Downloads |
 Feedback
|
Table Of Contents
RADIUS Vendor-Proprietary Attributes
Supported Vendor-Proprietary RADIUS Attributes
Comprehensive List of Vendor-Proprietary RADIUS Attribute Descriptions
Feature Information for RADIUS Vendor-Proprietary Attributes
RADIUS Vendor-Proprietary Attributes
First Published: May 15, 2001Last Updated: September 25, 2008
The IETF draft standard for RADIUS specifies a method for communicating vendor-proprietary information between the network access server and the RADIUS server. However, some vendors have extended the RADIUS attribute set for specific applications. This document provides Cisco IOS support information for these vendor-proprietary RADIUS attrubutes.
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "Feature Information for RADIUS Vendor-Proprietary Attributes" section.
Use Cisco Feature Navigator to find information about platform support and Cisco IOS and Catalyst OS software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Contents
•
Supported Vendor-Proprietary RADIUS Attributes
•
Supported Vendor-Proprietary RADIUS Attributes
Table 73 lists Cisco-supported vendor-proprietary RADIUS attributes and the Cisco IOS release in which they are implemented. In cases where the attribute has a security server-specific format, the format is specified. Refer to Table 74 for a list of descriptions.
Note
Comprehensive List of Vendor-Proprietary RADIUS Attribute Descriptions
Table 74 lists and describes the known vendor-proprietary RADIUS attributes:
Table 74 Vendor-Proprietary RADIUS Attributes
17
Change-Password
Specifies a request to change the password of a user.
21
Password-Expiration
Specifies an expiration date for a user's password in the user's file entry.
68
Tunnel-ID
(Ascend 5) Specifies the string assigned by RADIUS for each session using CLID or DNIS tunneling. When accounting is implemented, this value is used for accoutning.
108
My-Endpoint-Disc-Alias
(Ascend 5) No description available.
109
My-Name-Alias
(Ascend 5) No description available.
110
Remote-FW
(Ascend 5) No description available.
111
Multicast-GLeave-Delay
(Ascend 5) No description available.
112
CBCP-Enable
(Ascend 5) No description available.
113
CBCP-Mode
(Ascend 5) No description available.
114
CBCP-Delay
(Ascend 5) No description available.
115
CBCP-Trunk-Group
(Ascend 5) No description available.
116
Appletalk-Route
(Ascend 5) No description available.
117
Appletalk-Peer-Mode
(Ascend 5) No description available.
118
Route-Appletalk
(Ascend 5) No description available.
119
FCP-Parameter
(Ascend 5) No description available.
120
Modem-PortNo
(Ascend 5) No description available.
121
Modem-SlotNo
(Ascend 5) No description available.
122
Modem-ShelfNo
(Ascend 5) No description available.
123
Call-Attempt-Limit
(Ascend 5) No description available.
124
Call-Block-Duration
(Ascend 5) No description available.
125
Maximum-Call-Duration
(Ascend 5) No description available.
126
Router-Preference
(Ascend 5) No description available.
127
Tunneling-Protocol
(Ascend 5) No description available.
128
Shared-Profile-Enable
(Ascend 5) No description available.
129
Primary-Home-Agent
(Ascend 5) No description available.
130
Secondary-Home-Agent
(Ascend 5) No description available.
131
Dialout-Allowed
(Ascend 5) No description available.
133
BACP-Enable
(Ascend 5) No description available.
134
DHCP-Maximum-Leases
(Ascend 5) No description available.
135
Primary-DNS-Server
Identifies a primary DNS server that can be requested by Microsoft PPP clients from the network access server during IPCP negotiation.
136
Secondary-DNS-Server
Identifies a secondary DNS server that can be requested by Microsoft PPP clients from the network access server during IPCP negotiation.
137
Client-Assign-DNS
No description available.
138
User-Acct-Type
No description available.
139
User-Acct-Host
No description available.
140
User-Acct-Port
No description available.
141
User-Acct-Key
No description available.
142
User-Acct-Base
No description available.
143
User-Acct-Time
No description available.
144
Assign-IP-Client
No description available.
145
Assign-IP-Server
No description available.
146
Assign-IP-Global-Pool
No description available.
147
DHCP-Reply
No description available.
148
DHCP-Pool-Number
No description available.
149
Expect-Callback
No description available.
150
Event-Type
No description available.
151
Session-Svr-Key
No description available.
152
Multicast-Rate-Limit
No description available.
153
IF-Netmask
No description available.
154
Remote-Addr
No description available.
155
Multicast-Client
No description available.
156
FR-Circuit-Name
No description available.
157
FR-LinkUp
No description available.
158
FR-Nailed-Grp
No description available.
159
FR-Type
No description available.
160
FR-Link-Mgt
No description available.
161
FR-N391
No description available.
162
FR-DCE-N392
No description available.
163
FR-DTE-N392
No description available.
164
FR-DCE-N393
No description available.
165
FR-DTE-N393
No description available.
166
FR-T391
No description available.
167
FR-T392
No description available.
168
Bridge-Address
No description available.
169
TS-Idle-Limit
No description available.
170
TS-Idle-Mode
No description available.
171
DBA-Monitor
No description available.
172
Base-Channel-Count
No description available.
173
Minimum-Channels
No description available.
174
IPX-Route
No description available.
175
FT1-Caller
No description available.
176
Backup
No description available.
177
Call-Type
No description available.
178
Group
No description available.
179
FR-DLCI
No description available.
180
FR-Profile-Name
No description available.
181
Ara-PW
No description available.
182
IPX-Node-Addr
No description available.
183
Home-Agent-IP-Addr
Indicates the home agent's IP address (in dotted decimal format) when using Ascend Tunnel Management Protocol (ATMP).
184
Home-Agent-Password
With ATMP, specifies the password that the foreign agent uses to authenticate itself.
185
Home-Network-Name
With ATMP, indicates the name of the connection profile to which the home agent sends all packets.
186
Home-Agent-UDP-Port
Indicates the UDP port number the foreign agent uses to send ATMP messages to the home agent.
187
Multilink-ID
Reports the identification number of the multilink bundle when the session closes. This attribute applies to sessions that are part of a multilink bundle. The Multilink-ID attribute is sent in authentication-response packets.
188
Num-In-Multilink
Reports the number of sessions remaining in a multilink bundle when the session reported in an accounting-stop packet closes. This attribute applies to sessions that are part of a multilink bundle. The Num-In-Multilink attribute is sent in authentication-response packets and in some accounting-request packets.
189
First-Dest
Records the destination IP address of the first packet received after authentication.
190
Pre-Input-Octets
Records the number of input octets before authentication. The Pre-Input-Octets attribute is sent in accounting-stop records.
191
Pre-Output-Octets
Records the number of output octets before authentication. The Pre-Output-Octets attribute is sent in accounting-stop records.
192
Pre-Input-Packets
Records the number of input packets before authentication. The Pre-Input-Packets attribute is sent in accounting-stop records.
193
Pre-Output-Packets
Records the number of output packets before authentication. The Pre-Output-Packets attribute is sent in accounting-stop records.
194
Maximum-Time
Specifies the maximum length of time (in seconds) allowed for any session. After the session reaches the time limit, its connection is dropped.
195
Disconnect-Cause
Specifies the reason a connection was taken offline. The Disconnect-Cause attribute is sent in accounting-stop records. This attribute also causes stop records to be generated without first generating start records if disconnection occurs before authentication is performed. For more information, refer to the table of Disconnect-Cause Attribute Values and their meanings.
196
Connect-Progress
Indicates the connection state before the connection is disconnected.
197
Data-Rate
Specifies the average number of bits per second over the course of the connection's lifetime. The Data-Rate attribute is sent in accounting-stop records.
198
PreSession-Time
Specifies the length of time, in seconds, from when a call first connects to when it completes authentication. The PreSession-Time attribute is sent in accounting-stop records.
199
Token-Idle
Indicates the maximum amount of time (in minutes) a cached token can remain alive between authentications.
201
Require-Auth
Defines whether additional authentication is required for class that has been CLID authenticated.
202
Number-Sessions
Specifies the number of active sessions (per class) reported to the RADIUS accounting server.
203
Authen-Alias
Defines the RADIUS server's login name during PPP authentication.
204
Token-Expiry
Defines the lifetime of a cached token.
205
Menu-Selector
Defines a string to be used to cue a user to input data.
206
Menu-Item
Specifies a single menu-item for a user-profile. Up to 20 menu items can be assigned per profile.
207
PW-Warntime
(Ascend 5) No description available.
208
PW-Lifetime
Enables you to specify on a per-user basis the number of days that a password is valid.
209
IP-Direct
When you include this attribute in a user's file entry, a framed route is installed to the routing and bridging tables.
Note
These attribute limitations occur because the Cisco router cannot bypass all internal routing and bridging tables and send packets to a specified IP address.210
PPP-VJ-Slot-Comp
Instructs the Cisco router not to use slot compression when sending VJ-compressed packets over a PPP link.
211
PPP-VJ-1172
Instructs PPP to use the 0x0037 value for VJ compression.
212
PPP-Async-Map
Gives the Cisco router the asynchronous control character map for the PPP session. The specified control characters are passed through the PPP link as data and used by applications running over the link.
213
Third-Prompt
Defines a third prompt (after username and password) for additional user input.
214
Send-Secret
Enables an encrypted password to be used in place of a regular password in outdial profiles.
215
Receive-Secret
Enables an encrypted password to be verified by the RADIUS server.
216
IPX-Peer-Mode
(Ascend 5) No description available.
217
IP-Pool-Definition
Defines a pool of addresses using the following format: X a.b.c Z; where X is the pool index number, a.b.c is the pool's starting IP address, and Z is the number of IP addresses in the pool. For example, 3 10.0.0.1 5 allocates 10.0.0.1 through 10.0.0.5 for dynamic assignment.
218
Assign-IP-Pool
Tells the router to assign the user and IP address from the IP pool.
219
FR-Direct
Defines whether the connection profile operates in Frame Relay redirect mode.
220
FR-Direct-Profile
Defines the name of the Frame Relay profile carrying this connection to the Frame Relay switch.
221
FR-Direct-DLCI
Indicates the DLCI carrying this connection to the Frame Relay switch.
222
Handle-IPX
Indicates how NCP watchdog requests will be handled.
223
Netware-Timeout
Defines, in minutes, how long the RADIUS server responds to NCP watchdog packets.
224
IPX-Alias
Allows you to define an alias for IPX routers requiring numbered interfaces.
225
Metric
No description available.
226
PRI-Number-Type
No description available.
227
Dial-Number
Defines the number to dial.
228
Route-IP
Indicates whether IP routing is allowed for the user's file entry.
229
Route-IPX
Allows you to enable IPX routing.
230
Bridge
No description available.
231
Send-Auth
Defines the protocol to use (PAP or CHAP) for username-password authentication following CLID authentication.
232
Send-Passwd
Enables the RADIUS server to specify the password that is sent to the remote end of a connection on outgoing calls.
233
Link-Compression
Defines whether to turn on or turn off "stac" compression over a PPP link.
Link compression is defined as a numeric value as follows:
•
•
•
•
234
Target-Util
Specifies the load-threshold percentage value for bringing up an additional channel when PPP multilink is defined.
235
Maximum-Channels
Specifies allowed/allocatable maximum number of channels.
236
Inc-Channel-Count
No description available.
237
Dec-Channel-Count
No description available.
238
Seconds-of-History
No description available.
239
History-Weigh-Type
No description available.
240
Add-Seconds
No description available.
241
Remove-Seconds
No description available.
242
Data-Filter
Defines per-user IP data filters. These filters are retrieved only when a call is placed using a RADIUS outgoing profile or answered using a RADIUS incoming profile. Filter entries are applied on a first-match basis; therefore, the order in which filter entries are entered is important.
243
Call-Filter
Defines per-user IP data filters. On a Cisco router, this attribute is identical to the Data-Filter attribute.
244
Idle-Limit
Specifies the maximum time (in seconds) that any session can be idle. When the session reaches the idle time limit, its connection is dropped.
245
Preempt-Limit
No description available.
246
Callback
Allows you to enable or disable callback.
247
Data-Svc
No description available.
248
Force-56
Determines whether the network access server uses only the 56 K portion of a channel, even when all 64 K appear to be available.
249
Billing Number
No description available.
250
Call-By-Call
No description available.
251
Transit-Number
No description available.
252
Host-Info
No description available.
253
PPP-Address
Indicates the IP address reported to the calling unit during PPP IPCP negotiations.
254
MPP-Idle-Percent
No description available.
255
Xmit-Rate
(Ascend 5) No description available.
For more information on vendor-propritary RADIUS attributes, refer to the section "Configuring Router for Vendor-Proprietary RADIUS Server Communication" in the chapter "Configuring RADIUS."
Feature Information for RADIUS Vendor-Proprietary Attributes
Table 75 lists the release history for this feature.
Not all commands may be available in your Cisco IOS software release. For release information about a specific command, see the command reference documentation.
Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS and Catalyst OS software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Note
Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2001-2008 Cisco Systems, Inc. All rights reserved.
