RADIUS VC Logging

Available Languages

Download Options

PDF (244.1 KB)
View with Adobe Reader on a variety of devices

Updated:April 2, 2005

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

RADIUS VC Logging

Table Of Contents

RADIUS VC Logging

Contents

Feature Overview

Benefits

Restrictions

Supported Standards, MIBs, and RFCs

Configuration Tasks

Configuring the NME Interface IP Address on the NSP

Verifying the NME Interface IP Address

Configuring RADIUS VC Logging on the NRP

Verifying RADIUS VC Logging

Configuration Example

Command Reference

radius-server attribute nas-port format

Glossary

RADIUS VC Logging

Feature History for Radius VC Logging

Release

Modification

12.2(13)T

This feature was introduced.

12.2(7th)S

This feature was integrated into Cisco IOS Release 12.2(7th)S.

12.2(27)SBA

This feature was integrated into Cisco IOS release 12.2(27)SBA.

Contents

•Feature Overview

•Supported Standards, MIBs, and RFCs

•Configuration Tasks

•Configuration Example

•Command Reference

•Glossary

Feature Overview

RADIUS Virtual Circuit (VC) Logging allows the Cisco 6400 Universal Access Concentrator to accurately record the virtual path interface (VPI) and virtual circuit interface (VCI) of an incoming subscriber session.

With RADIUS VC Logging enabled, the RADIUS network access server (NAS) port field is extended and modified to carry VPI/VCI information. This information is logged in the RADIUS accounting record that was created at session startup.

Benefits

Accurate VPI/VCI Information

The VPI/VCI of an incoming permanent virtual circuit (PVC) is recorded at the point of entry on the Cisco 6400 node switch processor (NSP), offering the RADIUS client a unique VPI/VCI for each incoming PVC.

Restrictions

Both PPPoE and PPPoA support RADIUS VC Logging in Cisco IOS Release 12.1(1)DC and later. In earlier releases, only PPPoA supports RADIUS VC Logging.

To use the RADIUS VC Logging feature on the Cisco 6400 NRP and the Combined Network Management Ethernet (NME) Interface feature on the Cisco 6400 system, the Cisco 6400 NSP must be running Cisco IOS Release 12.1(3)DB or later. See CSCdr81919 for more information.

Supported Standards, MIBs, and RFCs

MIBs

None

RFCs

•RFC 2138, Remote Authentication Dial In User Service (RADIUS), April 1997

•RFC 2139, RADIUS Accounting, April 1997

Standards

None

Configuration Tasks

Perform the following tasks to configure RADIUS VC logging:

•Configuring the NME Interface IP Address on the NSP

•Verifying the NME Interface IP Address

•Configuring RADIUS VC Logging on the NRP

•Verifying RADIUS VC Logging

Configuring the NME Interface IP Address on the NSP

The NAS-IP-Address field in the RADIUS accounting packet contains the IP address of the Network Management Ethernet (NME) port on the NSP, even if the NME is shutdown.

On an NSP that is pre-loaded with the Cisco IOS Release 12.0(5)DB or newer software image, the combined NME interface is included in the default configuration. If your NRP does not use a DHCP server to obtain an IP address, you must configure a static IP address. To configure a static combined NME IP address, enter the following commands beginning in global configuration mode:
Command

Purpose
Switch(config)# interface BVI1
Selects the combined NME interface.
Switch(config-if)# ip address address subnet
Configures a static IP and subnetwork address.
Instead of the combined NME interface, you can choose to use the Ethernet port as a separate NME interface. To configure the NME IP address, enter the following commands beginning in global configuration mode:
Command

Purpose
Switch(config)# interface ethernet 0/0/0
Selects the NME interface.
Switch(config-if)# ip address address subnet
or
Switch(config-if)# ip address negotiated
Configures a static IP and subnetwork address.

Allows the interface to obtain an IP address, subnet mask, router address, and static routes from a DHCP server.
Note You must configure the NME IP address before configuring PVCs on the NRP. Otherwise the NAS-IP-Address field in the RADIUS accounting packet will contain an incorrect IP address.

Verifying the NME Interface IP Address

To verify the NME IP address, enter the show interface bvi1 or show interface e0/0/0 EXEC command on the NSP. Check the Internet address statement (indicated with an arrow).
Switch# show interface bvi1
BVI1 is up, line protocol is up 
  Hardware is BVI, address is 0010.7ba9.c783 (bia 0000.0000.0000)
Internet address is 10.1.1.33/16
  MTU 1500 bytes, BW 10000 Kbit, DLY 5000 usec, 
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  ARP type:ARPA, ARP Timeout 04:00:00
  Last input never, output never, output hang never
  Last clearing of "show interface" counters never
  Queueing strategy:fifo
  Output queue 0/0, 0 drops; input queue 0/75, 0 drops
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     1540 packets input, 302775 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     545 packets output, 35694 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 output buffer failures, 0 output buffers swapped out
Switch#
Configuring RADIUS VC Logging on the NRP

To enable RADIUS VC logging on the Cisco 6400 NRP, enter the following command in global configuration mode:
Command

Purpose
Router(config)# radius-server attribute nas-port format d
Selects the ATM VC extended format for the NAS port field.
Verifying RADIUS VC Logging

To verify RADIUS VC Logging on the RADIUS server, examine a RADIUS accounting packet. If RADIUS VC logging is enabled on the Cisco 6400, the RADIUS accounting packet will appear similar to the following example:
Wed Jun 16 13:57:31 1999
NAS-IP-Address = 192.168.100.192
NAS-Port = 268566560
NAS-Port-Type = Virtual
User-Name = "cisco"
Acct-Status-Type = Start
Service-Type = Framed
Acct-Session-Id = "1/0/0/2.32_00000009"
Framed-Protocol = PPP
Framed-IP-Address = 172.16.7.254
Acct-Delay-Time = 0
The NAS-Port line shows that RADIUS VC logging is enabled. If this line does not appear in the display, then RADIUS VC logging is not enabled on the Cisco 6400.

The Acct-Session-Id line should also identify the incoming NSP interface and VPI/VCI information, in this format:
Acct-Session-Id = "slot/subslot/port/VPI.VCI_acct-session-id"
Note The NAS-IP-Address line in the RADIUS accounting packet contains the IP address of the NME port on the NSP, even if the NME is shutdown. If the NME on the NSP does not have an IP address, this NAS-IP-Address field will contain "0.0.0.0."

Configuration Example

In the following example, a RADIUS server is identified, and the NAS port field is set to ATM VC Extended format:
radius-server host 10.31.5.96 auth-port 1645 acct-port 1646
radius-server attribute nas-port format d
Command Reference

This section documents the new command that configures the RADIUS VC Logging feature.

•radius-server attribute nas-port format

radius-server attribute nas-port format

To select the NAS-Port format used for RADIUS accounting features, and to restore the default NAS-Port format, use the radius-server attribute nas-port format command in global configuration mode. To stop sending attribute 5 (NAS-Port) to the RADIUS server, use the no form of this command.

radius-server attribute nas-port format format

no radius-server attribute nas-port format format

Syntax Description

format

NAS-Port format. Possible values for the format argument are as follows:

a—Standard NAS-Port format

b—Extended NAS-Port format

c—Carrier-based format

d—PPPoX (PPP over Ethernet or PPP over ATM) extended NAS-Port format

e—Configurable NAS-Port format

Defaults

Standard NAS-Port format

Command Modes

Global configuration

Command History

Release

Modification

11.3(7)T

This command was introduced.

11.3(9)DB

The PPP extended NAS-Port format was added.

12.1(5)T

The PPP extended NAS-Port format was expanded to support PPPoE over ATM and PPPoE over IEEE 802.1Q virtual LANS (VLANs).

12.2(4)T

Format e was introduced.

12.2(11)T

Format e was extended to support PPPoX information.

12.3(3)

Format e was extended to support Session ID U.

12.2(27)SBA

This command was integrated into Cisco IOS Release 12.2(27)SBA.

Usage Guidelines

The radius-server attribute nas-port format command configures RADIUS to change the size and format of the NAS-Port attribute field (RADIUS IETF attribute 5).

The following NAS-Port formats are supported:

•Standard NAS-Port format—This 16-bit NAS-Port format indicates the type, port, and channel of the controlling interface. This is the default format used by Cisco IOS software.

•Extended NAS-Port format—The standard NAS-Port attribute field is expanded to 32 bits. The upper 16 bits of the NAS-Port attribute display the type and number of the controlling interface; the lower 16 bits indicate the interface that is undergoing authentication.

•Shelf-slot NAS-Port format—This 16-bit NAS-Port format supports expanded hardware models requiring shelf and slot entries.

•PPP extended NAS-Port format—This NAS-Port format uses 32 bits to indicate the interface, virtual path identifier (VPI), and virtual channel indicator (VCI) for PPP over ATM and PPPoE over ATM, and the interface and VLAN ID for PPPoE over Institute of IEEE standard 802.1Q VLANs.

Format e

The currently supported formats a through c do not work with new Cisco platforms, such as the AS5400. For this reason, a configurable format e was developed. Format e requires you to explicitly define the usage of the 32 bits of attribute 25 (Nas-Port). The usage is defined with a given parser character for each Nas-Port field of interest for a given bit field. By configuring a single character in a row, such as x, only one bit is assigned to store that given value. Additional characters of the same type, such as x, will provide a larger available range of values to be stored. Thus, the ranges may be expanded as follows:

x

0 - 1

xx

0 - 3

xxx

0 - 7

xxxx

0 - F

xxxxx

0 - 1F

and so on.

It is imperative that one know what the valid range is for a given parameter on a platform that one wishes to support. The IOS RADIUS client will bitmask the determined value to the maximum permissible value on the basis of configuration. Thus, if one has a parameter that turns out to have a value of 8, but only 3 bits (xxx) are configures, 8 and 0x7 will give a result of 0. Therefore, one must always configure enough bits to correctly capture the value required. Care must be taken to ensure that format e is configured to properly work for all NAS port types within your network environment.

Zero

0 (always sets a 0 to that bit)

One

1 (always sets a 1 to that bit)

DS0 shelf

f

DS0 slot

s

DS0 adapter

a

DS0 port

p (physical port)

DS0 subinterface

i

DS0 channel

c

Async shelf

F

Async slot

S

Async port

P

Async line

L (modem line number, that is, physical terminal [TTY] number)

PPPoX slot

S

PPPoX adapter

A

PPPoX port

P

PPPoX VLAN ID

V

PPPoX VPI

I

PPPoX VCI

C

Session ID

U

Currently supported parameters and their representative characters are shown below.

All 32 bits that represent the NAS-Port must be set to one of the above characters because this format makes no assumptions for empty fields.

Access Router

The DS0 port on a T1-based card and on a T3-based card will give different results. On T1-based cards, the physical port is equal to the virtual port (as these are the same). So, p and d will give the same information for a T1 card. However, on a T3 system, the port will give you the physical port number (as there can be more than one T3 card for a given platform). As such, d will give you the virtual T1 line (as per configuration on a T3 controller). On a T3 system, p and d will be different, and one should capture both to properly identify the physical device. As a working example for the Cisco AS5400, the following configuration is recommended:
Router (config)# radius-server attribute nas-port format e 
SSSSPPPPPPPPPsssspppppdddddccccc
This will give one an asynchronous slot (0 - 16), asynchronous port (0 - 512), DS0 slot (0 - 16), DS0 physical port (0 - 32), DS0 virtual port (0 - 32), and channel (0 - 32). The parser has been implemented to explicitly require 32-bit support, or it will fail.

Finally, format e is supported for channel-associated signaling (CAS), Primary Rate Interface (PRI), and basic rate interface- (BRI-) based interfaces.

Note This command replaces the radius-server attribute nas-port extended command.

Examples

In the following example, a RADIUS server is identified, and the NAS-Port field is set to the PPP extended format:
radius-server host 172.31.5.96 auth-port 1645 acct-port 1646
radius-server attribute nas-port format d
Related Commands

Command

Description

vpdn aaa attribute nas-port vpdn-nas

Enables the LNS to send PPP extended NAS-Port format values to the RADIUS server for accounting.

Glossary

NAS—network access server.

NME—Network Management Ethernet. The local area network used to control and manage equipment in a Central Office and branch locations. The NME connection on the Cisco 6400 is an RJ-45 connector for a 10BaseT port on the NSP module.

NSP—node switch processor. A component module responsible for all ATM switching and control functions within the Cisco 6400.

PPP—Point-to-Point Protocol. A protocol that encapsulates network layer protocol information over point-to-point links. PPP is defined in RFC 1661.

PPPoA—PPP over ATM

PPPoE—PPP over Ethernet

PVC—permanent virtual circuit. Virtual circuit that is permanently established. PVCs save bandwidth associated with circuit establishment and tear down in situations where certain virtual circuits must exist all the time.

RADIUS—Remote Access Dial-In User Service. Database for authenticating modem and ISDN connections and for tracking connection time.

VC—virtual circuit. Logical circuit created to ensure reliable communication between two network devices. A virtual circuit is defined by a VPI/VCI pair, and can be either permanent (PVC) or switched (SVC).

VCI—virtual channel identifier. 16-bit field in the header of an ATM cell. The VCI, together with the VPI, is used to identify the next destination of a cell as it passes through a series of ATM switches on its way to its destination.

VPI—virtual path identifier. Eight-bit field in the header of an ATM cell. The VPI, together with the VCI, is used to identify the next destination of a cell as it passes through a series of ATM switches on its way to its destination.

Copyright © 1999, 2000, 2005 Cisco Systems, Inc. All rights reserved.

Release	Modification
12.2(13)T	This feature was introduced.
12.2(7th)S	This feature was integrated into Cisco IOS Release 12.2(7th)S.
12.2(27)SBA	This feature was integrated into Cisco IOS release 12.2(27)SBA.

Command	Purpose
Switch(config)# interface BVI1	Selects the combined NME interface.
Switch(config-if)# ip address address subnet	Configures a static IP and subnetwork address.

Command	Purpose
Switch(config)# interface ethernet 0/0/0	Selects the NME interface.
Switch(config-if)# ip address address subnet or Switch(config-if)# ip address negotiated	Configures a static IP and subnetwork address. Allows the interface to obtain an IP address, subnet mask, router address, and static routes from a DHCP server.

Command	Purpose
Router(config)# radius-server attribute nas-port format d	Selects the ATM VC extended format for the NAS port field.

format	NAS-Port format. Possible values for the format argument are as follows: a—Standard NAS-Port format b—Extended NAS-Port format c—Carrier-based format d—PPPoX (PPP over Ethernet or PPP over ATM) extended NAS-Port format e—Configurable NAS-Port format

Release	Modification
11.3(7)T	This command was introduced.
11.3(9)DB	The PPP extended NAS-Port format was added.
12.1(5)T	The PPP extended NAS-Port format was expanded to support PPPoE over ATM and PPPoE over IEEE 802.1Q virtual LANS (VLANs).
12.2(4)T	Format e was introduced.
12.2(11)T	Format e was extended to support PPPoX information.
12.3(3)	Format e was extended to support Session ID U.
12.2(27)SBA	This command was integrated into Cisco IOS Release 12.2(27)SBA.

x	0 - 1
xx	0 - 3
xxx	0 - 7
xxxx	0 - F
xxxxx	0 - 1F

Zero	0 (always sets a 0 to that bit)
One	1 (always sets a 1 to that bit)
DS0 shelf	f
DS0 slot	s
DS0 adapter	a
DS0 port	p (physical port)
DS0 subinterface	i
DS0 channel	c
Async shelf	F
Async slot	S
Async port	P
Async line	L (modem line number, that is, physical terminal [TTY] number)
PPPoX slot	S
PPPoX adapter	A
PPPoX port	P
PPPoX VLAN ID	V
PPPoX VPI	I
PPPoX VCI	C
Session ID	U

Command	Description
vpdn aaa attribute nas-port vpdn-nas	Enables the LNS to send PPP extended NAS-Port format values to the RADIUS server for accounting.

Was this Document Helpful?

Feedback

Contact Cisco

Open a Support Case
(Requires a Cisco Service Contract)

RADIUS VC Logging

Available Languages

Download Options

Bias-Free Language

Table Of Contents