| Attribute ID | Attribute name | Description |
|---|---|---|
|
1 |
User-Name |
Refers to the PPPoE username |
|
4 |
NAS-IP-Address |
The identifying IP Address of the NAS requesting the Authentication or Accounting. Included when the RADIUS server is reachable using IPv4. The address is determined by the routing instance through which the RADIUS server can be reached: ‟Management” — The active IPv4 address in the Boot Options File (bof address ipv4-address) ‟Base” or ‟VPRN” — The IPv4 address of the system interface (configure router interface system address address). The address can be overwritten with the configured source-address (configure aaa radius-server-policy policy-name servers source-address ip-address). |
|
5 |
NAS-Port |
The physical access-circuit on the NAS which is used for the Authentication or Accounting of the user. The format of this attribute is configurable on the NAS as a fixed 32 bit value or a parameterized 32 bit value. The parameters can be a combination of outer and inner vlan ID, slot number, MDA number, port number, lag-id, pw-id, pxc-id, pxc-subport and fixed bit values (zero or one) but cannot exceed 32 bits. The format can be configured for following applications: configure aaa l2tp-accounting-policy name include-radius-attribute nas-port, configure router l2tp cisco-nas-port, configure service vprn service-id l2tp cisco-nas-port, configure subscriber-mgmt authentication-policy name include-radius-attribute nas-port, configure subscriber-mgmt radius-accounting-policy name include-radius-attribute nas-port. |
|
6 |
Service-Type |
The type of service the PPPoE user has requested, or the type of service to be provided for the PPPoE user. Optional in RADIUS-Accept and CoA. Treated as a session setup failure if different from Framed-User. |
|
31 |
Calling-Station-Id |
Includes the hostname and sap-id. Send when calling-station-id is included in configure aaa l2tp-accounting-policy policy-name include-radius-attribute calling-station-id |
|
32 |
NAS-Identifier |
A string (configure system name system-name) identifying the NAS originating the Authentication or Accounting requests and sent when nas-identifier is included for the corresponding application: configure aaa l2tp-accounting-policy (L2TP accounting). |
|
41 |
Acct-Delay-Time |
Indicates how many seconds the client has been trying to send this accounting record for. This attribute is included with value 0 in all initial accounting messages. Attribute is omitted in accounting using configure subscriber-mgmt radius-accounting-policy name include-radius-attribute no acct-delay-time. |
|
42 |
Acct-Input-Octets |
Tunnel-link and Tunnel level accounting uses the ESM accounting statistics. For Tunnel Link Stop it reports the input bytes for this user over the course of this service being provided. For Tunnel Stop this attribute represent an aggregate of input bytes of all sessions that belong(ed) to this tunnel over the course of this service being provided. Attribute [52] Acct-Output-Gigawords indicates how many times (if greater than zero) the [42] Acct-Input-Octets counter has wrapped around 2^32 in the course of delivering this service. |
|
43 |
Acct-Output-Octets |
Tunnel-link and Tunnel level accounting uses the ESM accounting statistics. For Tunnel Link Stop it reports the output bytes for this user over the course of this service being provided. For Tunnel Stop this attribute represent an aggregate of output bytes of all sessions that belong(ed) to this tunnel over the course of this service being provided. Attribute [53] Acct-Output-Gigawords indicates how many times (if bigger than zero) the [43] Acct-Output-Octets counter has wrapped around 2^32 in the course of delivering this service. |
|
44 |
Acct-Session-Id |
Is a unique generated number and maps for the Tunnel-link stop to the accounting-session-id of the PPPoE session (show service id service id ppp session detail). For Tunnel-stop accounting it is longer and a concatenation of start-time and connection-id with delimiter. The start-time equals to the node uptime reported in Timeticks (nd:hh:mm:ss:ts) and value/6000 gives the uptime in minutes. The connection-id equals {tunnel-id * 65536} and the tunnel-id maps to L2TP AVP 9 Assigned Tunnel Id. |
|
46 |
Acct-Session-Time |
Reports the elapsed time in seconds over the course of this service (L2TP session or L2TP tunnel) being provided. |
|
47 |
Acct-Input-Packets |
Tunnel-link and Tunnel level accounting uses the ESM accounting statistics. For Tunnel Link Stop it reports the input packets for this user over the course of this service being provided. For Tunnel Stop this attribute represent an aggregate of input packets of all sessions that belong/belonged to this tunnel over the course of this service being provided. |
|
48 |
Acct-Output-Packets |
Tunnel-link and Tunnel level accounting uses the ESM accounting statistics. For Tunnel Link Stop it reports the output packets for this user over the course of this service being provided. For Tunnel Stop this attribute represent an aggregate of output packets of all sessions that belong/belonged to this tunnel over the course of this service being provided. |
|
49 |
Acct-Terminate-Cause |
Indicates how the L2TP session or L2TP tunnel was terminated. |
|
52 |
Acct-Input-Gigawords |
Indicates how many times (zero or more) the [42] Acct-Input-Octets counter has wrapped around 2^32 in the course of delivering this service. |
|
53 |
Acct-Output-Gigawords |
Indicates how many times (zero or more) the [43] Acct-Output-Octets counter has wrapped around 2^32 in the course of delivering this service. |
|
55 |
Event-Timestamp |
Record the time that this event occurred on the NAS, in seconds since January 1, 1970 00:00 UTC |
|
61 |
NAS-Port-Type |
The type of the physical port of the NAS which is authenticating the user and value automatically determined from subscriber SAP encapsulation. It can be overruled by configuration. Included only if include-radius-attribute nas-port-type is added per application: configure aaa l2tp-accounting-policy (L2TP accounting). Checked for correctness if returned in CoA. |
|
64 |
Tunnel-Type |
The tunneling protocols to be used (in the case of a tunnel initiator) or the tunneling protocol in use (in the case of a tunnel terminator). This attribute is mandatory on LAC Access-Accept and needs to be L2TP. The same attribute is included on LNS in the Access-Request and Acct-Request if configure subscriber-mgmt authentication-policy | radius-accounting-policy policy name include-radius-attribute tunnel-server-attrs is enabled on LNS. For L2TP Tunnel/Link Accounting this attribute is always included on LAC and LNS. |
|
65 |
Tunnel-Medium-Type |
Which transport medium to use when creating a tunnel for those protocols (such as L2TP) that can operate over multiple transports. This attribute is mandatory on LAC Access-Accept and needs to be IP or IPv4. The same attribute is included on LNS in the Access-Request and Acct-Request if configure subscriber-mgmt authentication-policy|radius-accounting-policy policy name include-radius-attribute tunnel-server-attrs is enabled on LNS. For L2TP Tunnel/Link Accounting this attribute is always included on LAC and LNS. |
|
66 |
Tunnel-Client-Endpoint |
The dotted-decimal IP address of the initiator end of the tunnel. Preconfigured values are used when attribute is omitted (configure router/service vprn service-id l2tp local-address). If omitted in Access Accept on LAC and no local-address configured, then the address is taken from the interface with name system. This attribute is included on LNS in the Access-Request and Acct-Request only if configure subscriber-mgmt authentication-policy|radius-accounting-policy policy name include-radius-attribute tunnel-server-attrs is enabled on LNS. For L2TP Tunnel/Link Accounting this attribute is always included on LAC and LNS as untagged. |
|
67 |
Tunnel-Server-Endpoint |
The dotted-decimal IP address of the server end of the tunnel and is on the LAC the dest-ip for all L2TP packets for that tunnel. |
|
68 |
Acct-Tunnel-Connection |
Indicates the identifier assigned to the tunnel session. For Tunnel start/stop it is a concatenation, without delimiter, of LAC-tunnel-id (4 bytes) and LNS-tunnel-id (4 bytes) were the LAC-tunnel-id maps to the hex value of L2TP AVP 9 AssignedTunnelId from SCCRQ and LNS-tunnel-id maps to the hex value L2TP AVP 9 AssignedTunnelId in SCCRP. Unknown tunnel-ids (Tunnel Reject and Tunnel Link Reject) are reported as 0000 or ffff. For Tunnel Link Start/Stop it maps to the integer Call Serial Number from ICRQ L2TP AVP 15 Call Serial Number. The default format of the attribute can be changed with configure aaa l2tp-accounting-policy policy-name acct-tunnel-connection-fmt ascii-spec. |
|
82 |
Tunnel-Assignment-ID |
Indicates to the tunnel initiator the particular tunnel to which a session is to be assigned. Some tunneling protocols, such as PPTP and L2TP, allow for sessions between the same two tunnel endpoints to be multiplexed over the same tunnel and also for a specific session to use its own dedicated tunnel. |
|
86 |
Acct-Tunnel-Packets-Lost |
Indicates the number of packets dropped and uses the ESM accounting statistics for this. For Tunnel Link Stop it reports an aggregate of the dropped input and output packets for this user over the course of this service being provided. For Tunnel Stop this attribute represent an aggregate of input and output dropped packets of all sessions that belong/belonged to this tunnel over the course of this service being provided. |
|
87 |
NAS-Port-Id |
LAC: a text string identifying the physical access circuit (slot/mda/port/outer-vlan.inner-vlan) of the user that requested the Authentication and, or Accounting. The physical port on LAC can have an optional prefix-string (8 characters maximum) and suffix-string (64 characters maximum) added (configure aaa l2tp-accounting-policy policy-name include-radius-attribute nas-port-id prefix-string string suffix(circuit-id | remote-id)). LNS: a text string identifying the logical access circuit of the user that requested the Authentication or Accounting. This logical access circuit is a fixed concatenation (delimiter number) of routing instance, tunnel-server-endpoint, tunnel-client-endpoint, local-tunnel-id, remote-tunnel-id, local-session-id, remote-session-id and call sequence number. |
|
90 |
Tunnel-Client-Auth-ID |
Used during the authentication phase of tunnel establishment and copied by the LAC in L2TP SCCRQ AVP 7 Host Name. Reported in L2TP Tunnel/Link accounting when length is different from zero. The value with tag 0 is used as default for the tunnels where the value is not specified. Preconfigured values are used when the attribute is omitted (configure router/service vprn service-id l2tp local-name). The Node system-name is copied in AVP Host Name if this attribute is omitted and no local-name is configured. |
|
91 |
Tunnel-Server-Auth-ID |
Used during the authentication phase of tunnel establishment and reported in L2TP Tunnel/Link accounting when length is different from zero. For authentication the value of this attribute is compared with the value of AVP 7 Host Name from the received LNS SCCRP. Authentication from LAC point of view passes if both attributes are the same. This authentication check is not performed if the RADIUS attribute is omitted. |
|
95 |
NAS-IPv6-Address |
The identifying IP address of the NAS requesting the Authentication or Accounting. Included when the RADIUS server is reachable using IPv6. The address is determined by the routing instance through which the RADIUS server can be reached: ‟Management” — The active IPv6 address in the Boot Options File (bof address ipv6-address) ‟Base” or ‟VPRN” — The IPv6 address of the system interface (configure router interface system ipv6 address ipv6-address). The address can be overwritten with the configured ipv6-source-address (configure aaa radius-server-policy policy-name servers ipv6-source-address ipv6-address). |
| Attribute ID | Attribute name | Type | Limits | SR OS format |
|---|---|---|---|---|
|
1 |
User-Name |
string |
253 bytes |
Format depends on authentication method and configuration. For example: User-Name user1@domain1.com |
|
4 |
NAS-IP-Address |
ipaddr |
4 bytes |
# ip-address For example: NAS-IP-Address= 192.0.2.1 |
|
5 |
NAS-Port |
integer |
4 bytes |
nas-port <binary-spec> <binary-spec>=<bit-specification><binary-spec> <bit-specification> = 0 | 1 | <bit-origin> <bit-origin> = *<number-of-bits><origin> <number-of-bits> = [1 to 32] <origin> = s: slot number m: MDA number p: port number, lag-id, pw-id or pxc-id o: outer VLAN ID i: inner VLAN ID c: pxc-subport (a=0, b=1) Only the lower bits of the specified origin are included if the number of bits assigned for that origin is not enough to hold its maximum value. For example, when specifying 10 bits for an outer VLAN ID (*10o), then VLAN 3000 (binary 1011 1011 1000) would be reported as 952 (binary 11 1011 1000) For example : configured nas-port *12o*10i*3s*2m*5p for SAP 2/2/4:221.7 corresponds to 000011011101 0000000111 010 10 00100 NAS-Port = 231742788 |
|
6 |
Service-Type |
integer |
2 (mandatory value) |
PPPoE and PPPoL2TP hosts only For example: Service-Type = Framed-User |
|
31 |
Calling-Station-Id |
string |
253 chars |
For example: Calling-Station-Id = "router-1 1/1/4:1200.10" |
|
32 |
NAS-Identifier |
string |
64 chars |
For example: NAS-Identifier = PE1-Antwerp |
|
41 |
Acct-Delay-Time |
integer |
4294967295 seconds |
For example: # initial accounting start Acct-Delay-Time = 0# no ack and retry after 5 seconds Acct-Delay-Time = 5 |
|
42 |
Acct-Input-Octets |
integer |
4 bytes |
For example: Acct-Input-Octets = 5000 |
|
43 |
Acct-Output-Octets |
integer |
4 bytes |
For example: Acct-Output-Octets = 2000 |
|
44 |
Acct-Session-Id |
string |
[17|22] bytes |
Tunnel number format: <uptime><.><connection-id>Tunnel-link number format: corresponds to PPPoE session ASID (No useful information can be extracted from the string). For example: # for tunnel accountingAcct-Session-Id = 18120579.84213760# for tunnel-link accountingAcct-Session-Id = 241AFF0000029B4FD5C03E |
|
46 |
Acct-Session-Time |
integer |
4 bytes 42949672 seconds |
The attribute value wraps after approximately 497 days For example: Acct-Session-Time = 870 |
|
47 |
Acct-Input-Packets |
integer |
4 bytes 4294967295 packets |
For example: Acct-Input-Packets = 213 |
|
48 |
Acct-Output-Packets |
integer |
4 bytes 4294967295 packets |
For example: Acct-Output-Packets = 214 |
|
49 |
Acct-Terminate-Cause |
integer |
4 bytes |
See also table Acct Terminate Cause 1=User-Request, 2=Lost-Carrier, 9=NAS-Error, 10=NAS-Request, 11=NAS-Reboot, 15=Service-Unavailable For example: Acct-Terminate-Cause = NAS-Request |
|
52 |
Acct-Input-Gigawords |
integer |
4 bytes |
For example: # no overflowAcct-Input-Gigawords = 0 |
|
53 |
Acct-Output-Gigawords |
integer |
4 bytes |
For example: # no overflowAcct-Output-Gigawords = 0 |
|
55 |
Event-Timestamp |
date |
4 bytes |
For example: # Jul 6 2012 17:28:23 CEST is reported as 4FF70417Event-Timestamp = 4FF70417 |
|
61 |
NAS-Port-Type |
integer |
4 bytes Values [0 to 255] |
Values as defined in rfc-2865 and rfc-4603For LNS, the value is set to virtual (5) For example: NAS-Port-Type = PPPoEoQinQ (34) |
|
64 |
Tunnel-Type |
integer |
3 (mandatory value) |
Mandatory 3=L2TP For example: Tunnel-Type = L2TP |
|
65 |
Tunnel-Medium-Type |
integer |
1 (mandatory value) |
Mandatory 1=IP or IPv4 For example: Tunnel-Medium-Type = IP |
|
66 |
Tunnel-Client-Endpoint |
string |
19 or 20 bytes (untagged/tagged) |
<Tag field><dotted-decimal IP address used on LAC as L2TP src-ip> If Tag field is greater than 0x1F, it is interpreted as the first byte of the following string field For example: # untagged Tunnel-Client-Endpoint = 3139382e35312e3130302e31Tunnel-Client-Endpoint = 198.51.100.1# tagged 0 Tunnel-Client-Endpoint = 003139382e35312e3130302e31Tunnel-Client-Endpoint:0 = 198.51.100.1# tagged 1 Tunnel-Client-Endpoint = 013139382e35312e3130302e31Tunnel-Client-Endpoint:1 = 198.51.100.1 |
|
67 |
Tunnel-Server-Endpoint |
string |
19 or 20 bytes (untagged/tagged) |
<Tag field><dotted-decimal IP address used on LAC as L2TP dst-ip> If Tag field is greater than 0x1F, it is interpreted as the first byte of the following string field For example: # tagged 1 Tunnel-Server-Endpoint = 013230332e302e3131332e31Tunnel-Server-Endpoint:1 = 203.0.113.1 |
|
68 |
Acct-Tunnel-Connection |
string |
[4|8] bytes |
Default format: tunnel-start/stop : 8 Byte value representing the lac + lns tunnel-id converted in hexadecimallink-start/stop: maps to the AVP 15 call Serial Number from ICRQ (32 bit) Configured format: (if the resulting string is longer than 253 characters, it is truncated) acct-tunnel-connection-fmt ascii-spec <ascii-spec> : <char-specification> <ascii-spec> <char-specification> : <ascii-char>|<char-origin> <ascii-char> : a printable ASCII character <char-origin> : %<origin> <origin> : n | s | S | t | T | c | C n - Call Serial Number s | S - Local (s) or Remote (S) Session Id t | T - Local (t) or Remote (T) Tunnel Id c | C - Local (c) or Remote (C) Connection Id |
|
82 |
Tunnel-Assignment-ID |
string |
32 chars |
For example: Tunnel-Assignment-ID = Tunnel-1 |
|
86 |
Acct-Tunnel-Packets-Lost |
integer |
4 bytes |
Sum of all dropped packets on ingress and egress. For example: Acct-Tunnel-Packets-Lost = 748 |
|
87 |
NAS-Port-Id |
string |
no limits |
See [87] NAS-Port-Id attribute details for a detailed description of the attribute format. For example: LAC: 1/1/4:120.10 LNS: rtr-2#lip- 3.3.3.3#rip-1.1.1.1#ltid-11381#rtid-1285#lsid- 30067#rsid-19151#347 |
|
90 |
Tunnel-Client-Auth-ID |
string |
64 chars |
For example: Tunnel-Client-Auth-Id:0 = LAC-Antwerp-1 |
|
91 |
Tunnel-Server-Auth-ID |
string |
64 chars |
For example: Tunnel-Server-Auth-ID:0 = LNS-Antwerp-1 |
|
95 |
NAS-IPv6-Address |
ipv6addr |
16 bytes |
# ipv6-address For example: NAS-IPv6-Address = 2001:db8::1 |
| Attribute ID | Attribute name | Acct tunnel-start | Acct tunnel-stop | Acct tunnel-reject | Acct tunnel-link-start | Acct tunnel-link-stop | Acct tunnel-link-reject |
|---|---|---|---|---|---|---|---|
|
1 |
User-Name |
0 |
0 |
0 |
1 |
1 |
1 |
|
4 |
NAS-IP-Address |
0-1 |
0-1 |
0-1 |
0-1 |
0-1 |
0-1 |
|
5 |
NAS-Port |
0 |
0 |
0 |
0-1 |
0-1 |
0-1 |
|
6 |
Service-Type |
0 |
0 |
0 |
1 |
1 |
1 |
|
31 |
Calling-Station-Id |
0-1 |
0-1 |
0-1 |
0-1 |
0-1 |
0-1 |
|
32 |
NAS-Identifier |
0-1 |
0-1 |
0-1 |
0-1 |
0-1 |
0-1 |
|
41 |
Acct-Delay-Time |
1 |
1 |
1 |
1 |
1 |
1 |
|
42 |
Acct-Input-Octets |
0 |
1 |
0 |
0 |
1 |
0 |
|
43 |
Acct-Output-Octets |
0 |
1 |
0 |
0 |
1 |
0 |
|
44 |
Acct-Session-Id |
1 |
1 |
1 |
1 |
1 |
1 |
|
46 |
Acct-Session-Time |
0 |
1 |
0 |
0 |
1 |
0 |
|
47 |
Acct-Input-Packets |
0 |
1 |
0 |
0 |
1 |
0 |
|
48 |
Acct-Output-Packets |
0 |
1 |
0 |
0 |
1 |
0 |
|
49 |
Acct-Terminate-Cause |
0 |
1 |
1 |
0 |
1 |
1 |
|
52 |
Acct-Input-Gigawords |
0 |
0-1 |
0 |
0 |
0-1 |
0 |
|
53 |
Acct-Output-Gigawords |
0 |
0-1 |
0 |
0 |
0-1 |
0 |
|
55 |
Event-Timestamp |
1 |
1 |
1 |
1 |
1 |
1 |
|
61 |
NAS-Port-Type |
0 |
0 |
0 |
0-1 |
0-1 |
0-1 |
|
64 |
Tunnel-Type |
1 |
1 |
1 |
1 |
1 |
1 |
|
65 |
Tunnel-Medium-Type |
1 |
1 |
1 |
1 |
1 |
1 |
|
66 |
Tunnel-Client-Endpoint |
1 |
1 |
1 |
1 |
1 |
1 |
|
67 |
Tunnel-Server-Endpoint |
1 |
1 |
1 |
1 |
1 |
1 |
|
68 |
Acct-Tunnel-Connection |
1 |
1 |
1 |
1 |
1 |
0 |
|
82 |
Tunnel-Assignment-ID |
1 |
1 |
1 |
1 |
1 |
1 |
|
86 |
Acct-Tunnel-Packets-Lost |
0 |
1 |
0 |
0 |
1 |
0 |
|
87 |
NAS-Port-Id |
0 |
0 |
0 |
0-1 |
0-1 |
0-1 |
|
90 |
Tunnel-Client-Auth-ID |
1 |
1 |
1 |
1 |
1 |
1 |
|
91 |
Tunnel-Server-Auth-ID |
1 |
1 |
0 |
1 |
1 |
1 |
|
95 |
NAS-IPv6-Address |
0-1 |
0-1 |
0-1 |
0-1 |
0-1 |
0-1 |