This section provides details for the RADIUS attributes used in IPsec accounting.
| Attribute ID | Attribute name | Description |
|---|---|---|
|
1 |
User-Name |
For IKEv1 remote-access tunnel, this represents the xauth username. For IKEv2 remote-access tunnel, this represents the identity of the peer; the value of User-Name is the received IDi in IKEv2 message. |
|
4 |
NAS-IP-Address |
The identifying IP Address of the NAS requesting the Accounting. The attribute can be included or excluded with configure ipsec radius-accounting-policy name include-radius-attribute nas-ip-addr. |
|
8 |
Framed-IP- Address |
The IPv4 address to be assigned to IKEv1 or IKEv2 remote-access tunnel client using configuration payload: INTERNAL_IP4_ADDRESS. This attribute is reflected in RADIUS accounting request packet for IKEv2 tunnel. The attribute can be included or excluded with configure ipsec radius-accounting-policy name include-radius-attribute framed-ip-addr. |
|
30 |
Called-Station-Id |
The local gateway address of IKEv2 remote-access tunnel. The attribute can be included or excluded with configure ipsec radius-accounting-policy name include-radius-attribute called-station-id. |
|
31 |
Calling-Station-Id |
The peer's address and port of IKEv2 remote-access tunnel. The attribute can be included or excluded with configure ipsec radius-accounting-policy name include-radius-attribute calling-station-id. |
|
32 |
NAS-Identifier |
A string (configure system name system-name) identifying the NAS originating the Accounting requests. The attribute can be included or excluded with configure ipsec radius-accounting-policy name include-radius-attribute nas-identifier. |
|
44 |
Acct-Session-Id |
A unique identifier representing an IKEv2 remote-access tunnel session that is authenticated. Same Acct-Session-Id is included in both access- request and accounting-request. |
|
46 |
Acct-Session-Time |
This attribute represents the tunnel's lifetime in seconds. It is included in an Accounting-Stop packet. |
|
87 |
Nas-Port-Id |
The public SAP ID of IKEv2 remote-access tunnel. The attribute can be included or excluded with configure ipsec radius-accounting-policy name include-radius-attribute nas-port-id. |
|
97 |
Framed-IPv6-Prefix |
The IPv6 address to be assigned to IKEv2 remote-access tunnel client using IKEv2 configuration payload: INTERNAL_IP6_ADDRESS. The prefix and prefix-length of Framed-IPv6-Prefix are conveyed in the corresponding part of INTERNAL_IP6_ADDRESS. The attribute can be included or excluded with configure ipsec radius-accounting-policy name include-radius-attribute framed-ipv6-prefix. |
|
241.26.6527.41 |
Alc-Acct-IPsec-Bidir-Kibibytes |
(IKEv2 RA tunnel only) The number of kilobytes of bidirectional (encryption + decryption) traffic passed over the IPsec tunnel. The attribute can be included or excluded with configure ipsec radius-accounting-policy name include-radius-attribute acct-stats. |
|
241.26.6527.42 |
Alc-Acct-IPsec-Encrypted-Kibibytes |
(IKEv2 RA tunnel only) The number of kilobytes of encrypted traffic passed over the IPsec tunnel. The attribute can be included or excluded with configure ipsec radius-accounting-policy name include-radius-attribute acct-stats. |
|
241.26.6527.43 |
Alc-Acct-IPsec-Decrypted-Kibibytes |
(IKEv2 RA tunnel only) The number of kilobytes of decrypted traffic passed over the IPsec tunnel. The attribute can be included or excluded with configure ipsec radius-accounting-policy name include-radius-attribute acct-stats. |
|
241.26.6527.44 |
Alc-Acct-IPsec-Bidir-Packets |
(IKEv2 RA tunnel only) The number of packets of bidirectional (encryption + decryption) passed over the IPsec tunnel. The attribute can be included or excluded with configure ipsec radius-accounting-policy name include-radius-attribute acct-stats. |
|
241.26.6527.45 |
Alc-Acct-IPsec-Encrypted-Packets |
(IKEv2 RA tunnel only) The number of encrypted packets passed over the IPsec tunnel. The attribute can be included or excluded with configure ipsec radius-accounting-policy name include-radius-attribute acct-stats. |
|
241.26.6527.46 |
Alc-Acct-IPsec-Decrypted-Packets |
(IKEv2 RA tunnel only) The number of decrypted packets passed over the IPsec tunnel. The attribute can be included or excluded with configure ipsec radius-accounting-policy name include-radius-attribute acct-stats. |
| Attribute ID | Attribute name | Type | Limits | SR OS format |
|---|---|---|---|---|
|
1 |
User-Name |
string |
253 bytes |
Format depends on IDi format. For example: User-Name = "user1@domain1.com" |
|
4 |
NAS-IP-Address |
ipaddr |
4 bytes |
For example: NAS-IP-Address=192.0.2.1 |
|
8 |
Framed-IP-Address |
ipaddr |
4 bytes |
For example: Framed-IP-Address = 192.168.10.100 |
|
30 |
Called-Station-Id |
string |
253 bytes |
local gateway address of IKEv2 remote-access tunnel For example: Called-Station-Id = "172.16.100.1" |
|
31 |
Calling-Station-Id |
string |
253 bytes |
peer-address:port For example: Calling-Station-Id = "192.168.5.100:500" |
|
32 |
NAS-Identifier |
string |
64 char |
For example: NAS-Identifier = "pe1" |
|
44 |
Acct-Session-Id |
string |
147 bytes |
local_gw_ip-remote_ip:remote_port-time_stamp For example: Acct-Session-Id = 172.16.100.1-192.168.5.100:500-1365016423 |
|
46 |
Acct-Session-Time |
integer |
4 bytes 4294967295 seconds |
For example: Acct-Session-Time = 870 |
|
87 |
Nas-Port-Id |
string |
44 bytes |
For example: Nas-Port-Id = "tunnel-1.public:100" |
|
97 |
Framed-IPv6-Prefix |
ipv6prefix |
max. 16 bytes for prefix + 1 byte for length |
For example: Framed-IPv6-Prefix = 2001:DB8:CAFE:1::100/128 |
|
241.26.6527.41 |
Alc-Acct-IPsec-Bidir- Kibibytes |
integer64 |
8 bytes |
For example: Alc-Acct-IPsec-Bidir-Kibibytes = 2000 |
|
241.26.6527.42 |
Alc-Acct-IPsec- Encrypted-Kibibytes |
integer64 |
8 bytes |
For example: Alc-Acct-IPsec-Encrypted-Kibibytes = 1000 |
|
241.26.6527.43 |
Alc-Acct-IPsec- Decrypted-Kibibytes |
integer64 |
8 bytes |
For example: Alc-Acct-IPsec-Decrypted-Kibibytes = 1000 |
|
241.26.6527.44 |
Alc-Acct-IPsec-Bidir- Packets |
integer64 |
8 bytes |
For example: Alc-Acct-IPsec-Bidir-Packets = 1000 |
|
241.26.6527.45 |
Alc-Acct-IPsec- Encrypted-Packets |
integer64 |
8 bytes |
For example: Alc-Acct-IPsec-Encrypted-Packets = 500 |
|
241.26.6527.46 |
Alc-Acct-IPsec- Decrypted-Packets |
integer64 |
8 bytes |
For example: Alc-Acct-IPsec-Decrypted-Packets = 500 |
| Attribute ID | Attribute name | Acct start | Acct stop | Acct interim-update |
|---|---|---|---|---|
|
1 |
User-Name |
1 |
1 |
1 |
|
4 |
NAS-IP-Address |
0-1 |
0-1 |
0-1 |
|
8 |
Framed-IP- Address |
0-1 |
0-1 |
0-1 |
|
30 |
Called-Station-Id |
0-1 |
0-1 |
0-1 |
|
31 |
Calling-Station-Id |
0-1 |
0-1 |
0-1 |
|
32 |
NAS-Identifier |
0-1 |
0-1 |
0-1 |
|
44 |
Acct-Session-Id |
1 |
1 |
1 |
|
46 |
Acct-Session-Time |
0 |
1 |
1 |
|
87 |
Nas-Port-Id |
0-1 |
0-1 |
0-1 |
|
97 |
Framed-IPv6-Prefix |
0-1 |
0-1 |
0-1 |
|
241.26.6527.41 |
Alc-Acct-IPsec-Bidir-Kibibytes |
0 |
0-1 |
0-1 |
|
241.26.6527.42 |
Alc-Acct-IPsec-Encrypted-Kibibytes |
0 |
0-1 |
0-1 |
|
241.26.6527.43 |
Alc-Acct-IPsec-Decrypted-Kibibytes |
0 |
0-1 |
0-1 |
|
241.26.6527.44 |
Alc-Acct-IPsec-Bidir-Packets |
0 |
0-1 |
0-1 |
|
241.26.6527.45 |
Alc-Acct-IPsec-Encrypted-Packets |
0 |
0-1 |
0-1 |
|
241.26.6527.46 |
Alc-Acct-IPsec-Decrypted-Packets |
0 |
0-1 |
0-1 |