Virtual residential gateway

This section describes the attributes that are used in virtual residential gateway (vRGW) authentication. This includes both authentication at the home/BRG (Bridged Residential Gateway) level and authentication at the per device/session level. The terminology used is as follows:

Table: vRGW (description) and Table: vRGW (limits) lists the description and limits for vRGW authentication attributes that are specific to vRGW applications only or that are different from the ESM or WLAN-GW authentication scenarios.

Table: vRGW - BRG level authentication – Access Request (applicability) lists the applicability for BRG level authentication Access Request attributes. This table is only applicable when the vRGW performs authentication on behalf of the BRG.

Table: vRGW - BRG and session level authentication (applicability) lists the applicability for BRG level and session level authentication Access-Accept/CoA attributes of sessions in a vRGW context. Access-Accept and CoA attributes that are not listed or explicitly listed as 0 are not supported.

Table: vRGW (description)
Attribute ID Attribute name Description

1

User-Name

In BRG authentication this is fixed to the Bridged Residential Gateway Identifier (BRG-Id)

2

User-Password

In BRG authentication this maps to a pre-configured password: configure subscriber-mgmt vrgw brg brg-profile profile-name radius-authentication password password

The attribute is not included when no password is configured.

26.6527.35

Alc-PPPoE-Service-Name

This VSA indicates the value of the service-name attribute that is included in a PADI sent by the PPPoE client.

26.6527.220

Alc-Home-Aware-Pool

This specifies a basic small-scale IP pool that can be used to allocate addresses to multiple hosts of the same subscriber. This IP allocation mechanism has priority over other mechanisms (IP from RADIUS, IP from LUDB, IP from DHCP server). It is not necessary for a pool to be configured on the NAT inside, but if there is one, this overrides those values.

This attribute updates following four parameters:

  • the default-gateway IP address of the subnet

  • the prefix length of the subnet

  • the subnet itself (derived from default-gateway and prefix length)

  • the range of IP addresses suitable for allocation. These must fall inside the subnet. The start and end addresses are included for allocation.

The attribute can also be used to change the pool for an existing subscriber, resulting in:

  • No existing hosts are deleted.

  • Hosts whose IP also falls in the new range have their lease moved to the new pool and keep running as before.

  • Hosts whose IP no longer falls in the new range keep on running but the first renew is NAK’d. An IP from the new range is then assigned through a regular DORA sequence.

If the pool is incorrectly formatted, host setup fails or the CoA is not applied and NAK’d.

26.6527.221

Alc-DMZ-Address

In a vRGW context with home-aware pool management this attribute identifies the IP address to be used for DMZ. This attribute does not trigger the creation of a host with this IP, but if the host specified by this IP is installed, DMZ is enabled in NAT. All incoming traffic not matching an existing NAT flow is forwarded to this host with ports unchanged.

26.6527.222

Alc-Standby-lps

After a stateless redundancy event this attribute can be used to inform the home aware pool of addresses that were in use before failure. The pool sets these addresses aside and does not use them for dynamic allocation. Only devices explicitly requiring this IP, for example using data trigger or DHCP renew, get this IP address assigned. After a configurable time (configure subscriber-mgmt vrgw brg brg-profile profile-name dhcp-pool standby-ip-lifetime) all addresses that are still in standby is returned to the pool and made available for dynamic allocation. This VSA only applies when the pool is initially created any further changes are ignored.

26.6527.223

Alc-Reserved-Addresses

For a subscriber with home-aware pool management this attribute lists a set of MAC-IP combinations that are reserved. IP addresses listed here are only allocated to the host with that specific MAC address. There are three types of reserved addresses:

  • sticky private IP

    The IP address falls in the pool subnet and in the dynamic range. This IP address is only allocated using DHCP to the host with the specified MAC address.

  • static private IP

    The IP address falls in the pool subnet. This host is automatically created as soon as the subscriber access parameters are known (SAP or tunnel). This host uses L2-Aware NAT for forwarding to the network.

  • static public IP

    The IP address falls outside the pool subnet and any L2-Aware subnets. This host is created just as a static private IP, but the resulting host does not use L2-Aware NAT for forwarding.

This is mainly used to simplify configuration of always-on devices in home networks. For example a network printer may have a sticky or private static IP, a light webserver may use private static IP + DMZ or a public static IP. A keyword is used to differentiate between sticky and static addresses.

This attribute can be repeated multiple times to specify multiple reserved hosts. The list of reserved addresses can be changed using a CoA as follows:

  • Adding an address to the list creates the static host or makes an IP sticky. This is rejected if another host already uses the specified IP.

  • Removing an address from the list deletes the static host or removes stickiness.

  • Removing the last/all sticky addresses can be done by listing the sticky mapping of 00:00:00:00:00:00 to 0.0.0.0, no other sticky mappings may be present at that point.

26.6527.224

Alc-BRG-Profile

Specifies that this Bridged Residential Gateway (BRG) should use the values configured under configure subscriber-mgmt vrgw brg brg-profile profile-name.

26.6527.225

Alc-BRG-Id

In session authentication, reflects the BRG identifier of the associated BRG (if known) in Access-Request.

In BRG authentication, reflects the BRG identifier (if known), in the Access Request.

Can also be used as key to target a specific BRG with a CoA/Disconnect message.

26.6527.235

Alc-BRG-DHCP-Streaming-Dest

When specified in authentication, DHCPv4 messages (UDP layer) from all sessions for that BRG are mirrored to this destination. If a valid non 0.0.0.0 value is provided for the destination address, then streaming is enabled for the BRG (for example, for all sessions associated with the BRG). Streaming can be disabled at the BRG level by including this VSA with value 0.0.0.0.

26.6527.236

Alc-Host-DHCP-Streaming-Disabled

(Applies to session level authentication of a session associated with a BRG or CoA targeted to a session in a vRGW context.)

This attribute controls the DHCPv4 streaming per session. A value of 1 disables DHCPv4 streaming for the session, and value of 0 enables it.

26.6527.238

Alc-Remove-Override

This VSA refers to another VSA that is about to be removed or explicitly disabled. When the referred VSA is removed, SR OS falls back to behavior as if the VSA was never specified. When removed on session level the BRG level is used (if present). When removed on BRG level the default behavior is used.

26.6527.241

Alc-Per-Host-Port-Range

This attribute is used to enable or disable per-host outside port-range allocation for vRGW. When present, this attribute indicates how many ports should be available in each per host range. A value of zero disables per-host port range allocation. This attribute can only be used if a single block per nat outside IP is provisioned using configure router | service vprn service-id nat outside pool nat-pool-name port-reservation blocks 1.

241.26.6527.1

Alc-PPPoE-Client-Service

This VSA indicates in which L2 service PPPoE traffic is forwarded.

241.26.6527.2

Alc-PPPoE-Client-MAC

This VSA indicates the MAC address used by the PPPoE Client. If this VSA is omitted, then the BRG-ID formatted as MAC address is used instead. The PPPoE session setup fails when the VSA is not included and the BRG-ID is not formatted as a MAC address.

241.26.6527.3

Alc-PPPoE-Client-Policy

This VSA indicates that a BRG PPPoE client needs to be started and which pre-configured policy should be used as input parameters. If this attribute is omitted, all other PPPoE-Client related VSAs are ignored.

241.26.6527.4

Alc-PPPoE-Client-Username

This VSA specifies which username must be used in the PAP authentication phase of the PPPoE Client setup. If it is not provisioned, the BRG-ID is used.

241.26.6527.5

Alc-PPPoE-Client-Password

This VSA specifies which password (PAP) or secret (CHAP) must be used in the authentication phase of the PPPoE Client setup.

241.26.6527.9

Alc-Bridge-Id

This VSA enables a Home LAN Extension (HLE) service for the subscriber: the system creates an HLE service and bridge domain using the attribute value as the bridge domain ID. Not specifying a bridge ID when HLE is enabled on the wlangw group interface for session and BRG level authentication results in a session setup failure.

241.26.6527.10

Alc-Vxlan-VNI

This VSA specifies the VXLAN Network Identifier (VNI) to be used for an egress VXLAN packet of the HLE service. When the VSA is not included, then the system automatically assigns a VNI.

241.26.6527.14

Alc-RT

This VSA specifies the Route Target of the HLE BGP EVPN service. When the VSA is not included, then the system derives the route target as "target:<configured_lanext_as>:<Alc-Bridge-Id>". Where <configured_lanext_as> is the value configured with configure subscriber-mgmt vrgw lanext router-target-as-number as-number.

241.26.6527.15

Alc-RD

This VSA specifies the Route Distinguisher of the HLE BGP EVPN service. When the VSA is not included, then the system derives the route distinguisher as "<configured_lanext_as>:<Alc-Bridge-Id>". Where <configured_lanext_as> is the value configured with configure subscriber-mgmt vrgw lanext router-target-as-number as-number.

241.26.6527.24

Alc-IPv6-DMZ-Enabled

This VSA determines if the corresponding session should be treated as part of a demilitarized zone in an IPv6 firewall or not. This attribute is ignored if the session is not part of a subscriber with firewall enabled.

241.26.6527.30

Alc-HLE-Access-Ingress-Policer

This VSA references the ISA policer (configure subscriber-mgmt isa-policer) to be used to rate limit ingress home traffic per tunnel on the HLE access facing connection of the Bridge Domain. Overrides the policer configured in

configure service ies|vprn service-id subscriber-interface ip-int-name group-interface ip-int-name wlan-gw vlan-tag-ranges range range vrgw lanext access policer policer-name

241.26.6527.32

Alc-HLE-Network-Ingress-Policer

This VSA references the ISA policer (configure subscriber-mgmt isa-policer) to be used to rate-limit ingress data center traffic per tunnel on the HLE network facing connection of the Bridge Domain. Overrides the policer configured in

configure service ies|vprn service-id subscriber-interface ip-int-name group-interface ip-int-name wlan-gw vlan-tag-ranges range range vrgw lanext network policer policer-name

241.26.6527.39

Alc-Static-Port-Forward

This VSA includes any static port forwards for L2-aware NAT and, or IPv6 firewall.
Table: vRGW (limits)
Attribute ID Attribute name Type Limits SR OS format

1

User-Name

string

32 chars

For example:

User-Name = ‟00:01:02:03:04:05”

2

User-Password

string

64 bytes encrypted password

For example:

User-Password = ‟4ec1b7bea6f2892fa466b461c6accc00”

26.6527.35

Alc-PPPoE-Service-Name

string

247 chars

For example:

Alc-PPPoE-Service-Name = MyServiceName

26.6527.220

Alc-Home-Aware-Pool

string

Max. 2048 IP addresses in range

<gateway-ip>/<prefix-length> <space> <start-address> <dash> <end-address>

For example:

Alc-Home-Aware-Pool = ‟192.168.1.2/24 192.168.1.50-192.168.1.100”

26.6527.221

Alc-DMZ-Address

ipaddr

4 bytes

Must be within the subnet of the home aware pool. 0.0.0.0 disables DMZ.

For example: Enable

Alc-DMZ-Address = 192.168.1.90

For example: Disable

Alc-DMZ-Address = 0.0.0.0

26.6527.222

Alc-Standby-lps

ipaddr

4 bytes

Up to 128 VSA’s

This attribute can occur multiple times.

For example:

Alc-Standby-Ips += 192.168.1.100

Alc-Standby-Ips += 192.168.1.111

Alc-Standby-Ips += 192.168.1.115

26.6527.223

Alc-Reserved-Addresses

string

Max. 40 chars

Max. 64 attributes

<static | sticky> <space> <mac-address> <space> <ip-address>

Per attribute, a single MAC and IP to specify the reservation and a keyword to specify the type of reservation (sticky or static).

To delete all/last host of a specific reservation type, specify the type keyword and a mapping of MAC 00:00:00:00:00:00 to IP 0.0.0.0

For example:

  • static private host 00:00:01:00:00:01 = 192.168.1.90, sticky host 00:00:0A:00:00:0A = 192.168.1.70 and static public host 00:00:0B:00:00:0B = 100.0.0.1

    Alc-Reserved-Addresses = ‟static 00:00:01:00:00:01 192.168.1.90”

    Alc-Reserved-Addresses = ‟sticky 00:00:0A:00:00:0A 192.168.1.70”

    Alc-Reserved-Addresses = ‟sticky 00:00:0B:00:00:0B 100.0.0.1”

  • to remove all or last sticky IPs

    Alc-Reserved-Addresses = ‟sticky 00:00:00:00:00:00 0.0.0.0”.

26.6527.224

Alc-BRG-Profile

string

16 chars

For example:

Alc-BRG-Profile = ‟default_brg”

26.6527.225

Alc-BRG-Id

string

64 chars

For example:

Alc-BRG-Id = ‟00:01:02:03:04:05”

26.6527.235

Alc-BRG-DHCP-Streaming-Dest

ipaddr

4 bytes

The destination IPv4 address for streaming DHCPv4 messages.

IPv4 = 0.0.0.0 disables DHCPv4 streaming at BRG level

For example:

Alc-BRG-DHCP-Streaming-Dest = 172.30.1.1

Alc-BRG-DHCP-Streaming-Dest = 0.0.0.0

26.6527.236

Alc-Host-DHCP-Streaming-Disabled

integer

4 bytes

[0 to 1]

0 = enable DHCPv4 streaming for this session

1 = disable DHCPv4 streaming for this session

Controls DHCPv4 streaming on per session level.

For example:

Alc-Host-DHCP-Streaming-Disabled = 1

26.6527.238

Alc-Remove-Override

string

Single attribute identifier per attribute. Multiple attributes per message.

[<action><space>]<attribute identifier>

See [26.6527.238] Alc-Remove-Override attribute details for a detailed description of the attribute format and its possible values.

For example:

remove overrides for SLA-Profile And NAS-Filter-Rule

Alc-Remove-Override += ‟26.6527.13”

Alc-Remove-Override += ‟92”

26.6527.241

Alc-Per-Host-Port-Range

integer

0-64512

A value of 0 disables per-host port range allocation. Ports are allocated from the available dynamic ports per IP address.

A value of 1 to 64512 specifies the number of ports per host range. This is additionally limited by the number of available dynamic ports per IP address.

For example:

1000 ports per host, max. 64 hosts

Alc-Per-Host-Port-Range = 1000

241.26.6527.1

Alc-PPPoE-Client-Service

integer

2147483647

For example:

Alc-PPPoE-Client-Service = 2

241.26.6527.2

Alc-PPPoE-Client-MAC

string

17 chars

MAC address in aa: or AA: format.

For example:

Alc-PPPoE-Client-MAC = "00:00:5E:00:53:01"

241.26.6527.3

Alc-PPPoE-Client-Policy

string

32 chars

String referring to a policy configured under configure subscriber-mgmt pppoe-client-policy

For example:

Alc-PPPoE-Client-Policy = Policy-1

241.26.6527.4

Alc-PPPoE-Client-Username

string

247 chars

For example:

Alc-PPPoE-Client-Username = user-1

241.26.6527.5

Alc-PPPoE-Client-Password

string

247 chars

Encrypted Password

For example:

Alc-PPPoE-Client-Password = password-1

241.26.6527.9

Alc-Bridge-Id

integer

1 - 4294967294

For example:

Alc-Bridge-Id = 200

241.26.6527.10

Alc-Vxlan-VNI

integer

1 - 16777214

For example:

Alc-Vxlan-VNI =250

241.26.6527.14

Alc-RT

string

SR OS supported format

One of the following formats:

  • target:<ip-addr:comm-val>

  • target:<2byte-asnumber:ext-comm-val>

  • target:<4byte-asnumber:comm-val>

For example:

Alc-RT = "target: 64496:200"

241.26.6527.15

Alc-RD

string

SR OS supported format

One of the following formats:

  • <ip-addr:comm-val>

  • <2byte-asnumber:ext-comm-val>

  • <4byte-asnumber:comm-val>

For example:

Alc-RD = "64496:510"

241.26.6527.24

Alc-IPv6-DMZ-Enabled

integer

[0 to 1]

0 = DMZ disabled

1 = DMZ enabled

For example:

DMZ enabled Alc-IPv6-DMZ-Enabled = 1

241.26.6527.30

Alc-HLE-Access-Ingress-Policer

string

32 chars

ISA policer name

For example:

Alc-HLE-Access-Ingress-Policer = policer-1

241.26.6527.32

Alc-HLE-Network-Ingress-Policer

string

32 chars

ISA policer name

For example:

Alc-HLE-Network-Ingress-Policer = policer-2

241.26.6527.39

Alc-Static-Port-Forward

string

64 SPFs

See [241.26.6527.39] Alc-Static-Port-Forward attribute details for details on this format.

For example:

Add an IPv6 firewall SPF to open up TCP port 80 (HTTP)

Alc-Static-Port-Forward = "c tcp 2001:db8:1::1 80"

Add an IPv6 SPF to open up UDP port 5 but only for traffic coming from IP 2001:db8:2::2 and port 80

Alc-Static-Port-Forward = "c udp 2001:db8:1::1 5 foreign 2001:db8:2::2 80"

Add an l2-aware NAT SPF to open up TCP port 80 (HTTP) on the outside and forward it to port 8080 on ip 10.1.1.1 on the inside

Alc-Static-Port-Forward = "c tcp 10.1.1.1 80->8080"
Table: vRGW - BRG level authentication – Access Request (applicability)
Attribute ID Attribute name Access request

1

User-Name

1

2

User-Password

0-1

26.6527.225

Alc-BRG-Id

1
Table: vRGW - BRG and session level authentication (applicability)
Attribute ID Attribute name BRG level Session level
Access Accept CoA Access Accept CoA

1

User-Name

0-1

0-1

8

Framed-IP-Address

0-1

0-1

9

Framed-IP-Netmask

0-1

0

22

Framed-Route

0+

0

25

Class

0+

0+

0+

0+

27

Session-Timeout

0-1

0-1

0-1

0-1

28

Idle-Timeout

0-1

0-1

0-1

0-1

44

Acct-Session-Id

0-1

0-1

61

NAS-Port-Type

0-1

0-1

85

Acct-Interim-Interval

0-1

0-1

0-1

0-1

87

NAS-Port-Id

0

0-1

92

NAS-Filter-Rule

0+

0+

0+

0+

97

Framed-IPv6-Prefix

0-1

0-1

0

0-1

99

Framed-IPv6-Route

0+

0

100

Framed-IPv6-Pool

 0-11 0-11

101

Error-Cause

0

0-1

0

0-1

26.529.242

Ascend-Data-Filter

0+

0+

0+

0+

26.2352.1

Client-DNS-Pri

 0-12 0-12

0-1

0

26.2352.2

Client-DNS-Sec

 0-12 0-12

0-1

0

26.2352.99

RB-Client-NBNS-Pri

 0-12 0-12

0-1

0

26.2352.100

RB-Client-NBNS-Sec

 0-12 0-12

0-1

0

26.4874.4

ERX-Primary-Dns

 0-12 0-12

0-1

0

26.4874.5

ERX-Secondary-Dns

 0-12 0-12

0-1

0

26.4874.6

ERX-Primary-Wins

 0-12 0-12

0-1

0

26.4874.7

ERX-Secondary-Wins

 0-12 0-12

0-1

0

26.4874.47

ERX-Ipv6-Primary-Dns

 0-12 0-12

0-1

0-1

26.4874.48

ERX-Ipv6-Secondary-Dns

 0-12 0-12

0-1

0-1

26.6527.9

Alc-Primary-Dns

 0-12 0-12

0-1

0

26.6527.10

Alc-Secondary-Dns

 0-12 0-12

0-1

0

26.6527.11

Alc-Subsc-ID-Str

 0-13

0

0-1

0-1

26.6527.12

Alc-Subsc-Prof-Str

0-1

0-1

26.6527.13

Alc-SLA-Prof-Str

0-1

0-1

0-1

0-1

26.6527.18

Alc-Default-Router

 0-12 0-12

0-1

0

26.6527.27

Alc-Client-Hardware-Addr

0-1

0-1

26.6527.28

Alc-Int-Dest-Id-Str

0-1

0-1

26.6527.29

Alc-Primary-Nbns

 0-12 0-12

0-1

0

26.6527.30

Alc-Secondary-Nbns

 0-12 0-12

0-1

0

26.6527.31

Alc-MSAP-Serv-Id

0-1

0

26.6527.32

Alc-MSAP-Policy

0-1

0

26.6527.33

Alc-MSAP-Interface

0-1

0

26.6527.35

Alc-PPPoE-Service-Name

 0-14 0-14

26.6527.45

Alc-App-Prof-Str

0-1

0-1

0-1

0-1

26.6527.95

Alc-Credit-Control-CategoryMap

0-1

0-1

26.6527.96

Alc-Credit-Control-Quota

0+

0+

26.6527.99

Alc-Ipv6-Address

0-1

0-1

26.6527.103

Alc-ToClient-Dhcp-Options

0+

0+

0+

0

26.6527.105

Alc-Ipv6-Primary-Dns

 0-12 0-12

0-1

0-1

26.6527.106

Alc-Ipv6-Secondary-Dns

 0-12 0-12

0-1

0-1

26.6527.122

Alc-Ll-Action (enable/disable)

0-1

0-1

0-1

0-1

26.6527.123

Alc-Ll-Destination

0-1

0-1

0-1

0-1

26.6527.124

Alc-LI-FC

0+

0+

0+

0+

26.6527.125

Alc-LI-Direction

0-1

0-1

0-1

0-1

26.6527.126

Alc-Subscriber-QoS-Override

0-1

0-1

0-1

0-1

26.6527.134

Alc-Subscriber-Filter

0-1

0-1

0-1

0-1

26.6527.138

Alc-Ll-Intercept-Id

0-1

0-1

0-1

0-1

26.6527.139

Alc-LI-Session-Id

0-1

0-1

0-1

0-1

26.6527.151

Alc-Sub-Serv-Activate

0+

0+

26.6527.152

Alc-Sub-Serv-Deactivate

0+

0+

26.6527.153

Alc-Sub-Serv-Acct-Stats-Type

0+

0+

26.6527.154

Alc-Sub-Serv-Acct-Interim-lvl

0+

0+

26.6527.158

Alc-Nas-Filter-Rule-Shared

0+

0+

0+

0+

26.6527.159

Alc-Ascend-Data-Filter-Host-Spec

0+

0+

0+

0+

26.6527.160

Alc-Relative-Session-Timeout

0-1

0-1

0-1

0-1

26.6527.174

Alc-Lease-Time

 0-12 0-12

0-1

0

26.6527.177

Alc-Portal-Url

0-1

0-1

0-1

0-1

26.6527.178

Alc-Ipv6-Portal-Url

0-1

0-1

0-1

0-1

26.6527.181

Alc-SLAAC-IPv6-Pool

 0-11 0-11

26.6527.182

Alc-AA-Sub-Http-Url-Param

0-1

0-1

0-1

0-1

26.6527.192

Alc-ToClient-Dhcp6-Options

0+

0+

0+

0

26.6527.193

Alc-AA-App-Service-Options

0+

0+

0-1

0-1

26.6527.200

Alc-v6-Preferred-Lifetime

 0-12 0-12

0-1

0

26.6527.201

Alc-v6-Valid-Lifetime

 0-12 0-12

0-1

0

26.6527.202

Alc-Dhcp6-Renew-Time

 0-12 0-12

0-1

0

26.6527.203

Alc-Dhcp6-Rebind-Time

 0-12 0-12

0-1

0

26.6527.217

Alc-UPnP-Sub-Override-Policy

0-1

0-1

26.6527.220

Alc-Home-Aware-Pool

0-1

0-1

26.6527.221

Alc-DMZ-Address

0-1

0-1

26.6527.222

Alc-Standby-Ips

 0+3

0

26.6527.223

Alc-Reserved-Addresses

0+

0+

26.6527.224

Alc-BRG-Profile

0-1

0-1

26.6527.225

Alc-BRG-Id

 0-15 0-15

0-1

0

26.6527.228

Alc-Trigger-Acct-Interim

0

0-1

26.6527.234

Alc-DNAT-Override

0+

0+

n/a

26.6527.235

Alc-BRG-DHCP-Streaming-Dest

0-1

0-1

n/a

26.6527.236

Alc-Host-DHCP-Streaming-Disabled

0-1

0-1

26.6527.238

Alc-Remove-Override

0

0+

0

0+

26.6527.241

Alc-Per-Host-Port-Range

0-1

0-1

241.26.6527.1

Alc-PPPoE-Client-Service

 0-13

0

241.26.6527.2

Alc-PPPoE-Client-MAC

 0-13

0

241.26.6527.3

Alc-PPPoE-Client-Policy

 0-14 0-14

241.26.6527.4

Alc-PPPoE-Client-Username

 0-14 0-14

241.26.6527.5

Alc-PPPoE-Client-Password

 0-14

0

241.26.6527.9

Alc-Bridge-Id

0-1

0

0-1

0

241.26.6527.10

Alc-Vxlan-VNI

0-1

0

241.26.6527.14

Alc-RT

0-1

0

241.26.6527.15

Alc-RD

0-1

0

241.26.6527.16

Alc-IPv6-Router-Adv-Policy

0-1

0-1

0-1

0-1

241.26.6527.17

Alc-Nat-Outside-IPs

0+

0+

0

0

241.26.6527.24

Alc-IPv6-DMZ-Enabled

0-1

0-1

241.26.6527.26

Alc-Aa-Sub-Scope

 0-13

0

241.26.6527.30

Alc-HLE-Access-Ingress-Policer

0-1

0

241.26.6527.32

Alc-HLE-Network-Ingress-Policer

0-1

0

241.26.6527.37

Alc-VAS-IPv4-Filter

0-1

0-1

0-1

0-1

241.26.6527.38

Alc-VAS-NSH-IPv4-Opaque-Meta-Data

0-1

0-1

241.26.6527.39

Alc-Static-Port-Forward

0+

0+

0

0

241.26.6527.47

Alc-SPI-Sharing-Id

0-1

0-1

0-1

0-1

241.26.6527.62

Alc-Host-DNAT-Override

0-1

0-1

241.26.6527.71

Alc-Host-DNAT-Default-Address-Override

0-1

0-1

245.26.6527.5

Alc-Spi-Host-And-Session-Limits

0+

0+

0+

0+

245.26.6527.6

Alc-Sub-Host-And-Session-Limits

0+

0+

0+

0+
Parent topic: RADIUS authentication attributes
1 Only for new sessions. Ignored for existing sessions.
2 The update is applied to an existing session at the next DHCP/DHCPv6 Renew or Router Advertisement (RA).
3 May be present in re-auth but cannot change for an existing BRG.
4 Any change can lead to a restart of the PPPoE Client.
5 Mandatory in CoA (used as key to identify the BRG).