| Attribute ID | Attribute name | Description |
|---|---|---|
|
1 |
User-Name |
This attribute is for RADIUS authentication of data triggered Dynamic Data Services only. The user to be authenticated in the Access-Request. The attribute value is the dynamic service data trigger sap-id. |
|
2 |
User-Password |
This attribute is for RADIUS authentication of data triggered Dynamic Data Services only. The password of the user to be authenticated. The attribute value is preconfigured: configure service dynamic-services dynamic-services-policy dynsvc-policy-name authentication password password |
|
4 |
NAS-IP-Address |
This attribute is for RADIUS authentication of data triggered Dynamic Data Services only. The identifying IP Address of the NAS requesting the Authentication. Included when the RADIUS server is reachable using IPv4. The address is determined by the routing instance through which the RADIUS server can be reached: "Management" — The active IPv4 address in the Boot Options File (bof address ipv4-address) "Base" or "VPRN" — the IPv4 address of the system interface (configure router interface system address address). The address can be overwritten with the configured source-address (configure aaa radius-server-policy policy-name servers source-address ip- address). |
|
8 |
Framed-IP-Address |
This attribute is for RADIUS authentication of data triggered Dynamic Data Services only. The IPv4 source address of an IPv4 data trigger frame that resulted in the authentication. Not included if the data trigger frame is not an IPv4 packet. |
|
32 |
NAS-Identifier |
(RADIUS authentication of data triggered Dynamic Data Services only) A string identifying the NAS originating the Authentication request. The attribute value is the system name of the router: configure system name system-name |
|
44 |
Acct-Session-Id |
(RADIUS authentication of data triggered Dynamic Data Services only) A unique identifier that represents the dynamic service data trigger that is authenticated. This attribute can be used as CoA or Disconnect Message key to target the dynamic service data trigger and is reflected in the accounting messages as attribute [50] Acct-Multi-Session-Id. |
|
87 |
NAS-Port-Id |
(RADIUS authentication of data triggered Dynamic Data Services only) A text string which identifies the physical or logical port of the NAS which is authenticating the user. Attribute is also used in CoA and Disconnect Message as identification key. The attribute value is the dynamic service data trigger sap-id. |
|
95 |
NAS-IPv6-Address |
(RADIUS authentication of data triggered Dynamic Data Services only) The identifying IP Address of the NAS requesting the Authentication or Accounting. Included when the RADIUS server is reachable using IPv6. The address is determined by the routing instance through which the RADIUS server can be reached: "Management" - The active IPv6 address in the Boot Options File (bof address ipv6-address). "Base" or "VPRN" - The IPv6 address of the system interface (configure router interface system ipv6 address ipv6-address). The address can be overwritten with the configured IPv6 source-address (configure aaa radius-server-policy policy-name servers ipv6-source-address ipv6-address). |
|
26.6527.27 |
Alc-Client-Hardware-Addr |
(RADIUS authentication of data triggered Dynamic Data Services only) The MAC address of the dynamic service data trigger frame that resulted in the authentication. The format is fixed: xx:xx:xx:xx:xx:xx |
|
26.6527.99 |
Alc-Ipv6-Address |
(RADIUS authentication of data triggered Dynamic Data Services only) The IPv6 source address of an IPv6 data trigger frame that resulted in the authentication. Not included if the data trigger frame is not an IPv6 packet. |
|
26.6527.164 |
Alc-Dyn-Serv-SAP-Id |
Identifies the dynamic data service SAP. Only Ethernet ports and LAGs are valid. The Dynamic Service SAP-ID uniquely identifies a Dynamic Data Service instance. It can be specified explicitly or relative to the control channel SAP-ID using wildcards. If explicitly specified, the Dynamic Data Service SAP-ID and Control Channel SAP-ID do not have to be on the same port. The setup of the Dynamic Data Service fails if the SAP specified in [26.6527.164] Alc-Dyn-Serv-SAP-Id is not created. The Dynamic Data Service SAP becomes orphaned if the SAP is not deleted with a teardown action. |
|
26.6527.165 |
Alc-Dyn-Serv-Script-Params |
Parameters as input to the Dynamic Data Service Python script. The parameters can cross an attribute boundary. The concatenation of all [26.6527.165] Alc-Dyn-Serv-Script-Params attributes with the same tag in a single message must be formatted as function-key dictionary where function-key specifies which Python functions is called and dictionary contains the actual parameters in a Python dictionary structure format. In dynamic service RADIUS accounting messages, the attribute is sent untagged and contains the last received [26.6527.165] Alc-Dyn-Serv-Script-Params value in an Access-Accept or CoA message for this dynamic service. Multiple attributes may be present if the total length does not fit a single attribute. |
|
26.6527.166 |
Alc-Dyn-Serv-Script-Action |
The action specifies if a dynamic data service should be created (setup), changed (modify) or deleted (teardown). Together with the function-key in the [26.6527.165] Alc-Dyn-Serv-Script-Params, this attribute determines which Python function is called. The attribute is mandatory in a CoA message. The attribute is optional in an Access-Accept message. If included in an Access-Accept and the specified action is different from setup, the dynamic data service action fails. |
|
26.6527.167 |
Alc-Dyn-Serv-Policy |
Specifies which local configured Dynamic Data Service Policy to use for provisioning of this dynamic service. If the attribute is not present, the dynamic services policy with the name default is used. If the default policy does not exist, then the dynamic data service action fails. The [26.6527.167] Alc-Dyn-Serv-Policy attribute is optional in case of modify or teardown actions; the policy specified for the dynamic data service setup is automatically used. If the [26.6527.167] Alc-Dyn-Serv-Policy is specified for modify or teardown actions, it must point to the same dynamic services policy as used during the dynamic data service setup. If a different policy is specified, the action fails. |
|
26.6527.168 |
Alc-Dyn-Serv-Acct-Interim-Ivl-1 |
The number of seconds between each dynamic data service accounting interim update for the primary accounting server. Overrides local configured value in the Dynamic Services policy. With value = 0, the interim accounting to the primary accounting server is switched off. The dynamic data service accounting interim interval cannot be changed for an active service. The attribute is rejected if the script action is different from setup. |
|
26.6527.169 |
Alc-Dyn-Serv-Acct-Interim-Ivl-2 |
The number of seconds between each dynamic data service accounting interim update for the duplicate accounting server. Overrides local configured value in the Dynamic Services policy. With value = 0, the interim accounting to the duplicate accounting server is switched off. The dynamic data service accounting interim interval cannot be changed for an active service. The attribute is rejected if the script action is different from setup. |
|
26.6527.170 |
Alc-Dyn-Serv-Acct-Stats-Type-1 |
Enable or disable dynamic data service accounting to the primary accounting server and specify the stats type: volume and time or time only. Overrides the local configured value in the Dynamic Services Policy. The dynamic data service accounting statistics type cannot be changed for an active service. The attribute is rejected if the script action is different from setup. |
|
26.6527.171 |
Alc-Dyn-Serv-Acct-Stats-Type-2 |
Enable or disable dynamic data service accounting to the secondary accounting server and specify the stats type: volume and time or time only. Overrides the local configured value in the Dynamic Services Policy. The dynamic data service accounting statistics type cannot be changed for an active service. The attribute is rejected if the script action is different from setup. |
| Attribute ID | Attribute name | Type | Limits | SR OS format |
|---|---|---|---|---|
|
1 |
User-Name |
string |
253 chars |
Fixed to the sap-id of the dynamic service data trigger packet For example: User-Name = "1/1/1:10.2" |
|
2 |
User-Password |
string |
64 bytes |
Encrypted password For example: User-Password = "6/TcjoaomHgakafcDrpCDk" |
|
4 |
NAS-IP-Address |
ipaddr |
4 bytes |
IPv4 address. For example: NAS-IP-Address = 192.0.2.1 |
|
8 |
Framed-IP-Address |
ipaddr |
4 bytes |
IPv4 address. For example: Framed-IP-Address = 10.1.0.1 |
|
32 |
NAS-Identifier |
string |
64 chars |
For example: NAS-Identifier = "router-1" |
|
44 |
Acct-Session-Id |
string |
22 bytes |
Internal generated 22 byte number. For example: Acct-Session-Id = "144DFF000000CB56A79EC4" |
|
87 |
NAS-Port-Id |
string |
253 chars |
Fixed to the sap-id of the dynamic service data trigger packet For example: User-Name = "1/1/1:10.2" |
|
95 |
NAS-IPv6-Address |
ipv6addr |
16 bytes |
IPv6 address. For example: NAS-IPv6-Address = 2001:db8::1 |
|
26.6527.27 |
Alc-Client-Hardware-Addr |
string |
6 bytes |
Format fixed to xx:xx:xx:xx:xx:xx For example: Alc-Client-Hardware-Addr = 00:51:00:dd:01:01 |
|
26.6527.99 |
Alc-Ipv6-Address |
ipv6addr |
16 bytes |
IPv6 address. For example: Alc-Ipv6-Address = 2001:db8:100::1 |
|
26.6527.164 |
Alc-Dyn-Serv-SAP-Id |
string |
1 VSA per tag per message |
Any valid Ethernet SAP format (null, dot1q or qinq encaps), including LAGs. A wildcard (#) can be specified for the port field and optionally for one of the tag fields of a qinq encap. To find the dynamic data service SAP-ID, the wildcard fields are replaced with the corresponding field from the Control Channel SAP-ID. For example: Alc-Dyn-Serv-SAP-Id:1 = 1/2/7:10.201 Alc-Dyn-Serv-SAP-Id:2 = #:#.100 |
|
26.6527.165 |
Alc-Dyn-Serv-Script-Params |
string |
multiple VSAs per tag per message. Max length of concatenated strings per tag = 1000 bytes |
The script parameters may be continued across attribute boundaries. The concatenated string must have following format: function-key <dictionary> where function-key specifies which Python functions are used and <dictionary> contains the actual parameters in a Python dictionary structure format. For example: Alc-Dyn-Serv-Script-Params:1 = data_svc_1 = { 'as_id' : '100', 'comm_id' : '200', 'if_name' : 'itf1', 'ipv4_address': '192.168.1.1', 'egr_ip_filter' : '100' , 'routes' : [{'to' : '172.16.1.0/24', 'next-hop' : '192.168.2.2'}, {'to' : '172.16.2.0/24', 'next-hop' : '192.168.2.2'}]} |
|
26.6527.166 |
Alc-Dyn-Serv-Script-Action |
integer |
1 VSA per tag per message |
1=setup, 2=modify, 3=teardown For example: Alc-Dyn-Serv-Script-Action:1 = 2 |
|
26.6527.167 |
Alc-Dyn-Serv-Policy |
string |
1 VSA per tag per message; max. length: 32 chars |
The name of the local configured Dynamic Service Policy For example: Alc-Dyn-Serv-Policy:1 = dynsvc-policy-1 |
|
26.6527.168 |
Alc-Dyn-Serv-Acct-Interim-Ivl-1 |
integer |
1 VSA per tag per message [300 to 15552000] |
A value of 0 (zero) corresponds with no interim update messages. A value [1 to 299] seconds is rounded to 300s (min. CLI value) and a value > 15552000 seconds (max. CLI value) is rounded to the max. CLI value. Range = 0 | [300 to 15552000] For example: Alc-Dyn-Serv-Acct-Interim-Ivl-1:1 = 3600 |
|
26.6527.169 |
Alc-Dyn-Serv-Acct-Interim-Ivl-2 |
integer |
1 VSA per tag per message [300 to 15552000] |
A value of 0 (zero) corresponds with no interim update messages. A value [1 to 299] seconds is rounded to 300s (min. CLI value) and a value > 15552000 seconds (max. CLI value) is rounded to the max. CLI value. Range = 0 | [300 to 15552000] For example: Alc-Dyn-Serv-Acct-Interim-Ivl-2:1 = 86400 |
|
26.6527.170 |
Alc-Dyn-Serv-Acct-Stats-Type-1 |
integer |
1 VSA per tag per message |
1=off, 2=volume-time, 3=time For example: Alc-Dyn-Serv-Acct-Stats-Type-1:1 = 1 |
|
26.6527.171 |
Alc-Dyn-Serv-Acct-Stats-Type-2 |
integer |
1 VSA per tag per message |
1=off, 2=volume-time, 3=time For example: Alc-Dyn-Serv-Acct-Stats-Type-2:1 = 2 |
| Attribute ID | Attribute name | Access Request | Access Accept | CoA request | Tag | Max. tag |
|---|---|---|---|---|---|---|
|
1 |
User-Name |
1 |
0 |
0 |
— |
|
|
2 |
User-Password |
1 |
0 |
0 |
— |
|
|
4 |
NAS-IP-Address |
0-1 |
0 |
0 |
— |
|
|
8 |
Framed-IP-Address |
0-1 |
0 |
0 |
— |
|
|
32 |
NAS-Identifier |
1 |
0 |
0 |
— |
|
|
44 |
Acct-Session-Id |
1 |
0 |
0-1 |
— |
|
|
87 |
NAS-Port-Id |
1 |
0 |
0-1 |
— |
|
|
95 |
NAS-IPv6-Address |
0-1 |
0 |
0 |
— |
|
|
26.6527.27 |
Alc-Client-Hardware-Addr |
1 |
0 |
0 |
— |
|
|
26.6527.99 |
Alc-Ipv6-Address |
0-1 |
0 |
0 |
— |
|
|
26.6527.164 |
Alc-Dyn-Serv-SAP-Id |
0 |
0+ |
0+ |
✓ |
0-31 |
|
26.6527.165 |
Alc-Dyn-Serv-Script-Params |
0 |
0+ |
0+ |
✓ |
0-31 (untagged) |
|
26.6527.166 |
Alc-Dyn-Serv-Script-Action |
0 |
0+ |
0+ |
✓ |
0-31 |
|
26.6527.167 |
Alc-Dyn-Serv-Policy |
0 |
0+ |
0+ |
✓ |
0-31 |
|
26.6527.168 |
Alc-Dyn-Serv-Acct-Interim-Ivl-1 |
0 |
0+ |
0+ |
✓ |
0-31 |
|
26.6527.169 |
Alc-Dyn-Serv-Acct-Interim-Ivl-2 |
0 |
0+ |
0+ |
✓ |
0-31 |
|
26.6527.170 |
Alc-Dyn-Serv-Acct-Stats-Type-1 |
0 |
0+ |
0+ |
✓ |
0-31 |
|
26.6527.171 |
Alc-Dyn-Serv-Acct-Stats-Type-2 |
0 |
0+ |
0+ |
✓ |
0-31 |
Table: Dynamic data services — control channel CoA attributes lists the mandatory/optional attributes in CoA messages to the control channel.
| Attribute name | Setup | Modify | Teardown | Comment |
|---|---|---|---|---|
|
Acct-Session-Id |
M |
M |
M |
(CoA key) Acct-Session-Id of the Control Channel (or any other valid CoA key for ESM hosts/sessions) |
|
Alc-Dyn-Serv-SAP-Id |
M1 | M1 | M1 |
Identifies the dynamic data service |
|
Alc-Dyn-Serv-Script-Params |
M1 | M1 |
N/A |
For a Modify, the Script Parameters represent the new parameters required for the change. |
|
Alc-Dyn-Serv-Script-Action |
M1 | M1 | M1 | |
|
Alc-Dyn-Serv-Policy |
O |
O |
O |
Default policy used when not specified for Setup action. Must be same as used for setup if specified for Modify or Teardown. |
|
Alc-Dyn-Serv-Acct-Interim-Ivl-1 |
O |
X2 | X2 | |
|
Alc-Dyn-Serv-Acct-Interim-Ivl-2 |
O |
X2 | X2 | |
|
Alc-Dyn-Serv-Acct-Stats-Type-1 |
O |
X2 | X2 | |
|
Alc-Dyn-Serv-Acct-Stats-Type-2 |
O |
X2 | X2 | |
|
M = Mandatory, O = Optional, X = May Not, N/A = Not Applicable (ignored) |
||||
Table: Data triggered dynamic services (CoA Key = Nas-Port-Id or Acct-Session-Id of dynamic data service SAP) - CoA attributes lists the mandatory/optional attributes in CoA messages sent to a dynamic data service associated with a dynamic services data trigger using Nas-Port-Id or Acct-Session-Id of a dynamic data service sap as CoA key.
| Attribute name | Setup | Modify | Teardown | Comment |
|---|---|---|---|---|
|
Nas-Port-Id |
N/S |
M3 | M3 |
(CoA key) Nas-Port-Id of a Dynamic Data Service sap |
|
Alc-Dyn-Serv-SAP-Id |
N/S |
O |
O |
If specified, the sap-id must be the same as the Nas-Port-Id or correspond with the dynamic service sap identified with the Acct-Session-Id. |
|
Alc-Dyn-Serv-Script- Params |
N/S |
M4 |
N/A |
For a Modify, the Script Parameters represent the new parameters required for the change. |
|
Alc-Dyn-Serv-Script- Action |
N/S |
M4 | M4 | |
|
Alc-Dyn-Serv-Policy |
N/S |
O |
O |
Must be same as used for setup if specified for Modify or Teardown. |
|
Alc-Dyn-Serv-Acct- Interim-Ivl-1 |
N/S |
X5 | X5 | |
|
Alc-Dyn-Serv-Acct- Interim-Ivl-2 |
N/S |
X5 | X5 | |
|
Alc-Dyn-Serv-Acct- Stats-Type-1 |
N/S |
X5 | X5 | |
|
Alc-Dyn-Serv-Acct- Stats-Type-2 |
N/S |
X5 | X5 | |
|
M = Mandatory, O = Optional, X = May Not, N/A = Not Applicable (ignored), N/S = Not Supported |
||||
Table: Data triggered dynamic services (CoA Key = Acct-Session-Id of dynamic service data trigger) - CoA attributes lists the mandatory/optional attributes in CoA messages sent to a dynamic services data trigger using the Acct-Session-Id of the data trigger as CoA key.
| Attribute name | Setup | Modify | Teardown | Comment |
|---|---|---|---|---|
|
Acct-Session-Id |
M |
M |
M |
(CoA key) Acct-Session-Id of a dynamic service data trigger. |
|
Alc-Dyn-Serv-SAP-Id |
M6 | M6 | M6 |
Identifies the dynamic data service associated with the dynamic service data trigger. |
|
Alc-Dyn-Serv-Script- Params |
M6 | M6 |
N/A |
For a Modify, the Script Parameters represent the new parameters required for the change. |
|
Alc-Dyn-Serv-Script- Action |
M6 | M6 | M6 | |
|
Alc-Dyn-Serv-Policy |
O |
O |
O |
Default policy used when not specified for Setup action. Must be same as used for setup if specified for Modify or Teardown. |
|
Alc-Dyn-Serv-Acct- Interim-Ivl-1 |
O |
X7 | X7 | |
|
Alc-Dyn-Serv-Acct- Interim-Ivl-2 |
O |
X7 | X7 | |
|
Alc-Dyn-Serv-Acct- Stats-Type-1 |
O |
X7 | X7 | |
|
Alc-Dyn-Serv-Acct- Stats-Type-2 |
O |
X7 | X7 | |
|
M = Mandatory, O = Optional, X = May Not, N/A = Not Applicable (ignored) |
||||