Attributes related to subscriber-host configuration included in RADIUS authentication request and response.
| Attribute ID | Attribute name | Description |
|---|---|---|
|
1 |
User-Name |
Refers to the user to be authenticated in the Access-Request. The format for IPoE/PPPoE hosts depends on configuration parameters pppoe-access-method, ppp-user-name or user-name-format in the CLI context configure subscriber-mgmt authentication-policy name. The format for ARP-hosts is not configurable and always the host IPv4-address. The format for S11 GTP Sessions is based on the PAP username signaled in the Protocol Configuration Options (PCO) in the GTP Create Session Request message, if no PAP username is present the username is based on the gtp-user-name configuration under configure subscriber-mgmt authentication-policy name. The RADIUS User-Name specified in an Access-Accept or CoA is reflected in the corresponding accounting messages. The attribute is included in accounting using configure subscriber-mgmt radius-accounting-policy name include-radius-attribute user-name. |
|
2 |
User-Password |
The password of the user to be authenticated, or the user's input following an Access-Challenge. For PPPoE users it indirectly maps to the password provided by a PPPoE PAP user in response to the PAP Authenticate-Request. For IPoE/ARP hosts it indirectly maps to a preconfigured password (configure subscriber-mgmt authentication-policy name password password or configure aaa isa-radius-policy name password password). |
|
3 |
CHAP-Password |
Provided by a PPPoE CHAP user in response to the CHAP challenge. The CHAP challenge sent by the NAS to a PPPoE CHAP user is part of the CHAP authentication sequence RFC 1994, PPP Challenge Handshake Authentication Protocol (CHAP), (Challenge, Response, Success, Failure). The user generated CHAP password length is equal to the defined Limits and contains a one byte CHAP-Identifier from the user's CHAP Response followed by the CHAP Response from the user. |
|
4 |
NAS-IP-Address |
The identifying IP Address of the NAS requesting the Authentication or Accounting. Included when the RADIUS server is reachable using IPv4. The address is determined by the routing instance through which the RADIUS server can be reached: ‟Management” — the active IPv4 address in the Boot Options File (bof address ipv4-address) ‟Base” or ‟VPRN” — the IPv4 address of the system interface (configure router interface system address address) The address can be overwritten with the configured source-address (configure aaa radius-server-policy policy-name servers source-address ip-address). |
|
5 |
NAS-Port |
The physical access-circuit on the NAS which is used for the Authentication or Accounting of the user. The format of this attribute is configurable on the NAS as a fixed 32 bit value or a parameterized 32 bit value. The parameters can be a combination of outer and inner vlan ID, slot number, MDA number, port number, lag-id, pw-id, pxc-id, pxc-subport and fixed bit values (zero or one) but cannot exceed 32 bits. The format can be configured for following applications: configure aaa l2tp-accounting-policy name include-radius-attribute nas-port, configure router l2tp cisco-nas-port, configure service vprn service-id l2tp cisco-nas-port, configure subscriber-mgmt authentication-policy name include-radius-attribute nas-port, configure subscriber-mgmt radius-accounting-policy name include-radius-attribute nas-port. |
|
6 |
Service-Type |
The type of service the PPPoE user has requested, or the type of service to be provided for the PPPoE user. Optional in RADIUS-Accept and CoA. Treated as a session setup failure if different from Framed-User. |
|
7 |
Framed-Protocol |
The framing to be used for framed access in case of PPPoE users. Optional in RADIUS-Accept and CoA. Treated as a session setup failure if different from PPP. |
|
8 |
Framed-IP-Address |
The IPv4 address to be configured for the host using DHCPv4 (RADIUS proxy), IPCP (PPPoE), or data-triggered subscriber management. [8] Framed-IP-Address attribute with value different from 255.255.255.254 has precedence over [88] Framed-Pool when both are present in RADIUS Access-Accept. [8] Framed-IP-Address with value 255.255.255.254 is ignored in RADIUS Access-Accept (the NAS should select an address for the user). Attribute is also used in CoA and Disconnect messages (part of the ESM or AA user identification key). |
|
9 |
Framed-IP-Netmask |
The IP netmask to be configured for the user when the user is a router to a network. For DHCPv4 users, the attribute maps to DHCPv4 option [1] Subnet mask and is mandatory if [8] Framed-IP-Address is also returned. For PPPoE residential access, the attribute should be set to 255.255.255.255 (also the default value if the attribute is omitted). For PPPoE business access, the attribute maps to PPPoE IPCP option [144] Subnet-Mask only when the user requests this option and if the node parameter configure subscriber-mgmt ppp-policy ppp-policy-name ipcp-subnet-negotiation is set. |
|
18 |
Reply-Message |
Text that may be displayed to the user by a PPPoE client as a success, failure or dialog message. It is mapped to the message field from the PAP/CHAP authentication replies to the user. Omitting this attribute results in standard reply messages: login ok and login incorrect for PAP, CHAP authentication success and CHAP authentication failure for CHAP. String length greater than the defined Limits are accepted but truncated at this boundary. |
|
22 |
Framed-Route |
Routing information (IPv4 managed route) to be configured on the NAS for a host (DHCP, PPPoE, ARP, or data-triggered) that operates as a router without NAT (routed subscriber host). The route included in the Framed-Route attribute is accepted as a managed route only if its next-hop points to the hosts ip-address, if the next-hop address equals 0.0.0.0, or if the included route is a valid classful network, in which case the subnet-mask is omitted. If neither is applicable, this specific framed-route attribute is ignored and the host is instantiated without this specific managed route installed. A Framed-Route attribute is also ignored if the SAP does not have anti-spoof configured to nh-mac (the host is installed as a standalone host without a managed route). Any routes above the configured Limits are silently ignored. Optionally, a metric, tag or protocol preference can be specified for the managed route. If the metrics are not specified, specified in a wrong format, or specified with out-of-range values, then the default values are used for all metrics: metric=0, no tag and preference=0. If an identical managed route is associated with different routed subscriber hosts in the context of the same IES/VPRN service up to max-ecmp-routes managed routes are installed in the routing table (configured as ecmp max-ecmp-routes in the routing instance). Candidate ECMP Framed-Routes have identical prefix, equal lowest preference and equal lowest metric. The ‟lowest ip next-hop” is the tie breaker if more candidate ECMP Framed-Routes are available than the configured max-ecmp-routes. Other identical managed routes are shadowed (not installed in the routing table) and an event is logged. An alternative to RADIUS managed routes are managed routes using host dynamic BGP peering. Valid RADIUS learned managed routes can be included in RADIUS accounting messages with following configuration: configure subscriber-mgmt radius-accounting-policy name include-radius-attribute framed-route. Associated managed routes for an instantiated routed subscriber host are included in RADIUS accounting messages independent of the state of the managed route (Installed, Shadowed or HostInactive). |
|
25 |
Class |
Attribute sent by the RADIUS server to the NAS in an Access-Accept or CoA and is sent unmodified by the NAS to the Accounting server as part of the Accounting-Request packet. Strings with a length longer than the defined Limits are accepted but truncated to this boundary. |
|
27 |
Session-Timeout |
Sets the maximum number of seconds of service provided to the user (IPoEv4 host, PPPoE or IPoE session) before termination of the session. The attribute equals [26.6527.160] Alc-Relative-Session-Timeout when received in Access-Accept because the current session time portion is then equal to zero. Value zero sets the session-timeout to infinite (no session-timeout). The attribute is CoA NAK'd if its value is smaller than the current-session time. Simultaneous received [27] Session-Timeout and [26.6527.160] Alc-Relative-Session-Timeout are treated as an error condition (setup failure if received using Access-Accept and NAK’d if received using CoA). With IPoE session disabled for IPoEv4 radius proxy and CoA create-host scenarios, [27] Session-Timeout is interpreted as lease-time instead of session-time if [26.6527.174] Alc-Lease-Time is omitted. For WLAN-GW group interfaces, the interpretation of the Session-Timeout attribute is configured with: configure service ies | vprn service-id subscriber-interface ip-int-name group-interface ip-int-name wlangw ipoe-session radius-session-timeout {backwards-compatible | ignore | absolute}. |
|
28 |
Idle-Timeout |
Sets the maximum number of consecutive seconds of idle connection allowed to the user before termination of the session (IPoE/PPPoE) or a connectivity check is triggered (IPoE). Values outside the allowed Limits are accepted but rounded to these boundaries. A value of zero is treated as an infinite idle-timeout. The idle-timeout handling on the node is implemented using category-maps (configure subscriber-mgmt category-map category-map-name and configure subscriber-mgmt sla-profile sla-profile-name category-map category-map-name). |
|
30 |
Called-Station-Id |
Allows the NAS to send in either an Access Request, an Accounting Request or both types of request information with respect to the user called. Attribute is omitted in authentication/accounting using: configure subscriber-mgmt authentication-policy/radius-accounting-policy name include-radius-attribute no called-station-id. Supported applications:
|
|
31 |
Calling-Station-Id |
Allows the NAS to send unique information identifying the user who requested the service. This format is driven by configuration (configure subscriber-mgmt authentication-policy/radius-accounting-policy name include-radius-attribute calling-station-id <llid | mac | remote-id | sap-id | sap-string>). The LLID (logical link identifier) is the mapping from a physical to logical identification of a subscriber line and supplied by a RADIUS llid-server. The sap-string maps to configure service ies | vprn service-id subscriber-interface ip-int-name group-interface ip-int-name sap sap-id calling-station-id sap-string. A [31] Calling-Station-Id attribute value longer than the allowed maximum is treated as a setup failure. The attribute is omitted in authentication/accounting using configure subscriber-mgmt authentication-policy/radius-accounting-policy name include-radius-attribute no calling-station-id. |
|
32 |
NAS-Identifier |
A string (configure system name system-name) identifying the NAS originating the Authentication or Accounting requests and sent when nas-identifier is included for the corresponding application: include-radius-attribute nas-identifier in configure subscriber-mgmt authentication-policy (ESM authentication), configure subscriber-mgmt radius-accounting-policy (ESM accounting), configure aaa isa-radius-policy (LSN accounting, WLAN-GW) and configure aaa l2tp-accounting-policy (L2TP accounting). |
|
44 |
Acct-Session-Id |
A unique identifier that represents the subscriber host or session that is authenticated. This attribute can be used as CoA or Disconnect Message key to target the host or session and is reflected in the accounting messages for this host or session. The attribute is included or excluded based on configure subscriber-mgmt authentication-policy name include-radius-attribute acct-session-id [host | session]. For PPPoE, either the host acct-session-id (default) or the session acct-session-id is included. |
|
60 |
CHAP-Challenge |
The CHAP challenge sent by the NAS to a PPPoE CHAP user as part of the chap authentication sequence RFC 1994 (Challenge, Response, Success, Failure). The generated challenge length for each new pppoe session is by default a random value from 32 to 64 bytes unless configured different under configure subscriber-mgmt ppp-policy ppp-policy-name ppp-chap-challenge-length [8 to 64] or configure service vprn service-id | router l2tp group tunnel-group-name ppp chap-challenge-length [8 to 64] for LNS (the command can also be specified at the tunnel level). The CHAP challenge value is copied into the request-authenticator field of the RADIUS Access-Request message if the minimum and maximum value is configured at exact 16 (RFC 2865, Remote Authentication Dial In User Service (RADIUS), section 2.2, Interoperation with PAP and CHAP). Attribute CHAP-Password is provided by a PPPoE CHAP user in response to the [60] CHAP-challenge. |
|
61 |
NAS-Port-Type |
The type of the physical port of the NAS which is authenticating the user and value automatically determined from subscriber SAP encapsulation. It can be overruled by configuration. Included only if include-radius-attribute nas-port-type is added per application: configure subscriber-mgmt authentication-policy (ESM authentication), configure subscriber-mgmt radius-accounting-policy (ESM accounting), configure aaa isa-radius-policy (LSN accounting, WLAN-GW) and configure aaa l2tp-accounting-policy (L2TP accounting). Checked for correctness if returned in CoA. The NAS-Port-Type attribute is always included when the Nas-Port-Id is also included. |
|
85 |
Acct-Interim-Interval |
The interval, in seconds, at which Acct-Interim-Update messages should be generated for the first RADIUS Accounting Policy in the subscriber profile. Overrides the local configured update-interval value in the RADIUS accounting policy. This only takes effect if interim-updates are enabled for one of the accounting modes in the RADIUS Accounting Policy. An attribute value of 0 disables the generation of Acct-Interim-Update messages. Attribute [85] Acct-Interim-Interval takes precedence over [26.6527.232] Alc-Acct-Interim-IvI with tag 1 when both are included. Attribute values outside the allowed limits are accepted but are rounded to the minimum or maximum limit. |
|
87 |
NAS-Port-Id |
A text string which identifies the physical/logical port of the NAS which is authenticating the user or reported for accounting or both. Attribute is also used in CoA and Disconnect Message (part of the user identification-key). See [87] NAS-Port-Id attribute details for a detailed description of the attribute format. The NAS-Port-Id can have an optional prefix-string (max 8 chars) and suffix-string (max 64 chars) added for Authentication and Accounting (configure subscriber-mgmt radius-accounting-policy | authentication-policy name include-radius-attribute nas-port-id [prefix-string string] [suffix circuit-id | remote-id]). Included only if include-radius-attribute nas-port-id is added per application: configure subscriber-mgmt authentication-policy (ESM authentication), configure subscriber-mgmt radius-accounting-policy (ESM accounting), configure aaa isa-radius-policy (LSN accounting, WLAN-GW) and configure aaa l2tp-accounting-policy (L2TP accounting). For a capture-sap, the nas-port-id attribute is always included in authentication requests. |
|
88 |
Framed-Pool |
The name of one address pool or the name of a primary and secondary address pool separated with a one character configurable delimiter (configure router/service vprn service-id dhcp local-dhcp-server server-name use-pool-from-client delimiter delimiter) that should be used to assign an address for the user and maps to either: 1) dhcpv4 option [82] vendor-specific-option [9] sub-option [13] dhcpPool if option is enabled on the node (configure service ies/vprn service-id subscriber-interface ip-int-name group-interface ip-int-name dhcp option vendor-specific-option pool-name) or 2) used directly as pool-name in the local configured dhcp server when local-address-assignment is used and client-application is ppp-v4 (configure service ies/vprn service-id subscriber-interface ip-int-name group-interface ip-int-name local-address-assignment). Alternative to [26.2352.36] Ip-Address-Pool-Name and [26.4874.2] ERX-Address-Pool-Name. Framed-Pool names longer than the allowed maximum are treated as host setup failures. [8] Framed-IP-Address attribute with value different from 255.255.255.254 has precedence over [88] Framed-Pool when both are present in RADIUS Access-Accept. |
|
95 |
NAS-IPv6-Address |
The identifying IP Address of the NAS requesting the Authentication or Accounting. Included when the RADIUS server is reachable using IPv6. The address is determined by the routing instance through which the RADIUS server can be reached: ‟Management” — The active IPv6 address in the Boot Options File (bof address ipv6-address). ‟Base” or ‟VPRN” — The IPv6 address of the system interface (configure router interface system ipv6 address ipv6-address). The address can be overwritten with the configured ipv6-source-address (configure aaa radius-server-policy policy-name servers ipv6-source-address ipv6-address). |
|
97 |
Framed-IPv6-Prefix |
The IPv6 prefix or prefix length to be configured using SLAAC (Router Advertisement) to the WAN side of the user. Any non /64 prefix-length for SLAAC host creation is treated as a session setup failure for this host. This attribute is an alternative to [100] Framed-IPv6-Pool and [26.6527.99] Alc-IPv6-Address, which assigns IPv6 addressing to the wan-side of a host using DHCPv6 IA-NA. Attribute is also used in CoA and Disconnect Message (part of the ESM or AA user identification-key). Attribute is omitted in accounting using configure subscriber-mgmt radius-accounting-policy name include-radius-attribute no framed-ipv6-prefix. |
|
99 |
Framed-IPv6-Route |
Routing information (IPv6 managed route) that is configured on the NAS for an IPv6 WAN host (IPoE or PPPoE) that operates as a router. The functionality is comparable with offering multiple PD prefixes for a single host. The route included in the Framed-IPv6-Route attribute is accepted as a managed route only if its next hop is a WAN host (DHCPv6 IA-NA, SLAAC, or /128 data-triggered). Therefore, Framed-IPv6-Routes with an explicitly configured gateway prefix of a pd-host (DHCPv6 IA-PD) are not be installed. A Framed-Route attribute is also ignored if the SAP does not have anti-spoof configured to nh-mac (the host is installed as a standalone host without managed route). Any routes above the configured limits are silently ignored. Optionally, a metric, tag, or protocol preference can be specified for the managed route. If the metrics are not specified, specified in a wrong format, or specified with out-of-range values, then the following default values are used for all metrics: metric=0, no tag, and preference=0. If an identical managed route is associated with different routed subscriber hosts in the context of the same IES or VPRN service, up to max-ecmp-routes managed routes are installed in the routing table (configured as ecmp max-ecmp-routes in the routing instance). Candidate ECMP Framed-IPv6-Routes have an identical prefix, equal lowest preference, and equal lowest metric. The lowest IP next hop is the tie breaker if more candidate ECMP Framed-IPv6-Routes are available than the configured max-ecmp-routes. Other identical managed routes are shadowed (not installed in the routing table) and an event is logged. Valid RADIUS-learned managed routes can be included in RADIUS accounting messages with the following configuration: configure subscriber-mgmt radius-accounting-policy name include-radius-attribute framed-ipv6-route. Associated managed routes for an instantiated routed subscriber host are included in RADIUS accounting messages independent of the state of the managed route (Installed, Shadowed or HostInactive). |
|
100 |
Framed-IPv6-Pool |
The name of an assigned pool that should be used to assign an IPv6 address using DHCPv6 (IA-NA) to the WAN side of the user (IPoE, PPPoE). Maps to DHCPv6 vendor-option [17], sub-option [1] wan-pool. Framed-IPv6-Pool names longer than the allowed maximum are treated as host setup failures. This attribute is an alternative to [97] Framed-IPv6-Prefix and [26.6527.99] Alc-IPv6-Address, that also assigns IPv6 addressing to the WAN side of a host using SLAAC or DHCPv6 IA-NA. |
|
101 |
Error-Cause |
The Error-Cause Attribute provides more detail on the cause of the problem if the NAS cannot honor Disconnect-Request or CoA-Request messages for some reason. It may be included within Disconnect-ACK, Disconnect-NAK and CoA-NAK messages. The Error-Causes are divided in 5 blocks. Range [400-499] is used for fatal errors committed by the RADIUS server. Range [500-599] is used for fatal errors occurring on a NAS or RADIUS proxy. Ranges [000-199 reserved], [300-399 reserved] and [200-299 used for successful completion in disconnect-ack/coa-ack] are not implemented. |
|
123 |
Delegated-IPv6-Prefix |
The attribute that carries the prefix (IPv6 prefix or prefix length) to be delegated using DHCPv6 (IA-PD) for the LAN side of the user (IPoE, PPPoE). Maps to DHCPv6 option IA-PD [25] sub-option IA-Prefix [26] Prefix. An exact Delegated-prefix-Length [DPL] match with configure service ies | vprn service-id subscriber-interface ip-int-name ipv6 delegated-prefix-length [48 to 64] is required with the received attribute prefix-length unless a variable DPL is configured (configure service ies | vprn service-id subscriber-interface ip-int-name ipv6 delegated-prefix-length variable). In the latter case, multiple hosts for the same group-interface having different prefix-length [48 to 64] per host are supported. Simultaneous returned attributes [123] Delegated-IPv6-Prefix and [26.6527.131] Alc-Delegated-IPv6-Pool are handled as host setup failures. Attribute is also used in CoA and Disconnect Message (part of the ESM or AA user identification-key). This attribute is omitted in accounting using configure subscriber-mgmt radius-accounting-policy name include-radius-attribute no delegated-ipv6-prefix. For data-triggered subscriber host authentication, an Access-Accept message can include this attribute to specify the prefix to create an IPv6 prefix host. |
|
26.2352.1 |
Client-DNS-Pri |
The IPv4 address of the primary DNS server for this subscriber’s connection and maps to PPPoE IPCP option 129 Primary DNS Server address or DHCPv4 option 6 Domain Server. This attribute is an alternative for 26.4874.4 ERX-Primary-Dns or 26.6527.9 Alc-Primary-Dns. |
|
26.2352.2 |
Client-DNS-Sec |
A IPv4 address of the secondary DNS server for this subscriber’s connection and maps to 'PPPoE IPCP option 131 Secondary DNS Server address or DHCPv4 option 6 Domain Server. This attribute is an alternative for 26.4874.5 ERX-Secondary-Dns or 26.6527.10 Alc-Secondary-Dns. |
|
26.2352.36 |
Ip-Address-Pool-Name |
The name of an assigned address pool that should be used to assign an address for the user and maps to DHCPv4 option [82] vendor-specific-option [9] sub-option [13] dhcpPool if option is enabled on the node (configure service ies | vprn service-id subscriber-interface ip-int-name group-interface ip-int-name dhcp option vendor-specific-option pool-name). Alternative to [88] Pool-Name and [26.4874.2] ERX-Address-Pool-Name. Pool names longer than the allowed maximum are treated as host setup failures. [8] Framed-IP-Address attribute with value different from 255.255.255.254 has precedence over [26.2352.36] Ip-Address-Pool-Name when both are present in RADIUS Access-Accept. |
|
26.2352.99 |
RB-Client-NBNS-Pri |
The IPv4 address of the primary NetBios Name Server (NBNS) for this subscriber’s connection and maps to PPPoE IPCP option 130 Primary NBMS Server address or DHCPv4 option44 NETBIOS name server. This attribute is an alternative for 26.4874.6 ERX-Primary-Wins or 26.6527.29 Alc-Primary-Nbns. |
|
26.2352.100 |
RB-Client-NBNS-Sec |
The IPv4 address of the secondary NetBios Name Server (NBNS) for this subscriber’s connection and maps to PPPoE IPCP option 132 Secondary NBMS Server address or DHCPv4 option44 NETBIOS name server. This attribute is an alternative for 26.4874.7 ERX-Secondary-Wins or 26.6527.30 Alc-Secondary-Nbns. |
|
26.3561.1 |
Agent-Circuit-Id |
Information describing the subscriber agent circuit identifier corresponding to the logical access loop port of the Access Node or DSLAM from which a subscriber's requests are initiated. Attribute is included or excluded based on configure subscriber-mgmt authentication-policy/radius-accounting-policy name include-radius-attribute circuit-id. For data-triggered subscriber host authentication:
For data-triggered subscriber host authentication, this attribute in the Access-Request message contains the source IPv4 or IPv6 address of the data-trigger. The Access-Accept message can include this attribute to specify the circuit ID of the IPoE session if the configure subscriber-management ipoe-session-policy name circuit-id-from-auth command is configured. |
|
26.3561.2 |
Agent-Remote-Id |
An operator-specific, statically configured string that uniquely identifies the subscriber on the associated access loop of the Access Node or DSLAM. Attribute is included or excluded based on configure subscriber-mgmt authentication-policy/radius-accounting-policy name include-radius-attribute remote-id. |
|
26.3561.129 |
Actual-Data-Rate-Upstream |
The actual upstream train rate of a subscriber's synchronized DSL link and maps to values received during PPPoE discovery (tag 0x0105) or DHCP (opt-82). Attribute is included or excluded based on configure subscriber-mgmt authentication-policy/radius-accounting-policy name include-radius-attribute access-loop-options. |
|
26.3561.130 |
Actual-Data-Rate-Downstream |
Actual downstream train rate of a subscriber's synchronized DSL link and maps to values received during PPPoE discovery (tag 0x0105) or DHCP (opt-82). Attribute is included or excluded based on configure subscriber-mgmt authentication-policy/radius-accounting-policy name include-radius-attribute access-loop-options. |
|
26.3561.131 |
Minimum-Data-Rate-Upstream |
The subscriber's operator-configured minimum upstream data rate and maps to values received during PPPoE discovery (tag 0x0105) or DHCP (opt-82). Attribute is included or excluded based on configure subscriber-mgmt authentication-policy/radius-accounting-policy name include-radius-attribute access-loop-options. |
|
26.3561.132 |
Minimum-Data-Rate-Downstream |
The subscriber's operator-configured minimum downstream data rate and maps to values received during PPPoE discovery (tag 0x0105) or DHCP (opt-82). Attribute is included or excluded based on configure subscriber-mgmt authentication-policy/radius-accounting-policy name include-radius-attribute access-loop-options. |
|
26.3561.133 |
Attainable-Data-Rate-Upstream |
The subscriber's attainable upstream data rate and maps to values received during PPPoE discovery (tag 0x0105) or DHCP (opt-82). Attribute is included or excluded based on configure subscriber-mgmt authentication-policy/radius-accounting-policy name include-radius-attribute access-loop-options. |
|
26.3561.134 |
Attainable-Data-Rate-Downstream |
The subscriber's attainable downstream data rate and maps to values received during PPPoE discovery (tag 0x0105) or DHCP (opt-82). Attribute is included or excluded based on configure subscriber-mgmt authentication-policy/radius-accounting-policy name include-radius-attribute access-loop-options. |
|
26.3561.135 |
Maximum-Data-Rate-Upstream |
The subscriber's maximum upstream data rate, as configured by the operator and maps to values received during PPPoE discovery (tag 0x0105) or DHCP (opt-82). Attribute is included or excluded based on configure subscriber-mgmt authentication-policy/radius-accounting-policy name include-radius-attribute access-loop-options. |
|
26.3561.136 |
Maximum-Data-Rate-Downstream |
The subscriber's maximum downstream data rate, as configured by the operator and maps to values received during PPPoE discovery (tag 0x0105) or DHCP (opt-82). Attribute is included or excluded based on configure subscriber-mgmt authentication-policy/radius-accounting-policy name include-radius-attribute access-loop-options. |
|
26.3561.137 |
Minimum-Data-Rate-Upstream-Low-Power |
The subscriber's minimum upstream data rate in low power state, as configured by the operator and maps to values received during PPPoE discovery (tag 0x0105) or DHCP (opt-82). Attribute is included or excluded based on configure subscriber-mgmt authentication-policy/radius-accounting-policy name include-radius-attribute access-loop-options. |
|
26.3561.138 |
Minimum-Data-Rate-Downstream-Low-Power |
The subscriber's minimum downstream data rate in low power state, as configured by the operator and maps to values received during PPPoE discovery (tag 0x0105) or DHCP (opt-82). Attribute is included or excluded based on configure subscriber-mgmt authentication-policy/radius-accounting-policy name include-radius-attribute access-loop-options. |
|
26.3561.139 |
Maximum-Interleaving-Delay-Upstream |
The subscriber's maximum one-way upstream interleaving delay, as configured by the operator and maps to values received during PPPoE discovery (tag 0x0105) or DHCP (opt-82). Attribute is included or excluded based on configure subscriber-mgmt authentication-policy/radius-accounting-policy name include-radius-attribute access-loop-options. |
|
26.3561.140 |
Actual-Interleaving-Delay-Upstream |
The subscriber's actual one-way upstream interleaving delay and maps to values received during PPPoE discovery (tag 0x0105) or DHCP (opt-82). Attribute is included or excluded based on configure subscriber-mgmt authentication-policy/radius-accounting-policy name include-radius-attribute access-loop-options. |
|
26.3561.141 |
Maximum-Interleaving-Delay-Downstream |
The subscriber’s maximum one-way downstream interleaving delay, as configured by the operator and maps to values received during PPPoE discovery (tag 0x0105) or DHCP (opt-82). Attribute is included or excluded based on configure subscriber-mgmt authentication-policy/radius-accounting-policy name include-radius-attribute access-loop-options. |
|
26.3561.142 |
Actual-Interleaving-Delay-Downstream |
The subscriber's actual one-way downstream interleaving delay and maps to values received during PPPoE discovery (tag 0x0105) or DHCP (opt-82). Attribute is included or excluded based on configure subscriber-mgmt authentication-policy/radius-accounting-policy name include-radius-attribute access-loop-options. |
|
26.3561.144 |
Access-Loop-Encapsulation |
The last mile encapsulation used by the subscriber on the DSL access loop and maps to values received during PPPoE discovery Tags (tag 0x0105) or DHCP Tags (opt-82). Attribute is included or excluded in RADIUS/Accounting-Request based on configure subscriber-mgmt authentication-policy/radius-accounting-policy name include-radius-attribute access-loop-options. Last mile encapsulation information can be used to adjust automatically the egress aggregate rate for this subscriber. Preconfigured encapsulation types are used if PPP or IPoE access loop information (tags) is not available (configure subscriber-mgmt sub-profile subscriber-profile-name egress encap-offset type type or configure subscriber-mgmt local-user-db local-user-db-name ppp host access-loop encap-offset type). [26.6527.133] Alc-Access-Loop-Encap-Offset when returned in Access-Accept is taken into account (overrules received tags and preconfigured encapsulation types) for ALE adjust (last mile aware shaping) but is not reflected in access-loop-options send to RADIUS. Alc-Access-Loop-Encap from ANCP are currently not taken into account for ALE adjust. |
|
26.3561.254 |
IWF-Session |
The presence of this Attribute indicates that the IWF has been performed with respect to the subscriber's session. IWF is used to enable the carriage of PPP over ATM (PPPoA) traffic over PPPoE. The Access Node inserts the PPPoE Tag 0x0105, vendor-id 0x0de9 with sub-option code 0xFE, length field is set to 0x00 into the PPPoE Discovery packets when it is performing an IWF functionality. Attribute is included or excluded based on configure subscriber-mgmt authentication-policy/radius-accounting-policy name include-radius-attribute access-loop-options. |
|
26.4874.2 |
ERX-Address-Pool-Name |
The name of an assigned address pool that should be used to assign an address for the user and maps to dhcpv4 option[82] vendor-specific-option [9] sub-option [13] dhcpPool if option is enabled on the node (configure service ies | vprn service-id subscriber-interface ip-int-name group-interface ip-int-name dhcp option vendor-specific-option pool-name). Alternative to [88] Pool-Name and [26.2352.36] Ip-Address-Pool-Name. Pool names longer than the allowed maximum are treated as host setup failures. [8] Framed-IP-Address attribute with value different from 255.255.255.254 has precedence over [26.4874.2] ERX-Address-Pool-Name when both are present in RADIUS Access-Accept. |
|
26.4874.4 |
ERX-Primary-Dns |
The IPv4 address of the primary DNS server for this subscriber’s connection and maps to PPPoE IPCP option 129 Primary DNS Server address or DHCPv4 option 6 Domain Server. This attribute is an alternative for 26.2352.1 Client-DNS-Pri or 26.6527.9 Alc-Primary-Dns. |
|
26.4874.5 |
ERX-Secondary-Dns |
The IPv4 address of the secondary DNS server for this subscriber’s connection and maps to PPPoE IPCP option 131 Secondary DNS Server address or DHCPv4 option 6 Domain Server. This attribute is an alternative for 26.2352.2 Client-DNS-Sec or 26.6527.10 Alc-Secondary-Dns. |
|
26.4874.6 |
ERX-Primary-Wins |
The IPv4 address of the primary NetBios Name Server (NBNS) for this subscriber’s connection and maps to PPPoE IPCP option 130 Primary NBMS Server address or DHCPv4 option44 NETBIOS name server. This attribute is an alternative for 26.2352.99 RB-Client-NBNS-Pri or 26.6527.29 Alc-Primary-Nbns. |
|
26.4874.7 |
ERX-Secondary-Wins |
The IPv4 address of the secondary NetBios Name Server (NBNS) for this subscriber’s connection and maps to PPPoE IPCP option 132 Secondary NBMS Server address or DHCPv4 option44 NETBIOS name server. This attribute is an alternative for 26.2352.100 RB-Client-NBNS-Sec or 26.6527.30 Alc-Secondary-Nbns. |
|
26.4874.47 |
ERX-Ipv6-Primary-Dns |
The IPv6 address of the primary DNSv6 server for this subscriber’s connection and maps to DNS Recursive Name Server option 23 (RFC 3646) in DHCPv6. This attribute is an alternative for 26.6527.105 Alc-Ipv6-Primary-Dns. |
|
26.4874.48 |
ERX-Ipv6-Secondary-Dns |
The IPv6 address of the secondary DNSv6 server for this subscriber’s connection and maps to DNS Recursive Name Server option 23 (RFC 3646) in DHCPv6. This attribute is an alternative for 26.6527.106 Alc-Ipv6-Secondary-Dns. |
|
26.6527.9 |
Alc-Primary-Dns |
The IPv4 address of the primary DNS server for this subscriber’s connection and maps to PPPoE IPCP option 129 Primary DNS Server address or DHCPv4 option 6 Domain Server. This attribute is an alternative for 26.2352.1 Client-DNS-Pri or 26.4874.4 ERX-Primary-Dns. |
|
26.6527.10 |
Alc-Secondary-Dns |
The IPv4 address of the secondary DNS server for this subscriber’s connection and maps to PPPoE IPCP option 131 Secondary DNS Server address or DHCPv4 option 6 Domain Server. This attribute is an alternative for 26.2352.2 Client-DNS-Sec or 26.4874.5 ERX-Secondary-Dns. |
|
26.6527.11 |
Alc-Subsc-ID-Str |
A subscriber is a collection of subscriber-hosts (typically represented by IP-MAC combination) and is uniquely identified by a subscriber string. Subscriber-hosts queues or policers belonging to the same subscriber (residing on the same forwarding complex) can be treated under one aggregate scheduling QoS mechanism. Fallback to preconfigured values if attribute is omitted. Attribute values longer than the allowed string value are treated as setup failures. Can be used as key in CoA and Disconnect Message. Attribute is omitted in accounting using configure subscriber-mgmt radius-accounting-policy name include-radius-attribute no subscriber-id. |
|
26.6527.12 |
Alc-Subsc-Prof-Str |
The subscriber profile is a template that contains settings (accounting, IGMP, HQoS, and so on) that apply to all hosts belonging to the same subscriber where [26.6527.12] Alc-Subsc-Prof-Str is the string that maps (configure subscriber-mgmt sub-ident-policy sub-ident-policy-name sub-profile-map) to such an subscriber profile (configure subscriber-mgmt sub-profile subscriber-profile-name). Strings longer than the allowed maximum are treated as setup failures. Unreferenced strings (where the string does not map to a policy) are silently ignored and a fallback to preconfigured defaults is done. This attribute is omitted in accounting using configure subscriber-mgmt radius-accounting-policy name include-radius-attribute no sub-profile. |
|
26.6527.13 |
Alc-SLA-Prof-Str |
The SLA profile is a template which contains settings (filter, QoS, host-limit, and so on) which are applicable to individual hosts were [26.6527.13] Alc-SLA-Prof-Str is the string that maps (configure subscriber-mgmt sub-ident-policy sub-ident-policy-name sla-profile-map) to such a sla profile (configure subscriber-mgmt sla-profile sla-profile-name). Strings longer than the allowed maximum are treated as setup failures. Unreferenced strings (where the string does not map to a policy) are silently ignored and a fallback to preconfigured defaults is done. This attribute is omitted in accounting using configure subscriber-mgmt radius-accounting-policy name include-radius-attribute no sla-profile. |
|
26.6527.16 |
Alc-ANCP-Str |
Information describing the subscriber agent circuit identifier corresponding to the logical access loop port of the Access Node or DSLAM from which a subscriber's requests are initiated and used to associate the ANCP Circuit-Id (info received using ANCP Port Up and Port Down) with the PPPoE/IPoE Circuit-Id (info received using [26.6527.16] Alc-ANCP-Str and [26.3561.1] Agent-Circuit-Id). A subscriber is associated with ANCP when both strings are equal. For associated subscribers, the ingress and egress ANCP QoS rules apply (configure subscriber-mgmt ancp ancp-policy policy-name and configure subscriber-mgmt sub-profile ancp ancp-policy policy-name. |
|
26.6527.18 |
Alc-Default-Router |
Maps to an DHCP offer or ACK message option [3] default-router for a DHCPv4 RADIUS proxy scenario and defines the default gateway for the user. This attribute is silently ignored if the NAS is using DHCPv4 relay. In the latter case, the default-router is part of the DHCPv4 server configuration. |
|
26.6527.27 |
Alc-Client-Hardware-Addr |
MAC address from a user that requests a service and included in CoA, Authentication or Accounting (configure subscriber-mgmt authentication-policy/radius-accounting-policy name include-radius-attribute mac-address). |
|
26.6527.28 |
Alc-Int-Dest-Id-Str |
A string representing an aggregation point (example, Access Node) and interpreted as the intermediate destination ID. Subscribers connected to the same aggregation point receives the same int-dest-id string assigned. The int-dest-id is used in MC ring access redundancy to identify subscribers behind a ring node (configure redundancy multi-chassis peer ip-address mc-ring ring/l3-ring name ring-node ring-node-name). The int-dest-id can be used in QoS to shape the egress traffic of a group of subscribers to an aggregate rate using Vports (configure port port-id ethernet access egress vport name host-match dest destination-string). For egress policed subscriber traffic, the int-dest-id can be used to select the egress queue-group for forwarding (configure port port-id ethernet access egress queue-group name host-match dest destination-string). Strings longer than the allowed maximum are treated as setup failures. |
|
26.6527.29 |
Alc-Primary-Nbns |
The IPv4 address of the primary NetBios Name Server (NBNS) for this subscriber’s connection and maps to PPPoE IPCP option 130 Primary NBMS Server address or DHCPv4 option44 NETBIOS name server. This attribute is an alternative for 26.2352.99 RB-Client-NBNS-Pri or 26.4874.6 ERX-Primary-Wins. |
|
26.6527.30 |
Alc-Secondary-Nbns |
The IPv4 address of the secondary NetBios Name Server (NBNS) for this subscriber’s connection and maps to PPPoE IPCP option 132 Secondary NBMS Server address or DHCPv4 option44 NETBIOS name server. This attribute is an alternative for 26.2352.100 RB-Client-NBNS-Sec or 26.4874.7 ERX-Secondary-Wins. |
|
26.6527.34 |
Alc-PPPoE-PADO-Delay |
Specifies the number in deciseconds that the PPPoE protocol stack on the NAS waits before sending a PADO packet in response to a PADI request. In dual homed topologies, you may want to designate a primary NAS and a backup NAS for handling a particular service request. In such a scenario, you can configure a delay for the backup NAS to allow sufficient time for the primary NAS to respond to the client with a PADO packet. If the primary NAS does not send the PADO packet within this delay period, then the backup NAS sends the PADO packet after the delay period expires. This attribute is only applicable if RADIUS PADI authentication is used (configure subscriber-mgmt authentication-policy name pppoe-access-method padi). Values above the allowed Limits are truncated at the Limits boundary. There is no PADO delay if the attribute is omitted or if the attribute is received with a value of zero. |
|
26.6527.35 |
Alc-PPPoE-Service-Name |
Maps to PADI field PPPoE tags [0x0101] service-name and is sent in the Access-Request if enabled under configure subscriber-mgmt authentication-policy name include-radius-attribute pppoe-service-name. A PPPoE-Service-Name above the allowed maximum length is handled as a PPPoE session setup failure. |
|
26.6527.36 |
Alc-DHCP-Vendor-Class-Id |
Initiated by DHCP clients using option [60] Vendor Class Identifier and reflected in Authentication. (configure subscriber-mgmt authentication-policy name include-radius-attribute dhcp-vendor-class-id or configure aaa isa-radius-policy name auth-include-attributes dhcp-vendor-class-id). DHCP option [60] Vendor Class Identifier can also be used as username in RADIUS requests. (configure subscriber-mgmt authentication-policy name user-name-format dhcp-client-vendor-opts). |
|
26.6527.45 |
Alc-App-Prof-Str |
Application Assurance for residential, business, or transit-AA subscribers is enabled through the assignment of an application profile as part of either enhanced subscriber management or static configuration. [26.6527.45] Alc-App-Prof-Str is a string that maps (configure subscriber-mgmt sub-ident-policy sub-ident-policy-name app-profile-map) to such an application profile (configure application-assurance group aa-group-id:partition-id policy app-profile app-profile-name). This attribute is used in access-accept to assign an application profile during esm host creation and in CoA to change the application profile of a AA-subscriber or to create transit AA-subscriber. Strings longer than the allowed maximum are treated as setup failures. Unreferenced strings (strings not mapping to an application profile) silently triggers a fallback to preconfigured default values if allowed. If no default value is preconfigured, the subscriber's application profile is silently disabled for esm AA-subscriber; in case of a transit AA-subscriber creation, the CoA is rejected. The change of an application profile to one configured under a different group or partition or the modification of the application profile of a static AA-subscriber is not allowed and is treated as setup failures. |
|
26.6527.99 |
Alc-Ipv6-Address |
The IPv6 address to be configured to the WAN side of the user (IPoE,PPPoE) using DHCPv6 (IA-NA). Maps to DHCPv6 option IA-NA[3] sub-option IA-Address[5] address. This attribute is an alternative to [97] Framed-IPv6-Prefix and [100] Framed-IPv6-Pool, which also assigns IPv6 addressing to the wan-side of a host using SLAAC or DHCPv6 IA-NA. Attribute is also used in CoA and Disconnect Message (part of the ESM or AA user identification-key). For data-triggered subscriber host creation in the Enhanced Subscriber Management (ESM) context, the attribute can be included in an Access-Accept message to specify the IPv6 address to create a /128 IPv6 host. For data-triggered authentication of an IPv6 UE in Distributed Subscriber Management (DSM) context, this attribute contains the IPv6 address that triggered the request. Inclusion of this attribute is configured under configure aaa isa-radius-policy policy-name auth-include-attributes ipv6-address. For data-triggered subscriber host creation, an Access-Accept message can contain this attribute to specify the IPv6 address to create an IPv6 /128 host. |
|
26.6527.100 |
Alc-Serv-Id |
Applies to FWA sessions only. This VSA refers to the service where the GTP sessions are terminated (configure service {vprn | ies} service-id). This overrides a potential default configured under configure subscriber-mgmt gtp apn-policy policy-name apn apn defaults group-interface interface-name svc-id service-id. This VSA must be accompanied with a valid Alc-Interface VSA. |
|
26.6527.101 |
Alc-Interface |
Applies to FWA sessions only. This VSA refers to a group-interface of type gtp where the GTP sessions are terminated (configure service {vprn | ies} subscriber-interface ip-int-name group-interface ip-int-name gtp). This overrides a potential default configured under configure subscriber-mgmt gtp apn-policy policy-name apn apn defaults group-interface interface-name svc-id service-id. If neither a default nor a radius-specified interface is provided, session setup fails. |
|
26.6527.102 |
Alc-ToServer-Dhcp-Options |
Send to RADIUS all DHCPv4 options received in a DHCPv4 message triggering authentication. The DHCPv4 options are concatenated in the attribute up to maximum length per attribute. If more space is needed, an additional attribute is included. If the total dhcp options space requires more than the total maximum length, then no attributes are included. Attribute is included or excluded based on configure subscriber-mgmt authentication-policy name include-radius-attribute dhcp-options. This feature is supported for both DHCP relay and proxy. For DHCP triggered authentication in a Distribute Subscriber Management (DSM) context, this attribute contains the DHCP client options as sent to the WLAN-GW. Inclusion of this attribute is configured using configure aaa isa-radius-policy name auth-include-attributes dhcp-options. |
|
26.6527.103 |
Alc-ToClient-Dhcp-Options |
The value of this attribute represents DHCPv4 options encoded in a hexadecimal format. DHCPv4 options originated by RADIUS are appended to the options already present in the DHCPv4 messages toward the client. Multiple DHCP options can be concatenated in a single VSA. Attributes outside the defined limits result in a setup failure. When more than the supported number of attributes are received from RADIUS, only the supported number of VSAs are appended in the DHCP message, starting with the first attribute received. The remaining attributes are silently ignored. |
|
26.6527.105 |
Alc-Ipv6-Primary-Dns |
The IPv6 address of the primary DNSv6 server for this subscriber’s connection. Maps to DNS Recursive Name Server option 23 (RFC 3646) in DHCPv6 and Recursive DNS Server Option type 25 (RFC 6106) for SLAAC RA. This attribute is an alternative for [26.4874.47] ERX-Ipv6-Primary-Dns. |
|
26.6527.106 |
Alc-Ipv6-Secondary-Dns |
The IPv6 address of the secondary DNSv6 server for this subscriber’s connection. Maps to DNS Recursive Name Server option 23 (RFC 3646) in DHCPv6 and Recursive DNS Server Option type 25 (RFC 6106) for SLAAC RA. This attribute is an alternative for [26.4874.48] ERX- Ipv6-Secondary-Dns. |
|
26.6527.126 |
Alc-Subscriber-QoS-Override |
Used to override queue or policer parameters (CIR, PIR, CBS, MBS) and HQoS parameters (aggregate rate, scheduler rate or root arbiter rate) configured at sla-profile and sub-profile context. Enables per subscriber or host customization. Each set of Alc-Subscriber-QoS-Override attributes in a RADIUS message replaces the set of Alc-Subscriber-QoS-Override attributes from a previous message. Hence the SLA profile or subscriber profile QoS configuration is always used as the base config. To undo a previously enabled RADIUS QoS-override and return to the base config, send a CoA with at least one Alc-Subscriber-QoS-Override attribute. The value part of each Alc-Subscriber-QoS-Override attribute must be empty (for example, Alc-Subscriber-QoS-Override += i:q:2:). Incorrectly formatted attributes or too many attributes are treated as a setup failure or result in a CoA NAK. |
|
26.6527.131 |
Alc-Delegated-IPv6-Pool |
The name of an assigned pool that should be used to assign an IPv6 prefix using DHCPv6(IA-PD) to the LAN side of the user (IPoE, PPPoE). Maps to DHCPv6 vendor-option[17],sub-option[2] pfx-pool. Alc-Delegated-ipv6-pool names longer than the allowed maximum are treated as host setup failures. Alternative method for [123] Delegated-IPv6-Prefix so simultaneous returned attributes [123] Delegated-IPv6-Prefix and [26.6527.131] Alc-Delegated-IPv6-Pool are handled as host setup failures. The length information [DPL] can be supplied using [26.6527.161] Alc-Delegated-IPv6-Prefix-Length along with the pool name. The [26.6527.161] Alc-Delegated-IPv6-Prefix-Length has priority over other possible sources of DPL. (As a fixed [48 to 64] DPL or variable DPL under configure service ies | vprn service-id subscriber-interface ipv6 delegated-prefix-length or on the dhcpv6 server configure router dhcp6 local-dhcp-server server-name pool pool-name delegated-prefix-length). |
|
26.6527.132 |
Alc-Access-Loop-Rate-Down |
The actual downstream rate (coded in kb/s) of a PPPoE subscriber's synchronized DSL link and competes with the value received from alternative sources (dsl-forum tags, LUDB, ANCP). Values outside the limits are treated as setup failures. This attribute is silently ignored for non-MLPPP sessions or IPoE sessions. |
|
26.6527.133 |
Alc-Access-Loop-Encap-Offset |
The last mile encapsulation representing the subscriber’s DSL access loop encapsulation. When returned in RADIUS-Accept (PTA or LAC), it is taken into account for ALE adjust (last mile aware shaping) but not reflected in [26.3561.144] Access-Loop-Encapsulation (access-loop-options) send to Accounting. For LAC, this attributes maps to LTP AVP [3561-144] Access-Loop-Encapsulation. |
|
26.6527.135 |
Alc-PPP-Force-IPv6CP |
Forces IPv6CP negotiation in conditions where no IPv6 related attributes (such as v6 pool, v6 prefix, v6 address, DNSv6) are obtained using authentication (Access Accept, local user database, and so on). Without these IPv6 related attributes, the NAS cannot detect that this is a dual-stack PPPoE user and therefore it does not start IPv6CP negotiation. An attribute value other than 0 (zero) forces IPv6CP negotiation to start when no IPv6 attributes are obtained in authentication. An attribute value of 0 (zero) is treated the same as not sending the attribute. |
|
26.6527.136 |
Alc-Onetime-Http-Redirection-Filter-Id |
The preconfigured IPv4 filter with HTTP redirection rules. using this host- specific filter only the first HTTP request from the host is redirected to a configured URL with specified parameters. There is no HTTP redirection for subsequent HTTP requests which is useful in cases where service providers need to push a web page of advertisement or announcements to broadband users. |
|
26.6527.146 |
Alc-Wlan-APN-Name |
This VSA contains the Access Point Name string as signaled in the incoming GTP-C message for FWA sessions. To include this attribute use the command configure subscriber-mgmt authentication-policy name include-radius-attribute apn. |
|
26.6527.147 |
Alc-MsIsdn |
This VSA contains the MSISDN (telephone number) as signaled in the incoming GTP-C message for FWA sessions. If the corresponding GTP-C IE is not present the VSA is not included. Inclusion of this attribute can be configured using configure subscriber-mgmt authentication-policy name include-radius-attribute msisdn. |
|
26.6527.160 |
Alc-Relative-Session-Timeout |
Sets or resets the IPoE or PPPoE session timeout to a relative value (current session time + newly received Alc-Relative-Session-Timeout). Attribute equals to [27] Session-Timeout if received in Access-Accept since the current session time equals zero. A value of zero sets or resets the session-timeout to infinite (no session-timeout). Simultaneous received [27] Session-Timeout and [26.6527.160] Alc-Relative-Session-Timeout are treated as a setup failure (setup failure if received in Access-Accept or CoA rejected (NAK) with error cause = Invalid Request). |
|
26.6527.161 |
Alc-Delegated-IPv6-Prefix-Length |
Defines the IA-PD length information [DPL] and only applicable together with [26.6527.131] Alc-Delegated-IPv6-Pool (silently ignored if received in RADIUS Accept without Alc-Delegated-IPv6-Pool). Maps to DHCPv6 vendor-option[17], sub-option[3] pfx-len. The [26.6527.161] Alc-Delegated-IPv6-Prefix-Length has priority over other possible sources of DPL. (As a fixed [48 to 64] DPL or variable DPL under configure service ies |vprn service-id subscriber-interface ip-int-name ipv6 delegated-prefix-length or on the dhcpv6 server configure router dhcp6 local-dhcp-server server-name pool pool-name delegated-prefix-length). DPL values outside the limits are treated as setup failures. |
|
26.6527.174 |
Alc-Lease-Time |
Defines the lease-time in seconds for RADIUS proxy and create-host-CoA scenarios only. The [27] Session-Timeout is interpreted and used as IPoE lease-time if [26.6527.174] Alc-lease-Time is omitted. Returning attribute [26.6527.174] Alc-Lease-Time in other scenarios than radius-proxy and create-host-CoA are treated as setup failures. |
|
26.6527.175 |
Alc-DSL-Line-State |
Status of the DSL line obtained using ANCP can be one of three value: SHOWTIME (the modem is ready to transfer data), IDLE (line is idle) or SILENT (line is silent). Attribute is included or excluded based on configure subscriber-mgmt authentication-policy/radius-accounting-policy name include-radius-attribute access-loop-options. |
|
26.6527.176 |
Alc-DSL-Type |
Type of the DSL line (ADSL1, ADSL2, ADSL2PLUS, VDSL1, VDSL2, SDSL, other) obtained using ANCP. This attribute is included or excluded based on configure subscriber-mgmt authentication-policy/radius-accounting-policy name include-radius-attribute access-loop-options. |
|
26.6527.177 |
Alc-Portal-Url |
The URL to which traffic matching the host’s IPv4 filter entry with HTTP redirect action is redirected. The URL overrides the configured URL in the redirect filter. RADIUS overrides must explicitly be enabled: configure filter ip-filter filter-id entry entry-id action http-redirect rdr-url-string allow-radius-override. |
|
26.6527.178 |
Alc-Ipv6-Portal-Url |
The URL to which traffic matching the host’s IPv6 filter entry with HTTP redirect action is redirected. The URL overrides the configured URL in the redirect filter. RADIUS overrides must explicitly be enabled: configure filter ipv6-filter filter-id entry entry-id action http-redirect rdr-url-string allow-radius-override. |
|
26.6527.180 |
Alc-SAP-Session-Index |
Per SAP, this is a unique PPPoE or IPoE session index that can be included in RADIUS Access Request messages. The lowest free index is assigned to a new PPPoE or IPoE session. Attribute is included or excluded based on configure subscriber-mgmt authentication-policy name include-radius-attribute sap-session-index. |
|
26.6527.181 |
Alc-SLAAC-IPv6-Pool |
A pool name that can be used in local address assignment to assign an IPv6 SLAAC prefix using a Router Advertisement to the WAN side of the IPoE or PPPoE user. Alc-SLAAC-IPv6-Pool names longer than the allowed maximum are treated as host setup failures. If local-address-assignment is not enabled on the group-interface for ipv6 client-application ppp-slaac, then the PPP session is terminated. If local-address-assignment is not enabled on the group-interface for ipv6 client-application ipoe-slaac, then the IPoE host is not instantiated. |
|
26.6527.183 |
Alc-WPP-Error-Code |
This attribute specifies the value of the ErrCode that the system should use in a WPP ACK_AUTH packet. This attribute can only be included in a RADIUS Access-Reject packet. |
|
26.6527.185 |
Alc-Onetime-Http-Redirect-Reactivate |
An indication to reactivate a onetime HTTP redirect filter for the host. When received in a RADIUS CoA message, the filter with the value indicated by [26.6527.136] Alc-Onetime-Http-Redirection-Filter-Id is activated. If [26.6527.136] Alc-Onetime-Http-Redirection-Filter-Id contains the value 0, then the existing onetime http redirect filter ID associated with the host is removed. If no [26.6527.136] Alc-Onetime-Http-Redirection-Filter-Id VSA is provided in the RADIUS CoA message, then the existing onetime http redirect filter ID associated with the host is applied. The value of the [26.6527.185] Alc-Onetime-Http-Redirect-Reactivate VSA is opaque. It is the presence of the VSA in a RADIUS CoA that triggers the action. |
|
26.6527.191 |
Alc-ToServer-Dhcp6-Options |
This attribute contains DHCPv6 client options present in a DHCPv6 Solicit or Request message to be passed to RADIUS in an Access-Request. Multiple attributes are inserted when the length of the DHCPv6 options exceeds the maximum length of a single attribute. No attributes are included if the total length of the DHCPv6 options exceeds the total limit for this attribute. When the DHCPv6 solicit or request message is encapsulated in a Relay-Forward message, only the inner DHCPv6 client options are copied in the Alc-ToServer-Dhcp6-Options attribute. Options inserted by a Relay Agent are ignored. Attribute is included or excluded based on configure subscriber-mgmt authentication-policy name include-radius-attribute dhcp6-options. This feature is supported for both DHCP relay and proxy. For DHCPv6 triggered authentication in a Distribute Subscriber Management (DSM) context, this attribute contains the DHCPv6 client options as sent to the WLAN-GW. Inclusion of this attribute is configured using configure aaa isa-radius-policy policy-name auth-include-attributes dhcp6-options. |
|
26.6527.192 |
Alc-ToClient-Dhcp6-Options |
The value of this attribute represents DHCPv6 options encoded in a hexadecimal format. DHCPv6 options originated by RADIUS are appended to the options already present in the DHCPv6 Advertise and Reply messages toward the client. Attributes outside the defined limits result in a setup failure. When more than the supported number of attributes are received from RADIUS, only the supported number of VSAs are appended in the DHCP message, starting with the first attribute received. The remaining attributes are silently ignored. This feature is supported for both DHCP relay and proxy. |
|
26.6527.200 |
Alc-v6-Preferred-Lifetime |
An IPv6 address or prefix preferred lifetime is the length of time that a valid address or prefix is preferred (for example, the time until deprecation). When the preferred lifetime expires, the address or prefix becomes deprecated (it can still be used in existing communications but should not be used as a source in new communications). This attribute is applicable only when an IPv6 address or prefix is assigned using RADIUS (DHCPv6 proxy). It overrides the dhcp6 proxy-server preferred-lifetime configuration on the group-interface. The attribute value is expressed in seconds. Values outside the allowed range result in a setup failure. If, for the final determined values from the different sources (LUDB, RADIUS, defaults), the following rule is violated: renew timer 7705 SAR-8 rebind timer <= preferred lifetime <= valid lifetime then the default timers are used: renew-timer = 30 min, rebind-timer = 48 min, preferred-lifetime = 1hr, valid-lifetime = 1 day. Note that only a single value can be specified that applies to both IA-NA address and IA-PD prefix. |
|
26.6527.201 |
Alc-v6-Valid-Lifetime |
The IPv6 address or prefix valid lifetime is the length of time an address or prefix remains in the valid state (for example, the time until invalidation). When the valid lifetime expires, the address or prefix becomes invalid and must no longer be used in communications. This attribute is used as the DHCPv6 lease time. This attribute is applicable only when an IPv6 address or prefix is assigned using RADIUS (DHCPv6 proxy). Overrides the dhcp6 proxy-server valid-lifetime configuration on the group-interface. The attribute value is expressed in seconds. Values outside the allowed range result in a setup failure. If, for the final determined values from the different sources (LUDB, RADIUS, defaults), the following rule is violated: renew timer <= rebind timer <= preferred lifetime <= valid lifetime then the default timers are used: renew-timer = 30 min, rebind-timer = 48 min, preferred-lifetime = 1hr, valid-lifetime = 1 day. Note that only a single value can be specified that applies to both IA-NA address and IA-PD prefix. |
|
26.6527.202 |
Alc-Dhcp6-Renew-Time |
The attribute value represents the DHCPv6 lease renew time (T1). T1 is the time at which the client contacts the addressing authority to extend the lifetimes of the DHCPv6 leases (addresses or prefixes). This attribute is applicable only when an IPv6 address or prefix is assigned using RADIUS (DHCPv6 proxy). Overrides the dhcp6 proxy-server renew-timer configuration on the group interface. The attribute value is expressed in seconds. Values outside the allowed range result in a setup failure. If, for the final determined values from the different sources (LUDB, RADIUS, defaults), the following rule is violated: renew timer <= rebind timer <= preferred lifetime <= valid lifetime then the default timers are used: renew-timer = 30 min, rebind-timer = 48 min, preferred-lifetime = 1hr, valid-lifetime = 1 day. Note that only a single value can be specified that applies to both IA-NA address and IA-PD prefix. |
|
26.6527.203 |
Alc-Dhcp6-Rebind-Time |
The attribute value represents the DHCPv6 lease rebind time (T2). T2 is the time at which the client contacts any available addressing authority to extend the lifetimes of DHCPv6 leases. This attribute is applicable only when an IPv6 address or prefix is assigned using RADIUS (DHCPv6 proxy). The attribute overrides the dhcp6 proxy-server rebind-timer configuration on the group interface The attribute value is expressed in seconds. Values outside the allowed range result in a setup failure. If, for the final determined values from the different sources (LUDB, RADIUS, defaults), the following rule is violated: renew timer <= rebind timer <= preferred lifetime <= valid lifetime then the default timers are used: renew-timer = 30 min, rebind-timer = 48 min, preferred-lifetime = 1hr, valid-lifetime = 1 day. Note that only a single value can be specified that applies to both IA-NA address and IA-PD prefix. |
|
26.6527.217 |
Alc-UPnP-Sub-Override-Policy |
Specifies the UPnP policy to use for this L2-Aware subscriber. The policy must be configured in configure service upnp upnp-policy policy-name. Overrides the configured policy in the sub-profile for the subscriber: configure subscriber-mgmt sub-profile name upnp-policy policy-name. The value ‟_tmnx_no_override” removes any existing override and installs the upnp-policy configured in the sub-profile instead. The value ‟_tmnx_disabled” creates a special override that disables UPnP for this subscriber. Specifying a non-existing policy results in a host or session setup failure or in a CoA Reject. All hosts belonging to the subscriber are affected by a UPnP policy override. Changing the UPnP policy clears all existing UPnP mappings. |
|
26.6527.228 |
Alc-Trigger-Acct-Interim |
When included in a CoA message an accounting interim update is generated for all accounting modes that have interim-updates enabled. The Alc-Trigger-Acct-Interim attribute with free formatted string value is echoed in the CoA triggered accounting interim update message. The [26.6527.163] Alc-Acct-Triggered- Reason attribute in the interim update is set to 18 (CoA-Triggered). |
|
26.6527.232 |
Alc-Acct-Interim-IvI |
Tagged Attribute. The interval in seconds at which Acct-Interim-Update messages should be generated. Overrides the local configured update-interval value in the RADIUS accounting policy. Only takes effect if interim-updates are enabled for one of the accounting modes in the RADIUS accounting policy. With attribute value=0, the interim accounting is switched off. The tag value (1 to 5) indicates which RADIUS accounting policy in the subscriber profile is updated. To change the update interval of the first accounting policy, attribute [85] Acct-Interim-Interval takes precedence over [26.6527.232] Alc-Acct-Interim-Ivl with tag 1 when both are included. |
|
26.6527.234 |
Alc-DNAT-Override |
A composite RADIUS attribute used to modify DNAT function for L2-Aware NAT subscribers:
After the DNAT configuration is modified using CoA (by enabling or disabling DNAT or changing the DNAT IP address), the existing flows remain active for five more seconds while the new flows are being created in accordance with the new configuration. After a five-second timeout, the stale flows are cleared from the system. If multiple Alc-DNAT-Override attributes with conflicting actions are received in the same CoA or Access-Accept, the last one takes precedence. |
|
26.6527.238 |
Alc-Remove-Override |
This attribute, when included in a CoA, removes the override installed with or deactivates the action triggered by the referenced attribute ID. |
|
26.6527.242 |
Alc-Radius-Py |
A free format attribute reserved for use in combination with a RADIUS Python script. SR OS ignores the attribute when received in an access accept or CoA and does not generate the attribute. The primary purpose for this attribute is to interact with RADIUS servers that do not support RFC 6929 extended and long extended vendor specific attribute types. This attribute can be used between the RADIUS server and the Python script. The Python script should convert the attribute value in an RFC 6929 compliant attribute format. |
|
26.6527.244 |
Alc-Force-DHCP-Relay |
This attribute is only supported for DHCP promotion of data-triggered hosts. When this attribute is included in an Access Accept message at the authentication of a data triggered subscriber hosts IPoE session, then a DHCP relay is performed when the subscriber host in the session is promoted to a DHCP host at renew or rebind. The IP and, or IPv6 address/prefix origin is set to DHCP or DHCP6 for the data triggered subscriber host that is promoted to a DHCP host. The IP address/prefix for all IP stacks of the subscribers IPoE session must also be included in the Access Accept. Attributes with invalid value are ignored. |
|
241.26.6527.16 |
Alc-IPv6-Router-Adv-Policy |
This attribute specifies the Router Advertisement policy to be used for this subscriber host or session. The Router Advertisement policy is configured in configure subscriber-mgmt router-advertisement-policy name. The Router Advertisement policy overrides the default Router Advertisement parameters configured in the ipv6 router-advertisements CLI context at the group interface or subscriber interface (wholesale or retail). Referencing a non-existing policy results in a subscriber host or session setup failure or a CoA reject. |
|
241.26.6527.17 |
Alc-Nat-Outside-IPs |
This attribute allows to specify an outside NAT IP address from AAA instead of allocating an address from the local NAT pools. An IP address can be provided for each policy. |
|
241.26.6527.18 |
Alc-Mld-Import-Policy |
This attribute overrides the subscriber’s current list of dynamic MLD import policies. The order in which the policies were added can be checked with show router [router-instance] mld hosts host ipv6-address detail. Note that the configured MLD import policy (configure subscriber-mgmt mld-policy mld-policy-name import policy-name) cannot be overridden and is always applied as the last policy in the MLD import policies list. As the import policies are evaluated in the applied order using a match and exit, it is good practice to only include a default-action in the configured MLD import policy. Access-Accept fails and CoA is rejected if more than 14 attributes are present. |
|
241.26.6527.19 |
Alc-Bonding-Id |
Attribute description is defined in the Bonding section, see Table: Bonding (description). |
|
241.26.6527.22 |
Alc-Bonding-Reference-Rate |
Attribute description is defined in the Bonding section, see Table: Bonding (description). |
|
241.26.6527.27 |
Alc-IPv6-Sub-If-Prefix |
This attribute installs a subscriber interface IPv6 prefix of type pd, wan-host or both. This is similar to a statically configured IPv6 prefix on a subscriber interface. The prefix is part of the subscriber host or session state. The prefix is removed from the system when the subscriber host or session disconnects. An invalid prefix, such as when overlapping with a static provisioned prefix, results in a subscriber host or session setup failure. |
|
241.26.6527.35 |
Alc-Mld-Import-Policy-Modif |
This attribute modifies the subscriber’s dynamic MLD import policy list. The command can either add or delete an MLD import policy to or from the list. The CoA is rejected if more than the allowed number of attributes are included or if the number of resulting dynamic MLD import policies is more than 14. |
|
241.26.6527.37 |
Alc-VAS-IPv4-Filter |
(l2-aware NAT subscriber only). This VSA enables IPv4 service chaining for an l2-aware NAT subscriber using the named Value Added Services (VAS) filter configured under configure subscriber-mgmt isa-service-chaining vas-filter. |
|
241.26.6527.38 |
Alc-VAS-NSH-IPv4-Opaque-Meta-Data |
(l2-aware NAT subscriber only). For Value Added Services (VAS) enabled sessions this VSA specifies the Network Services Header (NSH) context header data for MD type 1. This value overrides insert-subscriber-id or opaque-data configured under configure subscriber-mgmt isa-service-chaining vas-filter filter-name entry id action {downstream | upstream} insert-nsh meta-data. An NSH header with this context data is only inserted if svc-path is correctly configured under configure subscriber-mgmt isa-service-chaining vas-filter filter-name entry id action {downstream | upstream} insert-nsh. |
|
241.26.6527.39 |
Alc-Static-Port-Forward |
Static port forwards to be installed for layer-2 aware NAT subscribers using external address assignment. |
|
241.26.6527.40 |
Alc-IPv6-Slaac-Replacement-Prefix |
Override the current host SLAAC prefix with the one specified in the VSA. The host address origin is not changed. Three subsequent Router Advertisements are sent to the SLAAC host respecting the configured advertisement intervals. The Router Advertisements contain both the current and new SLAAC prefixes: the valid and preferred lifetime for the current prefix are set to zero and for the new prefix the values are either specified in the router advertisement policy or the group interface configuration. Because of the prefix change, all traffic send using the old SLAAC prefix as source address is dropped in the BNG when anti-spoof is set to IP + MAC. Note that the prefix change results in a SLAAC host delete and create. |
|
241.26.6527.47 |
Alc-SPI-Sharing-Id |
Sets or overrides the SLA Profile Instance (SPI) sharing method for this subscriber session to SPI sharing per group or to the default SPI sharing method (per SAP or per session) as specified in the SLA profile (configure subscriber-mgmt sla-profile sla-profile-name def-instance-sharing spi-sharing-type). For SPI sharing per group, the group is identified with an integer group identifier (for example, the SPI sharing ID). An SPI is shared by all subscriber sessions with the same subscriber ID, SAP, SLA profile and group ID. Setting this attribute for an IPoE host with IPoE session disabled on the group interface results in a setup failure. Unsupported values result in a subscriber session setup failure. |
|
241.26.6527.57 |
Alc-Gtp-Skip-Ipv4-Alloc-Override |
Applies to FWA sessions only. 3GPP describes the following address management related Protocol Configuration Option (PCO) values.
The FWA-GW honors the PCO Address Management options set by the RG or UE which results in a non-deferred or deferred address allocation. By default, non-deferred address allocation applies when the PCO Address Management options are not set by the RG or UE. The default non-deferred behavior can be overruled to deferred address allocation using the following APN scope parameter: configure subscriber-mgmt gtp apn-policy policy-name apn apn skip-gtp-ipv4-alloc The CLI parameter skip-gtp-ipv4-alloc is only applicable when PCO Address Management options are not set by the RG or UE. The skip-gtp-ipv4-alloc behavior (deferred address allocation) can be overridden to non-deferred address allocation for an individual session using the Alc-Gtp-Skip-Ipv4-Alloc-Override attribute with value 1 (on). The Alc-Gtp-Skip-Ipv4-Alloc-Override attribute is silently ignored when the CLI parameter skip-gtp-ipv4-alloc is not configured. |
|
241.26.6527.58 |
Alc-Change-Reporting-Action |
Applies to FWA sessions only. Controls the change reporting action signaled in GTP. Overrides the value specified under configure subscriber-mgmt gtp peer-profile name change-reporting-action. The specified action only applies if the MME supports change reporting. |
|
241.26.6527.62 |
Alc-Host-DNAT-Override |
Enables or Disables DNAT functionality on a session level. This overrides any value that has been set by the Alc-DNAT-Override attribute. |
|
241.26.6527.71 |
Alc-Host-DNAT-Default-Address-Override |
Overrides the DNAT destination IP address on a per session level. This overrides both the default value configured under configure service nat nat-classifier classifier-name default-dnat-ip-address and the value set by the Alc-DNAT-Override attribute. |
|
245.26.6527.5 |
Alc-Spi-Host-And-Session-Limits |
Used to override host-limits and session-limits configured at the sla-profile context. Enables to dynamically set host and session limits that are enforced per SLA Profile Instance. All subscriber hosts and sessions that belong to the same SLA Profile Instance should get the same dynamic override values. The limits are checked at host or session creation time. When a limit is reached, the host or session creation fails. See [245.26.6527.5] Alc-Spi-Host-And-Session-Limits attribute details for a detailed description of the attribute. |
|
245.26.6527.6 |
Alc-Sub-Host-And-Session-Limits |
Used to override host-limits and session-limits configured at the sub-profile context. Enables to dynamically set host and session limits that are enforced per subscriber. All subscriber hosts and sessions that belong to the same subscriber should get the same dynamic override values. The limits are checked at host or session creation time. When a limit is reached, the host or session creation fails. See [245.26.6527.6] Alc-Sub-Host-And-Session-Limits attribute details for a detailed description of the attribute. |
|
26.10415.1 |
3GPP-IMSI |
Applies to For FWA sessions only. This attribute reflects the IMSI of the session being set up. To include this attribute use the command configure subscriber-mgmt authentication-policy name include-radius-attribute imsi. |
|
26.10415.5 |
3GPP-GPRS-Negotiated-QoS-Profile |
This VSA contains the QoS values signaled in the incoming GTP-C message for FWA sessions. To include this attribute use the command configure subscriber-mgmt authentication-policy name include-radius-attribute gprs-negotiated-qos-profile. |
|
26.10415.20 |
3GPP-IMEISV |
This VSA contains the International Mobile Equipment Identity and its software version as signaled in the incoming GTP-C message for FWA sessions. If the corresponding GTP-C IE is not present the VSA is not included. To include this attribute use the command configure subscriber-mgmt authentication-policy name include-radius-attribute imei. |
|
26.10415.21 |
3GPP-RAT-Type |
This VSA contains the Radio Access Type as signaled in the incoming GTP-C message for FWA sessions. To include this attribute use the command configure subscriber-mgmt authentication-policy name include-radius-attribute rat-type. |
|
26.10415.22 |
3GPP-User-Location-Info |
This VSA contains the User Location Information as signaled in the incoming GTP-C message for FWA sessions. To include this attribute use the command configure subscriber-mgmt authentication-policy name include-radius-attribute uli. |
| Attribute ID | Attribute name | Type | Limits | SR OS format |
|---|---|---|---|---|
|
1 |
User-Name |
string |
253 chars |
Form depends on authentication method and configuration. For example: User-Name user1@domain1.com |
|
2 |
User-Password |
string |
64 bytes |
Encrypted password For example: User-Password 4ec1b7bea6f2892fa466b461c6accc00 |
|
3 |
CHAP-Password |
octets |
16+1 bytes |
Users CHAP identifier 1 followed by the Encrypted password For example: CHAP-Password 01ef8ddc7237f4adcd991ac4c277d312e9 |
|
4 |
NAS-IP-Address |
ipaddr |
4 bytes |
# ipv4 address For example: NAS-IP-Address=192.0.2.1 |
|
5 |
NAS-Port |
integer |
4 bytes |
nas-port <binary-spec> <binary-spec> = <bit-specification> <binary-spec> <bit-specification> = 0 | 1 | <bit-origin> <bit-origin> = *<number-of-bits><origin> <number-of-bits> = [1 to 32] <origin> = s: slot number m: MDA number p: port number, lag-id, pw-id or pxc-id o: outer VLAN ID i: inner VLAN ID c: pxc-subport (a=0, b=1) Only the lower bits of the specified origin are included if the number of bits assigned for that origin is not enough to hold its maximum value. For example, when specifying 10 bits for an outer VLAN ID (*10o), then VLAN 3000 (binary 1011 1011 1000) would be reported as 952 (binary 11 1011 1000) The connector number of a connector port, such as c1 in port 1/2/c1/2 is not encoded in the NAS-Port attribute For ports on an IOM-s in an SR-s chassis, such as 2/x1/1/c4/1, the MDA number is encoded as m=2 for an MDA in position x1/1 and m=3 for an MDA in position x1/2 For example: configured nas-port *12o*10i*3s*2m*5p for SAP 2/2/4:221.7 corresponds to the binary value 000011011101 0000000111 010 10 00100 resulting in NAS-Port = 231742788 |
|
6 |
Service-Type |
integer |
2 (mandatory value) |
PPPoE and PPPoL2TP hosts only For example: Service-Type = Framed-User |
|
7 |
Framed-Protocol |
integer |
1 (fixed value) |
PPPoE and PPPoL2TP hosts only For example: Service-Type = PPP |
|
8 |
Framed-IP-Address |
ipaddr |
4 bytes |
IP address to be assigned to the subscriber host. value 255.255.255.254: indicates that the NAS should select an address for the user (for example, Assigned from a pool of addresses kept by the NAS) For example: # ip-address 10.11.12.13 Framed-IP-Address 0a0b0c0d |
|
9 |
Framed-IP-Netmask |
ipaddr |
4 bytes |
For example: Framed-IP-Netmask = 255.255.255.255 #PPPoE residential Framed-IP-Netmask = 255.255.255.0 #PPPoE Business with IPCP option 144 support Framed-IP-Netmask = 255.255.255.0 # IPoE |
|
18 |
Reply-Message |
string |
253 chars |
For example: Reply-Message MyCustomizedReplyMessage |
|
22 |
Framed-Route |
string |
max 16 Framed-Routes attributes |
"<ip-prefix>[/<prefix-length>] <space> <gateway-address> [<space> <metric>] [<space> tag <space> <tag-value>] [<space> pref <space> <preference-value>]" where: <space> is a white space or blank character <ip-prefix>[/prefix-length] is the managed route to be associated with the routed subscriber host. The prefix-length is optional and if not specified, a class-full class A,B or C subnet is assumed. <gateway-address> must be the routed subscriber host IP address. ‟0.0.0.0” is automatically interpreted as the host IPv4 address. [<metric>] (Optional) Installed in the routing table as the metric of the managed route. If not specified, metric zero is used. Value = [0 to 65535] [tag <tag-value>] (Optional) The managed route is tagged for use in routing policies. If not specified or tag-value=0, then the route is not tagged. Value = [0 to 4294967295] [pref <preference-value>] (Optional) Installed in the routing table as protocol preference for this managed route. If not specified, preference zero is used. Value = [0 to 255] For example: Framed-Route = "192.168.1.0/24 0.0.0.0" where 0.0.0.0 is replaced by host address. Default metrics are used (metric=0, preference=0 and no tag) Framed-Route = "192.168.1.0 0.0.0.0" where 192.168.1.0 is a class-C network /24 and 0.0.0.0 is replaced host address. Default metrics are used. (Continued on next page) |
|
22 (cont.) |
Framed-Route (cont.) |
— |
— |
Framed-Route = "192.168.1.0/24 192.168.1.1" where 192.168.1.1 is the host address. Default metrics are used. Framed-Route = "192.168.1.0 0.0.0.0 10 tag 3 pref 100" installs a managed route with metric=10, protocol preference = 100 and tagged with tag=3 |
|
25 |
Class |
octets |
Up to 6 attributes. Max. value length for each attribute is 253 chars |
For example: Class += My Class1 Class += MyClass2 |
|
27 |
Session-Timeout |
integer |
[0 to 2147483647] seconds |
0 = infinite (no session-timeout) [0 to 2147483647] in seconds For example: Session-Timeout = 3600 |
|
28 |
Idle-Timeout |
integer |
[60 to 15552000] seconds |
0 = infinite (no idle-timeout) [60 to 15552000] in seconds For example: Idle-Timeout = 3600 |
|
30 |
Called-Station-Id |
string |
64 chars |
LNS: L2TP Called Number AVP21 from LAC For example: Called-Station-Id = 4441212 WLAN Gateway / vRGW: AP-MAC/BRG-MAC and SSID, separated by a colon. Value "00:00:00:00:00:00" is returned when the info is not available or provided in an invalid format. For example: Called-Station-Id = 00:00:01:00:00:01:my_ssid |
|
31 |
Calling-Station-Id |
string |
64 chars |
llid | mac | remote-id | sap-id | sap-string (64 char. string configured at sap-level) For example: include-radius-attribute calling-station-id sap-id Calling-Station-Id = 1/1/2:1.1 |
|
32 |
NAS-Identifier |
string |
64 chars |
For example: NAS-Identifier = PE1-Antwerp |
|
44 |
Acct-Session-Id |
string |
22 bytes |
Internally generated 22 bytes number. For example: Acct-Session-Id = 241AFF0000003250B5F750 |
|
60 |
CHAP-Challenge |
octets |
[8 to 64] bytes |
random length For example: 20 bytes CHAP-Challenge 0xa9710d2386c3e1771b8a3ea3d4e53f2a1c7024fb |
|
61 |
NAS-Port-Type |
integer |
4 bytes Values [0 to 255] |
Values as defined in rfc-2865 and rfc-4603 For LNS, the value is set to virtual (5) For example: NAS-Port-Type = PPPoEoQinQ (34) |
|
85 |
Acct-Interim-Interval |
integer |
0, [300 to 15552000] |
A value of 0 (zero) disables the generation of interim update messages. A value of 1 to 299 is rounded to 300s (minimum CLI value). A value of 300 to 15552000 specifies the Acct-Interim-Update message interval in seconds. A value greater than 15552000 is rounded to 15552000 (maximum CLI value). For example: 1 hour interval for interim updates Acct-Interim-Interval = 3600 |
|
87 |
NAS-Port-Id |
string |
253 bytes in Access-Request and Accounting Request messages. 128 bytes in CoA |
See [87] NAS-Port-Id attribute details for a detailed description of the attribute format. For example: NAS-Port-Id = 1/1/4:501.1001 NAS-Port-Id = LNS rtr-2#lip-203.0.113.1#rip-198.51.100.1#ltid-11381#rtid-1285#lsid-30067#rsid-19151#347 |
|
88 |
Framed-Pool |
string |
32 chars per pool name 65 chars in total (primary pool, delimiter, secondary pool) |
For example: Framed-Pool = "MyPoolname" Framed-Pool = "Pool-1#Pool-2" |
|
95 |
NAS-IPv6-Address |
ipv6addr |
16 bytes |
# ipv6 address For example: NAS-IPv6-Address = 2001:db8::1 |
|
97 |
Framed-IPv6-Prefix |
ipv6prefix |
max. 16 bytes for prefix + 1 byte for length |
PPPoE SLAAC wan-host <ipv6-prefix/prefix-length> with prefix-length 64 For example: Framed-IPv6-Prefix 2001:db8:FFF3:1::/64 |
|
99 |
Framed-IPv6-Route |
string |
max. 16 Framed-IPv6-Route attributes |
"<ip-prefix>/<prefix-length> <space> <gateway-address> [<space> <metric>] [<space> tag <space> <tag-value>] [<space> pref <space> <preference-value>]" where: <space> is a white space or blank character <ip-prefix>/<prefix-length> is the managed route to be associated with the routed subscriber host. <gateway-address> must be the routed subscriber host IP address. ‟::” and ‟0:0:0:0:0:0:0:0” are automatically interpreted as the wan-host IPv6 address. [<metric>] (Optional) Installed in the routing table as the metric of the managed route. If not specified, metric zero is used. Value = [0 to 65535] [tag <tag-value>] (Optional) The managed route is tagged for use in routing policies. If not specified or tag-value=0, then the route is not tagged. Value = [0 to 4294967295] [pref <preference-value>] (Optional) Installed in the routing table as protocol preference for this managed route. If not specified, preference zero is used. Value = [0 to 255] |
|
99 (continued) |
Framed-IPv6-Route |
string |
max. 16 Framed-IPv6-Route attributes |
For example: Framed-IPv6-Route = "2001:db8:1::/48 ::" where :: resolves in the wan-host. Default metrics are used (metric=0, preference=0 and no tag) Framed-IPv6-Route = "2001:db8:2::/48 0:0:0:0:0:0:0:0" where 0:0:0:0:0:0:0:0 resolves in the wan-host. Default metrics are used. Framed-IPv6-Route = "2001:db8:3::/48 0::0" where 0::0 resolves in the wan-host. Default metrics are used. Framed-IPv6-Route = "2001:db8:3::/48 2001:db8:aa:1::1" where 2001:db8:aa:1::1 is the wan-host. Default metrics are used. Framed-IPv6-Route = "2001:db8:1::/48 :: 10 tag 3 pref 100" installs a managed route with metric = 10, protocol preference = 100 and tagged with tag = 3 Framed-IPv6-Route = "2001:db8:1::/48 :: tag 5" installs a managed route with metric = 0 (default), protocol preference = 0 (default) and tagged with tag = 5 |
|
100 |
Framed-IPv6-Pool |
string |
32 chars |
For example: Framed-IPv6-Pool MyWanPoolnameIANA |
|
101 |
Error-Cause |
octets |
4 bytes |
Current supported causes are: Missing Attribute[402], NAS Identification Mismatch[403], Invalid Request[404], Unsupported Service[405], Invalid Attribute Value[407], Administratively Prohibited [501], Session Context Not Found [503], Resources Unavailable[506] For example: Error-Cause = Invalid Request |
|
123 |
Delegated-IPv6-Prefix |
ipv6prefix |
max. 16 bytes for prefix + 1 Byte for length |
<ipv6-prefix/prefix-length> with prefix-length [48 to 64] For example: Delegated-IPv6-Prefix 2001:DB8:173A:100::/56 |
|
26.2352.1 |
Client-DNS-Pri |
ipaddr |
4 bytes |
For example: Client-DNS-Pri = 198.51.100.1 |
|
26.2352.2 |
Client-DNS-Sec |
ipaddr |
4 bytes |
For example: Client-DNS-Sec = 198.51.100.2 |
|
26.2352.36 |
Ip-Address-Pool-Name |
string |
65 chars |
For example: Ip-Address-Pool-Name = Address_Pool_1 |
|
26.2352.99 |
RB-Client-NBNS-Pri |
ipaddr |
4 bytes |
For example: RB-Client-NBNS-Pri = 198.51.100.1 |
|
26.2352.100 |
RB-Client-NBNS-Sec |
ipaddr |
4 bytes |
For example: RB-Client-NBNS-Sec = 198.51.100.2 |
|
26.3561.1 |
Agent-Circuit-Id |
string |
247 chars |
format see also RFC4679 # Ethernet/DSL <Access-Node-Identifier><eth slot/port[:vlan-id]> For example: ethernet dslam1 slot 2 port 1 vlan 100 Agent-Circuit-Id = dslam1 eth 2/1:100 |
|
26.3561.2 |
Agent-Remote-Id |
string |
247 chars |
Format see also RFC 4679 For example: Agent-Remote-Id = MyRemoteId |
|
26.3561.129 |
Actual-Data-Rate-Upstream |
integer |
4294967295 |
For example: Actual-Data-Rate-Upstream = 1000000 |
|
26.3561.130 |
Actual-Data-Rate-Downstream |
integer |
4294967295 |
For example: Actual-Data-Rate-Downstream = 5000000 |
|
26.3561.131 |
Minimum-Data-Rate-Upstream |
integer |
4294967295 |
For example: Minimum-Data-Rate-Upstream = 1000 |
|
26.3561.132 |
Minimum-Data-Rate-Downstream |
integer |
4294967295
|
For example: Minimum-Data-Rate-Downstream = 1000 |
|
26.3561.133 |
Attainable-Data-Rate-Upstream |
integer |
4294967295
|
For example: Attainable-Data-Rate-Downstream = 1000 |
|
26.3561.134 |
Attainable-Data-Rate-Downstream |
integer |
4294967295
|
For example: Minimum-Data-Rate-Upstream = 1000 |
|
26.3561.135 |
Maximum-Data-Rate-Upstream |
integer |
4294967295
|
For example: Maximum-Data-Rate-Upstream = 1000 |
|
26.3561.136 |
Maximum-Data-Rate-Downstream |
integer |
4294967295
|
For example: Maximum-Data-Rate-Downstream = 1000 |
|
26.3561.137 |
Minimum-Data-Rate-Upstream-Low-Power |
integer |
4294967295
|
For example: Minimum-Data-Rate-Upstream-Low-Power = 1000 |
|
26.3561.138 |
Minimum-Data-Rate-Downstream-Low-Power |
integer |
4294967295
|
For example: Minimum-Data-Rate-Downstream-Low-Power = 1000 |
|
26.3561.139 |
Maximum-Interleaving-Delay-Upstream |
integer |
4294967295 |
For example: Maximum-Interleaving-Delay-Upstream = 10 |
|
26.3561.140 |
Actual-Interleaving-Delay-Upstream |
integer |
4294967295 |
For example: Actual-Interleaving-Delay-Upstream = 10 |
|
26.3561.141 |
Maximum-Interleaving-Delay-Downstream |
integer |
4294967295 |
For example: Maximum-Interleaving-Delay-Downstream = 10 |
|
26.3561.142 |
Actual-Interleaving-Delay-Downstream |
integer |
4294967295 |
For example: Actual-Interleaving-Delay-Downstream = 10 |
|
26.3561.144 |
Access-Loop-Encapsulation |
octets |
3 bytes |
<Data Link><Encaps-1><Encaps-2> <Data Link>: AAL5(0), Ethernet(1) <Encaps 1>: NotAvailable(0), Untagged Ethernet(1), Single-Tagged Ethernet(2) <Encaps 2>: Not Available(0), PPPoA LLC(1), PPPoA Null(2), IPoA LLC(3), IPoA Null(4), Ethernet over AAL5 LLC w FCS(5), Ethernet over AAL5 LLC without FCS(6), Ethernet over AAL5 Null w FCS(7), Ethernet over AAL5 Null without FCS(8) For example: Ethernet, Single-Tagged Ethernet, Not Available Access-Loop-Encapsulation = 0x010200 |
|
26.3561.254 |
IWF-Session |
octets |
len 0 |
For example: IWF-Session |
|
26.4874.2 |
ERX-Address-Pool-Name |
string |
65 chars |
For example: ERX-Address-Pool-Name = MyPoolname |
|
26.4874.4 |
ERX-Primary-Dns |
ipaddr |
4 bytes |
For example: ERX-Primary-Dns = 198.51.100.1 |
|
26.4874.5 |
ERX-Secondary-Dns |
ipaddr |
4 bytes |
For example: ERX-Secondary-Dns = 198.51.100.2 |
|
26.4874.6 |
ERX-Primary-Wins |
ipaddr |
4 bytes |
For example: ERX-Primary-Wins = 198.51.100.1 |
|
26.4874.7 |
ERX-Secondary-Wins |
ipaddr |
4 bytes |
For example: ERX-Ipv6-Primary-Dns = 198.51.100.2 |
|
26.4874.47 |
ERX-Ipv6-Primary-Dns |
ipv6addr |
16 bytes |
For example: ERX-Secondary-Wins = 2001:db8:1::1 |
|
26.4874.48 |
ERX-Ipv6-Secondary-Dns |
ipv6addr |
16 bytes |
For example: ERX-Ipv6-Secondary-Dns = 2001:db8:2::1 |
|
26.6527.9 |
Alc-Primary-Dns |
ipaddr |
4 bytes |
For example: Alc-Primary-Dns = 198.51.100.1 |
|
26.6527.10 |
Alc-Secondary-Dns |
ipaddr |
4 bytes |
For example: Alc-Secondary-Dns = 1198.51.100.2 |
|
26.6527.11 |
Alc-Subsc-ID-Str |
string |
64 chars |
For example: Alc-Subsc-ID-Str = MySubscriberId |
|
26.6527.12 |
Alc-Subsc-Prof-Str |
string |
32 chars |
For example: Alc-Subsc-Prof-Str = MySubProfile |
|
26.6527.13 |
Alc-SLA-Prof-Str |
string |
32 chars |
For example: Alc-SLA-Prof-Str = MySlaProfile |
|
26.6527.16 |
Alc-ANCP-Str |
string |
63 chars |
format see also RFC4679 # Ethernet/DSL <Access-Node-Identifier><eth slot/port[:vlan-id]> For example: If [26.3561.1] Agent-Circuit-Id = dslam1 eth 2/1:100 then put Alc-ANCP-Str = dslam1 eth 2/1:100 |
|
26.6527.18 |
Alc-Default-Router |
ipaddr |
4 bytes |
For example: Alc-Default-Router = 10.0.255.254 |
|
26.6527.27 |
Alc-Client-Hardware-Addr |
string |
6 bytes |
For example: Alc-Client-Hardware-Addr = 00:00:00:00:00:01 |
|
26.6527.28 |
Alc-Int-Dest-Id-Str |
string |
32 chars |
For example: Alc-Int-Dest-Id-Str= AccessNode1 |
|
26.6527.29 |
Alc-Primary-Nbns |
ipaddr |
4 bytes |
For example: Alc-Primary-Nbns = 198.51.100.1 |
|
26.6527.30 |
Alc-Secondary-Nbns |
ipaddr |
4 bytes |
For example: Alc-Secondary-Nbns = 198.51.100.2 |
|
26.6527.34 |
Alc-PPPoE-PADO-Delay |
integer |
[0 to 30] deci-seconds |
For example: 3 seconds pado-delay Alc-PPPoE-PADO-Delay = 30 |
|
26.6527.35 |
Alc-PPPoE-Service-Name |
string |
247 chars |
For example: Alc-PPPoE-Service-Name = MyServiceName |
|
26.6527.36 |
Alc-DHCP-Vendor-Class-Id |
string |
247 chars |
For example: Alc-DHCP-Vendor-Class-Id = My-DHCP-VendorClassId |
|
26.6527.45 |
Alc-App-Prof-Str |
string |
16 bytes |
For example: Alc-App-Prof-Str = MyAppProfile |
|
26.6527.99 |
Alc-Ipv6-Address |
ipv6addr |
16 bytes |
For example: Alc-Ipv6-Address 2001:db8:FFF5::1 |
|
26.6527.100 |
Alc-Serv-Id |
integer |
2147483647 ID |
For example: Alc-Serv-Id = 100 |
|
26.6527.101 |
Alc-Interface |
string |
32 chars |
For example: Alc-Interface = myGTPgroupinterface |
|
26.6527.102 |
Alc-ToServer-Dhcp-Options |
octets |
5 attributes 247 bytes/ attribute total 1235 bytes (includes 4B magic cookie) DSM: 2 attributes 247 bytes/attribute 494 bytes total |
For example: DHCPv4 Discover , option-60 [Class-identifier-option] = DHCP-VendorClassId ; Agent-Circuit-Id = circuit10;Agent-Remote-Id = remote10 Alc-ToServer-Dhcp-Options = 66313501013c12444843502d56656e646f72436c617373496452150109636972637569743130020872656d6f74653130 Fragmented DHCP packets are not supported. For DHCP packets totaling over 1500 bytes in size, DHCP signaling using in-band interface is recommended. |
|
26.6527.103 |
Alc-ToClient-Dhcp-Options |
octets |
8 attributes 247 bytes/attribute 1729 bytes total (for example, 7 attributes with the maximum length) |
For example: Insert DHCP Option 121, length=7, 16.192.168 10.1.255.254 # Classless Static Route: 192.168.0.0/16 10.1.255.254 Alc-ToClient-Dhcp-Options = 0x790710C0A80A01FFFE Fragmented DHCP packets are not supported. For DHCP packets totaling over 1500 bytes in size, DHCP signaling using in-band interface is recommended. |
|
26.6527.105 |
Alc-Ipv6-Primary-Dns |
ipv6addr |
16 bytes |
For example: Alc-Ipv6-Primary-Dns = 2001:db8:1::1 |
|
26.6527.106 |
Alc-Ipv6-Secondary-Dns |
ipv6addr |
16 bytes |
For example: Alc-Ipv6-Secondary-Dns = 2001:db8:2::1 |
|
26.6527.126 |
Alc-Subscriber- QoS-Override |
string |
18 attributes |
<direction>:<QoS object>:[<id or name>:][<parameter>=value,...] [iIeE]:[qQ]:<queue-id>:(pir|cir|mbs|cbs) [eE]:[qQ]:<queue-id>:(wrr_weight|class_weight) [iIeE]:[pP]:<policer-id>:(pir|cir|mbs|cbs) [eE]:[rR]:(rate) [eE]:[lL]:(rate) [eE]:[gG]:<wrr-group-id>:(rate|class_weight) [iIeE]:[aA]:root|<intermediate arbiter name>:(rate) [iIeE]:[sS]:<scheduler-name>:(rate|cir) See [26.6527.126] Alc-Subscriber-QoS-Override attribute details for a detailed description of the attribute format. For example: ingress queue 1 pir, cir, mbs, cbs and egress aggregate rate overrides Alc-Subscriber-QoS-Override += i:q:1:pir=40000,cir=20000,mbs=32000,cbs=16 000, Alc-Subscriber-QoS-Override += e:r:rate=800000 |
|
26.6527.131 |
Alc-Delegated-IPv6-Pool |
string |
32 chars |
For example: Alc-Delegated-IPv6-Pool = MyLanPoolnameIAPD |
|
26.6527.132 |
Alc-Access-Loop-Rate-Down |
integer |
[1 to 100000] kb/s |
For example: rate 4M b/s Alc-Access-Loop-Rate-Down = 4000 |
|
26.6527.133 |
Alc-Access-Loop-Encap-Offset |
octets |
3 bytes |
<Data Link><Encaps-1><Encaps-2> <Data Link>: AAL5(0), Ethernet(1) <Encaps 1>: NotAvailable(0), Untagged Ethernet(1), Single-Tagged Ethernet(2) <Encaps 2>: Not Available(0), PPPoA LLC(1), PPPoA Null(2), IPoA LLC(3), IPoA Null(4), Ethernet over AAL5 LLC w FCS(5), Ethernet over AAL5 LLC without FCS(6), Ethernet over AAL5 Null with FCS(7), Ethernet over AAL5 Null without FCS(8) For example: # pppoe-tagged -> 01,02,00 Alc-Access-Loop-Encap-Offset = 0x010200 |
|
26.6527.135 |
Alc-PPP-Force-IPv6CP |
integer |
[0 to 4294967295] |
0 : False - start IPv6CP negotiation only when IPv6 attributes are obtained in authentication >0 : True - also start IPv6CP negotiation when no IPv6 attributes are obtained in authentication For example: Alc-PPP-Force-IPv6CP = 1 |
|
26.6527.136 |
Alc-Onetime-Http-Redirection-Filter-Id |
string |
249 bytes |
‟Ingr-v4:<number>” [1 to 65535] = apply this filter-id as one-time-http-redirect-filter 0 = Remove the current redirection filter and replace it with sla-profile ingress filter For example: Alc-Onetime-Http-Redirection-Filter-Id = Ingr-v4:1000 |
|
26.6527.146 |
Alc-Wlan-APN- Name |
string |
247 bytes |
The APN is directly reflected as present in the incoming GTP-C message. For example: Alc-Wlan-APN-Name = demo.mnc001.mcc001.gprs |
|
26.6527.147 |
Alc-MsIsdn |
string |
9 to 15 digits |
Textual representation of the MSISDN in decimal format. For example: Alc-MsIsdn = 13109976224 |
|
26.6527.160 |
Alc-Relative-Session-Timeout |
integer |
[0 to 2147483647] seconds |
0 = infinite (no session-timeout) [0 to 2147483647] in seconds For example: Alc-Relative-Session-Timeout = 3600 |
|
26.6527.161 |
Alc-Delegated-IPv6-Prefix-Length |
integer |
[48 to 64] DPL length |
For example: Alc-Delegated-IPv6-Prefix-Length = 48 |
|
26.6527.174 |
Alc-Lease-Time |
integer |
[0 to 4294967295] seconds |
0 : fallback to the default lease-time of 7 days. The maximum value 4294967295 corresponds with a lease-time > 9999 days (24855d 03h). [1 to 4294967295] lease-time in seconds For example: Alc-Lease-Time = 3600 |
|
26.6527.175 |
Alc-DSL-Line-State |
integer |
4 bytes |
1=showtime, 2-idle, 3=silent For example: Alc-DSL-Line-State = SHOWTIME |
|
26.6527.176 |
Alc-DSL-Type |
integer |
4 bytes |
0=other, 1=ADSL1, 2=ADSL2, 3=ADSL2PLUS, 4=VDSL1, 5=VDSL2, 6=SDSL For example: Alc-DSL-Type = VDSL2 |
|
26.6527.177 |
Alc-Portal-Url |
string |
247 chars |
URL string. An empty string removes the override. For example: Alc-Portal-Url = ‟http://portal.com/welcome/sub=$SUB” |
|
26.6527.178 |
Alc-Ipv6-Portal-Url |
string |
247 chars |
URL string. An empty string removes the override. For example: Alc-IPv6-Portal-Url = ‟http://portal.com/welcome/sub=$SUB” |
|
26.6527.180 |
Alc-SAP-Session-Index |
integer |
4 bytes |
For example: Alc-SAP-Session-Index = 5 |
|
26.6527.181 |
Alc-SLAAC-IPv6-Pool |
string |
32 chars |
DHCPv6 server pool name. Pool name "_tmnx_auto" indicates that the pool is automatically selected by the system, for example for use with IPv6 firewall. For example: Alc-SLAAC-IPv6-Pool = "MySlaacPoolname" |
|
26.6527.183 |
Alc-WPP-Error-Code |
integer |
4 bytes |
A non-zero unsigned integer. Valid values are 1, 2, or 4 |
|
26.6527.185 |
Alc-Onetime-Http-Redirect-Reactivate |
string |
247 chars |
The value of the attribute is opaque. Its presence in a RADIUS CoA triggers the action. |
|
26.6527.191 |
Alc-ToServer-Dhcp6-Options |
octets |
5 attributes 247 bytes/ attribute 1235 bytes total DSM: 2 attributes 247 bytes/attribute 494 bytes total |
For example, when the DHCPv6 solicit contains following options: Option : ELAPSED_TIME (8), Length : 2 Time : 0 seconds Option : CLIENTID (1), Length : 10 LL : HwTyp=0001,LL=005100000002 00030001005100000002 Option : ORO (6), Length : 4 Requested Option : IA_NA (3) Requested Option : IA_PD (25) Option : IA_NA (3), Length : 12 IAID : 0 Time1: 0 seconds Time2: 0 seconds Option : IA_PD (25), Length : 12 IAID : 1 Time1: 0 seconds Time2: 0 seconds Alc-ToServer-Dhcp6-Options = 0x0008000200000001000a0003000100510000000200060004000300190003000c0000000000000000000000000019000c000000010000000000000000 Fragmented DHCP packets are not supported. For DHCP packets totaling over 1500 bytes in size, DHCP signaling using in-band interface is recommended. |
|
26.6527.192 |
Alc-ToClient-Dhcp6-Options |
octets |
8 attributes 247 bytes/ attribute 1729 bytes total (for example, 7 attributes with the maximum length) |
For example, to insert following option: Option: Simple Network Time Protocol Server (31) Length: 32 Value: SNTP servers address: 2001:db8:cafe:1::1 SNTP servers address: 2001:db8:cafe:2::1 Alc-ToClient-Dhcp6-Options = 0x001F002020010DB8CAFE0001000000000000000120010DB8CAFE00020000000000000001 Fragmented DHCP packets are not supported. For DHCP packets totaling over 1500 bytes in size, DHCP signaling using in-band interface is recommended. |
|
26.6527.200 |
Alc-v6-Preferred-Lifetime |
integer |
[300 to 315446399] seconds |
For example: Alc-v6-Preferred-Lifetime = 3600 |
|
26.6527.201 |
Alc-v6-Valid-Lifetime |
integer |
[300 to 315446399] seconds |
For example: Alc-v6-Valid-Lifetime = 86400 |
|
26.6527.202 |
Alc-Dhcp6-Renew-Time |
integer |
[0 to 604800] seconds |
For example: Alc-Dhcp6-Renew-Time = 1800 |
|
26.6527.203 |
Alc-Dhcp6-Rebind-Time |
integer |
[0 to 1209600] seconds |
For example: Alc-Dhcp6-Rebind-Time = 2880 |
|
26.6527.217 |
Alc-UPnP-Sub-Override-Policy |
string |
32 chars |
UPnP policy name or special values ‟_tmnx_no_override” or ‟_tmnx_disabled”. For example: Alc-UPnP-Sub-Override-Policy = ‟my-UPnP-policy” |
|
26.6527.228 |
Alc-Trigger-Acct-Interim |
string |
247 chars |
Free formatted string that is echoed in the triggered interim update message. For example: Alc-Trigger-Acct-Interim = "CoA - Filter update" |
|
26.6527.232 |
Alc-Acct-Interim-IvI |
integer |
1 VSA per tag per message Max. tag 1- 5 Value [300 to 15552000] |
Tagged attribute A value of 0 (zero) disables the generation of interim update messages. A value [1 to 299] seconds is rounded to 300s (min. CLI value) and a value > 15552000 seconds (max. CLI value) is rounded to the max. CLI value. An untagged attribute or tag value of 0 (zero) and tag values greater than 5 are not supported and result in a host setup failure or CoA Reject. A tag value of [1 to 5] changes the update interval of the corresponding accounting policy specified in the subscriber profile. For example: Alc-Acct-Interim-lvl:1 += 300 Alc-Acct-Interim-lvl:2 += 600 |
|
26.6527.234 |
Alc-DNAT-Override |
string |
247 chars |
{DNAT-state | DNAT-ip-addr}[,nat-policy-name] DNAT state = none | disable
DNAT-ip-addr = IPv4 address in dotted format (a.b.c.d)
DNAT-state and DNAT-ip-addr parameters are mutually exclusive nat-policy-name = name of the nat-policy. This is an optional parameter and if not specified then the default nat-policy is assumed. If two parameters are present simultaneously within the Alc-DNAT-Override attribute, then they are separated by a comma with no white spaces used as delimiter. For example: Alc-DNAT-Override=none This re-enables DNAT functionality in the default nat-policy, assuming that DNAT was previously disabled using the Alc-DNAT-Override=disable attribute submitted either in Access-Accept or in a previous CoA. If the none value was received at the time when the DNAT is already enabled, a CoA ACK is sent back to the originator. This negates any previous DNAT-related override in the default nat-policy. The DNAT functionality is set as originally defined in the default nat-policy. If the DNAT classifier is not present in the default nat-policy when this CoA is received, an error log message is raised. |
|
26.6527.234 |
— |
— |
— |
For example: Alc-DNAT-Override =198.51.100.1, nat-pol-1 This changes the default DNAT IP address to 198.51.100.1 in the specified nat-policy with name nat-pol-1. DNAT is implicitly enabled in case that it was disabled before this CoA was received. For example: Alc-DNAT-Override = none, 198.51.100.1 DNAT-state and DNAT-ip-addr parameters are mutually exclusive within the same Alc-DNAT-Override attribute. A CoA ACK is returned to the RADIUS server and an error event is logged. |
|
26.6527.238 |
Alc-Remove- Override |
string |
Single attribute identifier per attribute Multiple attributes per message |
[<action><space>]<attribute identifier> See [26.6527.238] Alc-Remove-Override attribute details for a detailed description of the attribute format and its possible values For example: To deactivate an ESM L2TP steering profile: Alc-Remove-Override = "deactivate 241.26.6527.25” |
|
26.6527.242 |
Alc-Radius-Py |
octets |
247 bytes |
Free formatted attribute value for use with a corresponding RADIUS Python script. |
|
26.6527.244 |
Alc-Force-DHCP-Relay |
string |
max. 2 attributes fixed values |
Fixed values: ‟relay-ipv4” – sets the lease origin to DHCP ‟relay-ipv6” – sets the lease origin to DHCP6 For example: Alc-Force-DHCP-Relay = ‟relay-ipv4” |
|
241.26.6527.16 |
Alc-IPv6-Router-Adv-Policy |
string |
32 chars |
The Router Advertisement policy name. For example: Alc-IPv6-Router-Adv-Policy = ‟RA-policy-01” |
|
241.26.6527.17 |
Alc-Nat-Outside-IPs |
string |
max. 4 attributes |
<outside IP address>;<NAT policy name> For example: Alc-Nat-Outside-IPs += 192.0.2.1;nat-policy-1 Alc-Nat-Outside-IPs += 198.51.100.1;nat-policy-2 |
|
241.26.6527.18 |
Alc-Mld-Import-Policy |
string |
32 chars Up to 14 attributes |
The MLD import policy name. A subscriber can have a list of up to 14 MLD import policies associated from Radius. Each MLD policy must be included in a separate attribute. For example: Alc-Mld-Import-Policy=”ch-lineup-01” |
|
241.26.6527.19 |
Alc-Bonding-Id |
— |
— |
Attribute limits are defined in the Bonding section, see Table: Bonding (limits). |
|
241.26.6527.22 |
Alc-Bonding-Reference-Rate |
— |
— |
Attribute limits are defined in the Bonding section, see Table: Bonding (limits). |
|
241.26.6527.27 |
Alc-IPv6-Sub-If-Prefix |
string |
127 chars Max. 1 attribute |
<IPv6 prefix>/<prefix length><space><type> Where <type> is either pd, wan-host, or wan-host pd. When not specified, pd is assumed. A maximum of one prefix per subscriber host or session can be specified and up to 24 prefixes per system or per subscriber interface. For example: Alc-IPv6-Sub-If-Prefix = ‟2001:db8::/32 pd” Alc-IPv6-Sub-If-Prefix = ‟2001:db8::/32 wan-host pd” Alc-IPv6-Sub-If-Prefix = ‟2001:db8::/32” |
|
241.26.6527.35 |
Alc-Mld-Import-Policy-Modif |
string |
34 chars Max. 5 attribute |
<action>:<MLD policy name> where <action> is a — Adds the MLD policy to the list of import policies. s – Subtracts (removes) the MLD policy from the list of import policies. For example: Alc-Mld-Import-Policy-Modif=”a:ch-lineup-01” Alc-Mld-Import-Policy-Modif=”s:ch-lineup-02” |
|
241.26.6527.37 |
Alc-VAS-IPv4-Filter |
string |
1..32 characters |
Name of a VAS filter as defined under configure subscriber-mgmt isa-service-chaining vas-filter For example: Alc-VAS-IPv4-Filter="vas_filter_1" |
|
241.26.6527.38 |
Alc-VAS-NSH-IPv4-Opaque-Meta-Data |
octets |
16 bytes |
Opaque data in network order to send in NSH. This is only applicable if insert-nsh is correctly configured and overrides insert-subscriber-id or opaque data configured under configure subscriber-mgmt isa-service-chaining vas-filter filter-name entry id action {downstream | upstream} insert-nsh meta-data. |
|
241.26.6527.39 |
Alc-Static-Port-Forward |
string |
64 SPFs |
See [241.26.6527.39] Alc-Static-Port-Forward attribute details for a detailed description of the attribute format and its possible values For example: Add an l2-aware NAT SPF to open up TCP port 80 (HTTP) on the outside and forward it to port 8080 on ip 10.1.0.1 on the inside: Alc-Static-Port-Forward = "c tcp 10.1.0.1 8080->80" |
|
241.26.6527.40 |
Alc-IPv6-Slaac-Replacement-Prefix |
ipv6prefix |
Max. 16 Bytes for prefix + 1 Byte for length |
<ipv6-prefix/prefix-length> with prefix-length 64 For example: Alc-IPv6-Slaac-Replacement-Prefix = 2001:db8:FFF3:1::/64 |
|
241.26.6527.47 |
Alc-SPI-Sharing-Id |
string |
Max. 247 chars |
To set or override the SLA Profile Instance (SPI) sharing to SPI sharing per group: "group:<group id>" where <group id> is an unsigned integer value in the range [0..65535] For example: Alc-SPI-Sharing-Id = "group:100" To set or override the SLA Profile Instance (SPI) sharing to the default SPI sharing method as specified in the SLA profile def-instance-sharing: "default" For example: Alc-SPI-Sharing-Id = "default" |
|
241.26.6527.57 |
Alc-Gtp-Skip-Ipv4-Alloc-Override |
integer |
[1 | 2] |
1 = on, overrides the CLI parameter skip-gtp-ipv4-alloc for this session. The IPv4 address is assigned using GTP signaling, even if the request does not contain the "IP address allocation using NAS signaling" (0x000a) PCO. 2 = off, do not override the CLI parameter skip-gtp-ipv4-alloc for this session. The effect is the same as not including the attribute. For example: Alc-Gtp-Skip-Ipv4-Alloc-Override = 1 |
|
241.26.6527.58 |
Alc-Change-Reporting-Action |
integer |
[0 | 3 | 4 | 6] |
0 = stop-reporting. Disables change reporting 1 = cgi-sai. Unexpected value 2 = rai. Unexpected value 3 = tai. Enables TAI change reporting 4 = ecgi. Enables ECGI change reporting 5 = cgi-sai-rai. Unexpected value 6 = tai-ecgi. Enables TAI and ECGI change reporting Unexpected values are accepted and reflected in GTP but does not trigger any location reporting by the system. For example: Alc-Change-Reporting-Action = 3 |
|
241.26.6527.62 |
Alc-Host-DNAT-Override |
integer |
[1 | 2] |
1 = enable dnat override 2 = disable dnat override For example: Alc-Host-DNAT-Override = 1 |
|
241.26.6527.71 |
Alc-Host-DNAT-Default-Address-Override |
ipaddr |
4 bytes |
A valid unicast IPv4 address For example: Alc-Host-DNAT-Default-Address-Override = 198.51.100.1 |
|
245.26.6527.5 |
Alc-Spi-Host-And-Session-Limits |
tlv |
23 attributes |
See [245.26.6527.5] Alc-Spi-Host-And-Session-Limits attribute details for a detailed description of the attribute format. |
|
245.26.6527.6 |
Alc-Sub-Host-And-Session-Limits |
tlv |
23 attributes |
See [245.26.6527.5] Alc-Spi-Host-And-Session-Limits attribute details for a detailed description of the attribute format. |
|
26.10415.1 |
3GPP-IMSI |
string |
1 to 15 digits |
3GPP vendor specific attribute as defined in 3GPP TS 29.061. For example: 3GPP-IMSI = 001001123456789 |
|
26.10415.5 |
3GPP-GPRS-Negotiated-QoS- Profile |
string |
length as defined in the 3GPP TS 29.061 |
Specified in TS 29.061 version 8.5.0 Release 8 section 16.4.7.2 For example: 3GPP-GPRS-Negotiated-QoS-Profile = 08-4D020000002710000000138800000001f40000000bb8 |
|
26.10415.20 |
3GPP-IMEISV |
string |
14 to 16 digits |
3GPP vendor specific attribute as defined in TS 29.061 |
|
26.10415.21 |
3GPP-RAT-Type |
octets |
1 octet [0..255] |
Specifies the Radio Access Technology type, see 3GPP 29.061 section 16.4.7.2. for more details For example (E-UTRAN RAT Type): 3GPP-RAT-Type = 0x06 |
|
26.10415.22 |
3GPP-User- Location-Info |
octets |
247 bytes |
3GPP vendor specific attribute as defined in TS 29.061 |
| Attribute ID | Attribute name | Access Request | Access Accept | CoA request |
|---|---|---|---|---|
|
1 |
User-Name |
1 |
0-1 |
0-1 |
|
2 |
User-Password |
0-1 |
0 |
0 |
|
3 |
CHAP-Password |
0-1 |
0 |
0 |
|
4 |
NAS-IP-Address |
0-1 |
0 |
0 |
|
5 |
NAS-Port |
0-1 |
0 |
0 |
|
6 |
Service-Type |
0-1 |
0-1 |
0-1 |
|
7 |
Framed-Protocol |
0-1 |
0-1 |
0-1 |
|
8 |
Framed-IP-Address |
0 |
0-1 |
0-11 |
|
9 |
Framed-IP-Netmask |
0 |
0-1 |
0 |
|
18 |
Reply-Message |
0 |
0-1 |
0 |
|
22 |
Framed-Route |
0 |
0+ |
0 |
|
25 |
Class |
0 |
0+ |
0+ |
|
27 |
Session-Timeout |
0 |
0-1 |
0-1 |
|
28 |
Idle-Timeout |
0 |
0-1 |
0-1 |
|
30 |
Called-Station-Id |
0-1 |
0 |
0-1 |
|
31 |
Calling-Station-Id |
0-1 |
0-1 |
0-1 |
|
32 |
NAS-Identifier |
0-1 |
0 |
0 |
|
44 |
Acct-Session-Id |
0-1 |
0 |
0-11 |
|
60 |
CHAP-Challenge |
0-1 |
0 |
0 |
|
61 |
NAS-Port-Type |
0-1 |
0 |
0-1 |
|
85 |
Acct-Interim-Interval |
0 |
0-1 |
0-1 |
|
87 |
NAS-Port-Id |
0-1 |
0 |
0-11 |
|
88 |
Framed-Pool |
0 |
0-1 |
0 |
|
95 |
NAS-IPv6-Address |
0-1 |
0 |
0 |
|
97 |
Framed-IPv6-Prefix |
0 |
0-1 |
0-11 |
|
99 |
Framed-IPv6-Route |
0 |
0+ |
0 |
|
100 |
Framed-IPv6-Pool |
0 |
0-1 |
0 |
|
101 |
Error-Cause |
0 |
0 |
0-1 |
|
123 |
Delegated-IPv6-Prefix |
0 |
0-1 |
0-11 |
|
26.2352.1 |
Client-DNS-Pri |
0 |
0-1 |
0-1 |
|
26.2352.2 |
Client-DNS-Sec |
0 |
0-1 |
0-1 |
|
26.2352.36 |
Ip-Address-Pool-Name |
0 |
0-1 |
0 |
|
26.2352.99 |
RB-Client-NBNS-Pri |
0 |
0-1 |
0-1 |
|
26.2352.100 |
RB-Client-NBNS-Sec |
0 |
0-1 |
0-1 |
|
26.3561.1 |
Agent-Circuit-Id |
0-1 |
0-1 |
0 |
|
26.3561.2 |
Agent-Remote-Id |
0-1 |
0 |
0 |
|
26.3561.129 |
Actual-Data-Rate-Upstream |
0-1 |
0 |
0 |
|
26.3561.130 |
Actual-Data-Rate-Downstream |
0-1 |
0 |
0 |
|
26.3561.131 |
Minimum-Data-Rate-Upstream |
0-1 |
0 |
0 |
|
26.3561.132 |
Minimum-Data-Rate-Downstream |
0-1 |
0 |
0 |
|
26.3561.133 |
Attainable-Data-Rate-Upstream |
0-1 |
0 |
0 |
|
26.3561.134 |
Attainable-Data-Rate-Downstream |
0-1 |
0 |
0 |
|
26.3561.135 |
Maximum-Data-Rate-Upstream |
0-1 |
0 |
0 |
|
26.3561.136 |
Maximum-Data-Rate-Downstream |
0-1 |
0 |
0 |
|
26.3561.137 |
Minimum-Data-Rate-Upstream-Low-Power |
0-1 |
0 |
0 |
|
26.3561.138 |
Minimum-Data-Rate-Downstream-Low-Power |
0-1 |
0 |
0 |
|
26.3561.139 |
Maximum-Interleaving-Delay-Upstream |
0-1 |
0 |
0 |
|
26.3561.140 |
Actual-Interleaving-Delay-Upstream |
0-1 |
0 |
0 |
|
26.3561.141 |
Maximum-Interleaving-Delay-Downstream |
0-1 |
0 |
0 |
|
26.3561.142 |
Actual-Interleaving-Delay-Downstream |
0-1 |
0 |
0 |
|
26.3561.144 |
Access-Loop-Encapsulation |
0-1 |
0 |
0 |
|
26.3561.254 |
IWF-Session |
0-1 |
0-1 |
0 |
|
26.4874.2 |
ERX-Address-Pool-Name |
0 |
0-1 |
0 |
|
26.4874.4 |
ERX-Primary-Dns |
0 |
0-1 |
0-1 |
|
26.4874.5 |
ERX-Secondary-Dns |
0 |
0-1 |
0-1 |
|
26.4874.6 |
ERX-Primary-Wins |
0 |
0-1 |
0-1 |
|
26.4874.7 |
ERX-Secondary-Wins |
0 |
0-1 |
0-1 |
|
26.4874.47 |
ERX-Ipv6-Primary-Dns |
0 |
0-1 |
0-1 |
|
26.4874.48 |
ERX-Ipv6-Secondary-Dns |
0 |
0-1 |
0-1 |
|
26.6527.9 |
Alc-Primary-Dns |
0 |
0-1 |
0-1 |
|
26.6527.10 |
Alc-Secondary-Dns |
0 |
0-1 |
0-1 |
|
26.6527.11 |
Alc-Subsc-ID-Str |
0 |
0-1 |
0-11 |
|
26.6527.12 |
Alc-Subsc-Prof-Str |
0 |
0-1 |
0-1 |
|
26.6527.13 |
Alc-SLA-Prof-Str |
0 |
0-1 |
0-1 |
|
26.6527.16 |
Alc-ANCP-Str |
0 |
0-1 |
0-1 |
|
26.6527.18 |
Alc-Default-Router |
0 |
0-1 |
0 |
|
26.6527.27 |
Alc-Client-Hardware-Addr |
0-1 |
0-1 |
0-1 |
|
26.6527.28 |
Alc-Int-Dest-Id-Str |
0 |
0-1 |
0-1 |
|
26.6527.29 |
Alc-Primary-Nbns |
0 |
0-1 |
0-1 |
|
26.6527.30 |
Alc-Secondary-Nbns |
0 |
0-1 |
0-1 |
|
26.6527.34 |
Alc-PPPoE-PADO-Delay |
0 |
0-1 |
0 |
|
26.6527.35 |
Alc-PPPoE-Service-Name |
0-1 |
0 |
0 |
|
26.6527.36 |
Alc-DHCP-Vendor-Class-Id |
0-1 |
0 |
0 |
|
26.6527.45 |
Alc-App-Prof-Str |
0 |
0-1 |
0-1 |
|
26.6527.99 |
Alc-Ipv6-Address |
0 |
0-1 |
0-11 |
|
26.6527.100 |
Alc-Serv-Id |
0 |
0-1 |
0 |
|
26.6527.101 |
Alc-Interface |
0 |
0-1 |
0 |
|
26.6527.102 |
Alc-ToServer-Dhcp-Options |
0+ |
0 |
0 |
|
26.6527.103 |
Alc-ToClient-Dhcp-Options |
0 |
0+ |
0 |
|
26.6527.105 |
Alc-Ipv6-Primary-Dns |
0 |
0-1 |
0-1 |
|
26.6527.106 |
Alc-Ipv6-Secondary-Dns |
0 |
0-1 |
0-1 |
|
26.6527.126 |
Alc-Subscriber-QoS-Override |
0 |
0-1 |
0-1 |
|
26.6527.131 |
Alc-Delegated-IPv6-Pool |
0 |
0-1 |
0 |
|
26.6527.132 |
Alc-Access-Loop-Rate-Down |
0 |
0-1 |
0-1 |
|
26.6527.133 |
Alc-Access-Loop-Encap-Offset |
0 |
0-1 |
0 |
|
26.6527.135 |
Alc-PPP-Force-IPv6CP |
0 |
0-1 |
0 |
|
26.6527.136 |
Alc-Onetime-Http-Redirection-Filter-Id |
0 |
0-1 |
0-1 |
|
26.6527.146 |
Alc-Wlan-APN-Name |
0-1 |
0 |
0 |
|
26.6527.147 |
Alc-MsIsdn |
0-1 |
0 |
0 |
|
26.6527.160 |
Alc-Relative-Session-Timeout |
0 |
0-1 |
0-1 |
|
26.6527.161 |
Alc-Delegated-IPv6-Prefix-Length |
0 |
0-1 |
0 |
|
26.6527.174 |
Alc-Lease-Time |
0 |
0-1 |
0 |
|
26.6527.175 |
Alc-DSL-Line-State |
0-1 |
0 |
0 |
|
26.6527.176 |
Alc-DSL-Type |
0-1 |
0 |
0 |
|
26.6527.177 |
Alc-Portal-Url |
0 |
0-1 |
0-1 |
|
26.6527.178 |
Alc-Ipv6-Portal-Url |
0 |
0-1 |
0-1 |
|
26.6527.180 |
Alc-SAP-Session-Index |
0-1 |
0 |
0 |
|
26.6527.181 |
Alc-SLAAC-IPv6-Pool |
0 |
0-1 |
0 |
|
26.6527.183 |
Alc-WPP-Error-Code |
0 |
0 (Access-Reject only) |
0 |
|
26.6527.185 |
Alc-Onetime-Http-Redirect-Reactivate |
0 |
0 |
0-1 |
|
26.6527.191 |
Alc-ToServer-Dhcp6-Options |
0+ |
0 |
0 |
|
26.6527.192 |
Alc-ToClient-Dhcp6-Options |
0 |
0+ |
0 |
|
26.6527.200 |
Alc-v6-Preferred-Lifetime |
0 |
0-1 |
0 |
|
26.6527.201 |
Alc-v6-Valid-Lifetime |
0 |
0-1 |
0 |
|
26.6527.202 |
Alc-Dhcp6-Renew-Time |
0 |
0-1 |
0 |
|
26.6527.203 |
Alc-Dhcp6-Rebind-Time |
0 |
0-1 |
0 |
|
26.6527.217 |
Alc-UPnP-Sub-Override-Policy |
0 |
0-1 |
0-1 |
|
26.6527.228 |
Alc-Trigger-Acct-Interim |
0 |
0 |
0-1 |
|
26.6527.232 |
Alc-Acct-Interim-IvI |
0 |
0+ |
0+ |
|
26.6527.234 |
Alc-DNAT-Override |
0 |
0+ |
0+ |
|
26.6527.238 |
Alc-Remove-Override |
0 |
0 |
0+ |
|
26.6527.242 |
Alc-Radius-Py |
0+ |
0+ |
0+ |
|
26.6527.244 |
Alc-Force-DHCP-Relay |
0 |
0+ |
0 |
|
241.26.6527.16 |
Alc-IPv6-Router-Adv-Policy |
0 |
0-1 |
0-1 |
|
241.26.6527.17 |
Alc-Nat-Outside-IPs |
0 |
0+ |
0+ |
|
241.26.6527.18 |
Alc-Mld-Import-Policy |
0 |
0+ |
0+ |
|
241.26.6527.19 |
Alc-Bonding-Id |
0 |
0-1 |
0 |
|
241.26.6527.22 |
Alc-Bonding-Reference-Rate |
0 |
0-1 |
0-1 |
|
241.26.6527.27 |
Alc-IPv6-Sub-If-Prefix |
0 |
0-1 |
0 |
|
241.26.6527.35 |
Alc-Mld-Import-Policy-Modif |
0 |
0 |
0+ |
|
241.26.6527.37 |
Alc-VAS-IPv4-Filter |
0 |
0-1 |
0-1 |
|
241.26.6527.38 |
Alc-VAS-NSH-IPv4-Opaque-Meta-Data |
0 |
0-1 |
0-1 |
|
241.26.6527.39 |
Alc-Static-Port-Forward |
0 |
0+ |
0+ |
|
241.26.6527.40 |
Alc-IPv6-Slaac-Replacement-Prefix |
0 |
0 |
0-1 |
|
241.26.6527.47 |
Alc-SPI-Sharing-Id |
0 |
0-1 |
0-1 |
|
241.26.6527.57 |
Alc-Gtp-Skip-Ipv4-Alloc-Override |
0 |
0-1 |
0 |
|
241.26.6527.58 |
Alc-Change-Reporting-Action |
0 |
0-1 |
0-1 |
|
241.26.6527.62 |
Alc-Host-DNAT-Override |
0 |
0-1 |
0-1 |
|
241.26.6527.71 |
Alc-Host-DNAT-Default-Address-Override |
0 |
0-1 |
0-1 |
|
245.26.6527.5 |
Alc-Spi-Host-And-Session-Limits |
0 |
0+ |
0+ |
|
245.26.6527.6 |
Alc-Sub-Host-And-Session-Limits |
0 |
0+ |
0+ |
|
26.10415.1 |
3GPP-IMSI |
0-1 |
0 |
0 |
|
26.10415.5 |
3GPP-GPRS-Negotiated-QoS-Profile |
0-1 |
0-1 |
0 |
|
26.10415.20 |
3GPP-IMEISV |
0-1 |
0 |
0 |
|
26.10415.21 |
3GPP-RAT-Type |
0-1 |
0 |
0 |
|
26.10415.22 |
3GPP-User-Location-Info |
0-1 |
0 |
0 |