| Attribute ID | Attribute name | Description |
|---|---|---|
|
22 |
Framed-Route |
Routing information (IPv4 managed route) to be configured on the NAS for a host (DHCP, PPPoE, ARP) that operates as a router without NAT (so called routed subscriber host). The route included in the Framed-Route attribute is accepted as a managed route only if the next-hop points to the host’s IP address if the next-hop address equals 0.0.0.0, or if the included route is a valid classful network in case the subnet-mask is omitted. If neither is applicable, this specific framed-route attribute is ignored and the host is instantiated without this specific managed route installed. A Framed-Route attribute is also ignored if the SAP does not have anti-spoof configured to NH-MAC (the host is installed as a standalone host without managed route). The number of routes above limits are silently ignored. Optionally, a metric, tag, and protocol preference can be specified for the managed route. If the metrics are not specified, are specified in a wrong format, or specified with out-of-range values, then default values are used for all metrics: metric=0, no tag and preference=0. If an identical managed route is associated with different routed subscriber hosts in the context of the same IES/VPRN service, up to max-ecmp-routes managed routes are installed in the routing table (configured as ecmp max-ecmp-routes in the routing instance). Candidate ECMP Framed-Routes have identical prefix, equal lowest preference, and equal lowest metric. The lowest IP next-hop” is the tie breaker if more candidate ECMP Framed-Routes are available than the configured max-ecmp-routes. Other identical managed routes are shadowed (not installed in the routing table) and an event is logged. An alternative to RADIUS managed routes are managed routes using host dynamic BGP peering. Valid RADIUS-learned managed routes can be included in RADIUS accounting messages with the configure subscriber-mgmt radius-accounting-policy name include-radius-attribute framed-route configuration. Associated managed routes for an instantiated routed subscriber host are included in RADIUS accounting messages independent of the state of the managed route (Installed, Shadowed or HostInactive). |
|
99 |
Framed-IPv6-Route |
Routing information (IPv6 managed route) to be configured on the NAS for a v6 WAN host (IPoE or PPPoE) that operates as a router. The functionality is comparable with offering multiple PD prefixes for a single host. The route included in the Framed-IPv6-Route attribute is accepted as a managed route only if its next-hop is a WAN host (DHCPv6 IA-NA or SLAAC) or if the next-hop address equals ::. As a consequence, Framed-IPv6-Routes with explicit configured gateway prefix of a pd-host (DHCPv6 IA-PD) are not installed. A Framed-Route attribute is also ignored if the SAP does not have anti-spoof configured to NH-MAC (the host is installed as a standalone host without a managed route). The number of routes above limits are silently ignored. Optionally, a metric, tag, or protocol preference can be specified for the managed route. If the metrics are not specified, specified in a wrong format, or specified with out-of-range values, then default values are used for all metrics: metric=0, no tag and preference=0. If an identical managed route is associated with different routed subscriber hosts in the context of the same IES or VPRN service up to max-ecmp-routes managed routes are installed in the routing table (configured as ecmp max-ecmp-routes in the routing instance). Candidate ECMP Framed-IPv6-Routes have identical prefix, equal lowest preference and equal lowest metric. The lowest IP next-hop is the tie breaker if more candidate ECMP Framed-IPv6-Routes are available than the configured max-ecmp-routes. Other identical managed routes are shadowed (not installed in the routing table) and an event is logged. Valid RADIUS learned managed routes can be included in RADIUS accounting messages with following configuration: configure subscriber-mgmt radius-accounting-policy name include-radius-attribute framed-ipv6-route. Associated managed routes for an instantiated routed subscriber host are included in RADIUS accounting messages independent of the state of the managed route (Installed, Shadowed or HostInactive). |
|
26.6527.55 |
Alc-BGP-Policy |
Refers to a preconfigured policy under configure subscriber-mgmt bgp- peering-policy policy-name. Mandatory attribute for dynamic BGPv4 peering. The referenced policy contains all required parameters to setup the dynamic BGPv4 peer. Peer-AS, MD5 key, Authentication-Keychain and import and export policies can be overridden by optional RADIUS attributes. Dynamic BGPv4 peering related attributes are ignored if the session or host does not terminate in a VPRN. Host setup is successful, but without BGPv4 peering if a non-existing policy-name is received or if the SAP anti-spoof type is different from nh-mac. Policy names above the maximum length result in a host setup failure. |
|
26.6527.56 |
Alc-BGP-Auth-Keychain |
Optional attribute for dynamic BGPv4 peering. Refers to the keychain parameters (configure system security keychain keychain-name) used to sign or authenticate the BGP protocol stream using the TCP enhanced authentication option (draft-bonica-tcp-auth). Host setup is successful, but without BGPv4 peering if a non-existing keychain name is received. Keychain names above the maximum length result in a host setup failure. Alternative for [26.6527.57] Alc-BGP-Auth-Key. |
|
26.6527.57 |
Alc-BGP-Auth-Key |
Optional attribute for dynamic BGPv4 peering. Indicates the authentication key used between BGPv4 peers before establishing sessions. Authentication is done using the MD5 message based digest protocol. Authentication keys are truncated at 247 Bytes and are not encrypted. |
|
26.6527.58 |
Alc-BGP-Export-Policy |
Optional attribute for dynamic BGPv4 peering. This refers to a preconfigured BGP export policy (configure router policy-options policy-statement name). The RADIUS received policy is appended to the list of export policies configured in the peering policy (configure subscriber-mgmt bgp-peering-policy policy-name export policy-name) if there are fewer than 15 preconfigured policies or replaces the fifteenth policy. Host setup is successful, but without export policy applied if a non-existing policy-name is received. Policy names above the maximum length result in a host setup failure. |
|
26.6527.59 |
Alc-BGP-Import-Policy |
Optional attribute for dynamic BGPv4 peering. Refers to a preconfigured BGP import policy (configure router policy-options policy-statement name). The RADIUS received policy is appended to the peer (if preconfigured policies for peer are smaller than 15) or replaces the fifteenth policy (if preconfigured policies for peer are exact 15). Host setup is successful but without import policy applied if a non-existing policy-name is received. Policy names above the maximum length result in a host setup failure. |
|
26.6527.60 |
Alc-BGP-PeerAS |
Optional attribute for dynamic BGPv4 peering. Specifies the Autonomous System number for the remote BGPv4 peer. |
|
26.6527.207 |
Alc-RIP-Policy |
Refers to the preconfigured policy under configure subscriber-mgmt rip-policy policy-name and enables the BNG to listen to RIPv1 or RIPv2 messages from the host (master SRRP node only in case of a dual-homed BNG). The referenced policy contains the authentication type and authentication key used to establish a RIP neighbor with this host. Host setup is successful, but the RIP message from the host are ignored if a non-existing policy name is received or if the SAP anti-spoof type is different from NH-MAC. Policy names exceeding the maximum length result in a host setup failure. |
|
26.6527.208 |
Alc-BGP-IPv6-Policy |
Refers to a preconfigured policy under configure subscriber-mgmt bgp-peering-policy policy-name. Mandatory attribute for dynamic BGPv6 peering. The referenced policy contains all required parameters to setup the dynamic BGPv6 peer. Peer-AS, MD5 key, Authentication-Keychain and import or export policies can be overridden by optional RADIUS attributes. Dynamic BGPv6 peering related attributes are ignored if the session or host does not terminate in a VPRN. Host setup is successful, but without BGPv6 peering if a non-existing policy name is received or if the SAP anti-spoof type is different from nh-mac. Policy names above the maximum length result in a host setup failure. For single hop BGPv6, the peering address for the customer premises equipment (CPE) must be an IPv6 address configured on the subscriber interface. For multi-hop BGPv6, the peering address for the CPE can be any routable IPv6 interface address in the same routing instance as the subscriber host. |
|
26.6527.209 |
Alc-BGP-IPv6-Auth-Keychain |
Optional attribute for dynamic BGPv6 peering. Refers to the keychain parameters (configure system security keychain keychain-name) used to sign or authenticate the BGPv6 protocol stream using the TCP enhanced authentication option (draft-bonica-tcp-auth). Host setup is successful, but without BGPv6 peering if a non-existing keychain name is received. Keychain names above the maximum length result in a host setup failure. Alternative for [26.6527.201] Alc-BGP-IPv6-Auth-Key. |
|
26.6527.210 |
Alc-BGP-IPv6-Auth-Key |
Optional attribute for dynamic BGPv6 peering. Indicates the authentication key used between BGPv6 peers before establishing sessions. Authentication is performed using the MD5 message based digest protocol. Authentication keys are truncated at 247 bytes and are not encrypted. |
|
26.6527.211 |
Alc-BGP-IPv6-Export-Policy |
Optional attribute for dynamic BGPv6 peering. Refers to a preconfigured BGP export policy (configure router policy-options policy-statement name). The RADIUS received policy is appended to the peer (if there are fewer than 15) or replaces the fifteenth policy. Host setup is successful, but without export policy applied if a non-existing policy name is received. Policy names above the maximum length result in a host setup failure. |
|
26.6527.212 |
Alc-BGP-IPv6-Import-Policy |
Optional attribute for dynamic BGPv6 peering. Refers to a preconfigured BGP import policy (configure router policy-options policy-statement name). The RADIUS received policy is appended to the peer (if there are fewer than 15) or if the received policy replaces the fifteenth policy. Host setup is successful, but without import policy applied if a non-existing policy name is received. Policy names above the maximum length result in a host setup failure. |
|
26.6527.213 |
Alc-BGP-IPv6-PeerAS |
Optional attribute for dynamic BGPv6 peering. Specifies the Autonomous System number for the remote BGPv6 peer. |
| Attribute ID | Attribute name | Type | Limits | SR OS format |
|---|---|---|---|---|
|
22 |
Framed-Route |
string |
max. 16 Framed-Route attributes |
"<ip-prefix>[/<prefix-length>] <space> <gateway-address> [<space> <metric>] [<space> tag <space> <tag-value>] [<space> pref <space> <preference-value>]” where: <space> is a white space or blank character <ip-prefix>[/prefix-length] is the managed route to be associated with the routed subscriber host. The prefix-length is optional and if not specified, a class-full class A,B or C subnet is assumed. <gateway-address> must be the routed subscriber host IP address. ‟0.0.0.0” is automatically interpreted as the host IPv4 address. [<metric>] (Optional) Installed in the routing table as the metric of the managed route. If not specified, metric zero is used. Value = [0 to 65535] [tag <tag-value>] (Optional) The managed route is tagged for use in routing policies. If not specified or tag-value=0, then the route is not tagged. Value = [0 to 4294967295] [pref <preference-value>] (Optional) Installed in the routing table as protocol preference for this managed route. If not specified, preference zero is used. Value = [0 to 255] |
|
22 (continued) |
Framed-Route |
string |
max. 16 Framed-Route attributes |
For example: Framed-Route = "192.168.1.0/24 0.0.0.0" where 0.0.0.0 is replaced by host address. Default metrics are used (metric=0, preference=0 and no tag) Framed-Route = "192.168.1.0 0.0.0.0" where 192.168.1.0 is a class-C network /24 and 0.0.0.0 is replaced host address. Default metrics are used. Framed-Route = "192.168.1.0/24 192.168.1.1" where 192.168.1.1 is the host address. Default metrics are used. Framed-Route = "192.168.1.0 0.0.0.0 10 tag 3 pref 100" installs a managed route with metric=10, protocol preference = 100 and tagged with tag=3 Framed-Route = "192.168.1.0 0.0.0.0 tag 5" installs a managed route with metric=0 (default), protocol preference = 0 (default) and tagged with tag=5" |
|
99 |
Framed-IPv6-Route |
string |
max. 16 Framed-IPv6-Route attributes |
<ip-prefix>/<prefix-length> <space> <gateway-address> [<space> <metric>] [<space> tag <space> <tag-value>] [<space> pref <space> <preference-value>]” where: <space> is a white space or blank character <ip-prefix>/<prefix-length> is the managed route to be associated with the routed subscriber host. <gateway-address> must be the routed subscriber host IP address. ‟::” and ‟0:0:0:0:0:0:0:0” are automatically interpreted as the wan-host IPv6 address. [<metric>] (Optional) Installed in the routing table as the metric of the managed route. If not specified, metric zero is used. Value = [0 to 65535] [tag <tag-value>] (Optional) The managed route is tagged for use in routing policies. If not specified or tag-value=0, then the route is not tagged. Value = [0 to 4294967295] [pref <preference-value>] (Optional) Installed in the routing table as protocol preference for this managed route. If not specified, preference zero is used. Value = [0 to 255] |
|
99 (continued) |
Framed-IPv6-Route |
string |
max. 16 Framed-IPv6-Route attributes |
For example: Framed-IPv6-Route = "2001:db8:1::/48 ::" where :: resolves in the wan-host. Default metrics are used (metric=0, preference=0 and no tag) Framed-IPv6-Route = "2001:db8:2::/48 0:0:0:0:0:0:0:0" where 0:0:0:0:0:0:0:0 resolves in the wan-host. Default metrics are used. Framed-IPv6-Route = "2001:db8:3::/48 0::0" where 0::0 resolves in the wan-host. Default metrics are used. Framed-IPv6-Route = "2001:db8:3::/48 2001:db8:aa::1" where 2021:1::1 is the wan-host. Default metrics are used. Framed-IPv6-Route = "2001:db8:1::/48 :: 10 tag 3 pref 100" installs a managed route with metric = 10, protocol preference = 100 and tagged with tag = 3 Framed-IPv6-Route = "2001:db8:1::/48 :: tag 5" installs a managed route with metric = 0 (default), protocol preference = 0 (default) and tagged with tag = 5 |
|
26.6527.55 |
Alc-BGP-Policy |
string |
32 chars |
For example: Alc-BGP-Policy = MyBGPPolicy |
|
26.6527.56 |
Alc-BGP-Auth-Keychain |
string |
32 chars |
For example: Alc-BGP-Auth-Keychain = MyKeychainPolicy |
|
26.6527.57 |
Alc-BGP-Auth-Key |
octets |
247 bytes |
For example: Alc-BGP-Auth-Key = "SecuredBGP" |
|
26.6527.58 |
Alc-BGP-Export-Policy |
string |
32 chars |
For example: Alc-BGP-Export-Policy = to_dynamic_bgp_peer |
|
26.6527.59 |
Alc-BGP-Import-Policy |
string |
32 chars |
For example: Alc-BGP-Import-Policy = from_dynamic_bgp_peer |
|
26.6527.60 |
Alc-BGP-PeerAS |
integer |
[1 to 4294967294] |
For example: Alc-BGP-PeerAS = 64500 |
|
26.6527.207 |
Alc-RIP-Policy |
string |
32 chars |
For example: Alc-RIP-Policy = MyRIPPolicy |
|
26.6527.208 |
Alc-BGP-IPv6-Policy |
string |
32 chars |
For example: Alc-BGP-IPv6-Policy = MyBGPPolicy |
|
26.6527.209 |
Alc-BGP-IPv6-Auth-Keychain |
string |
32 chars |
For example: Alc-BGP-IPv6-Auth-Keychain = MyKeychain |
|
26.6527.210 |
Alc-BGP-IPv6-Auth-Key |
octets |
247 bytes |
For example: Alc-BGP-IPv6-Auth-Key = ‟SecuredBGPv6” |
|
26.6527.211 |
Alc-BGP-IPv6-Export-Policy |
string |
32 chars |
For example: Alc-BGP-IPv6-Export-Policy = to_dynamic_bgpv6_peer |
|
26.6527.212 |
Alc-BGP-IPv6-Import-Policy |
string |
32 chars |
For example: Alc-BGP-IPv6-Import-Policy = from_dynamic_bgpv6_peer |
|
26.6527.213 |
Alc-BGP-IPv6-PeerAS |
integer |
[1 to 4294967294] |
For example: Alc-BGP-IPv6-PeerAS = 64500 |
| Attribute ID | Attribute name | Access Request | Access Accept | CoA request |
|---|---|---|---|---|
|
22 |
Framed-Route |
0 |
0+ |
0 |
|
99 |
Framed-IPv6-Route |
0 |
0+ |
0 |
|
26.6527.55 |
Alc-BGP-Policy |
0 |
0-1 |
0 |
|
26.6527.56 |
Alc-BGP-Auth-Keychain |
0 |
0-1 |
0 |
|
26.6527.57 |
Alc-BGP-Auth-Key |
0 |
0-1 |
0 |
|
26.6527.58 |
Alc-BGP-Export-Policy |
0 |
0-1 |
0 |
|
26.6527.59 |
Alc-BGP-Import-Policy |
0 |
0-1 |
0 |
|
26.6527.60 |
Alc-BGP-PeerAS |
0 |
0-1 |
0 |
|
26.6527.207 |
Alc-RIP-Policy |
0 |
0-1 |
0 |
|
26.6527.208 |
Alc-BGP-IPv6-Policy |
0 |
0-1 |
0 |
|
26.6527.209 |
Alc-BGP-IPv6-Auth-Keychain |
0 |
0-1 |
0 |
|
26.6527.210 |
Alc-BGP-IPv6-Auth-Key |
0 |
0-1 |
0 |
|
26.6527.211 |
Alc-BGP-IPv6-Export-Policy |
0 |
0-1 |
0 |
|
26.6527.212 |
Alc-BGP-IPv6-Import-Policy |
0 |
0-1 |
0 |
|
26.6527.213 |
Alc-BGP-IPv6-PeerAS |
0 |
0-1 |
0 |