUS server for accounting.


Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.

© 2006 Cisco Systems, Inc. All rights reserved

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products