| Attribute ID | Attribute name | Description |
|---|---|---|
|
64 |
Tunnel-Type |
The tunneling protocols to be used (in the case of a tunnel initiator) or the tunneling protocol in use (in the case of a tunnel terminator). This attribute is mandatory on LAC Access-Accept and needs to be L2TP. The same attribute is included on LNS in the Access-Request and Acct-Request if the CLI RADIUS policy include-radius-attribute tunnel-server-attrs is enabled on a 7750 SR LNS. For L2TP Tunnel or Link Accounting, this attribute is always included on LAC and LNS. |
|
65 |
Tunnel-Medium-Type |
The transport medium to use when creating a tunnel for those protocols (such as L2TP) that can operate over multiple transports. This attribute is mandatory on LAC Access-Accept and needs to be IP or IPv4.The same attribute is included on LNS in the Access-Request and Acct-Request if the CLI RADIUS policy include-radius-attribute tunnel-server-attrs is enabled on a 7750 SR LNS. For L2TP Tunnel or Link Accounting, this attribute is always included on LAC and LNS. |
|
66 |
Tunnel-Client-Endpoint |
The dotted-decimal IP address of the initiator end of the tunnel. Preconfigured values are used when attribute is omitted (configure router/service vprn service-id l2tp local-address). If omitted in Access Accept on LAC and no local-address configured, then the address is taken from the interface with name system. This attribute is included on LNS in the Access-Request and Acct-Request only if the CLI RADIUS policy include-radius-attribute tunnel-server-attrs is enabled on a 7750 SR LNS. For L2TP Tunnel or Link Accounting, this attribute is always included on LAC and LNS as untagged. |
|
67 |
Tunnel-Server-Endpoint |
The dotted-decimal IP address of the server end of the tunnel is also on the LAC the destination IP for all L2TP packets for that tunnel. To support more than 31 tunnels in a single RADIUS Access-Accept message, multiple Tunnel-Server-Endpoint attributes with the same tag can be inserted. All tunnels specified by Tunnel-Sever-Endpoint attributes with a tag uses the tunnel parameters specified by the other Tunnel attributes having the same tag value. |
|
69 |
Tunnel-Password |
A shared, salt-encrypted secret used for tunnel authentication and AVP-hiding. The usage of tunnel-authentication is indicated by attribute [26.6527.97] Alc-Tunnel-Challenge and the usage of AVP-hiding is indicated by attribute [26.6527.54] Alc-Tunnel-AVP-Hiding. The value with tag 0 is used as default for the tunnels where the value is not specified. Preconfigured values are used when attribute is omitted (configure router/service vprn service-id l2tp password). There is no default password. Received passwords longer than the maximum character limit are truncated at that limit. |
|
81 |
Tunnel-Private-Group-ID |
The group ID for a particular tunneled session. This RADIUS attribute is copied by a 7750 SR LAC in AVP 37 - Private Group ID (ICCN) and is used by the LAC to indicate that this call is to be associated with a particular customer group. The 7750 SR LNS ignores AVP 37 when received from LAC. The value with tag 0 is used as default for the tunnels where the value is not specified. String lengths above the maximum value are treated as setup failures. |
|
82 |
Tunnel-Assignment-ID |
Indicates to the tunnel initiator the particular tunnel to which a session is to be assigned. Some tunneling protocols, such as PPTP and L2TP, allow for sessions between the same two tunnel endpoints to be multiplexed over the same tunnel, and also for a specific session to use its own dedicated tunnel. Tag-0 Tunnel-Assignment-ID:0 string, has a special meaning and the string becomes the tunnel group name that can hold up to maximum 31 tunnels with the name Tunnel-Assignment-ID-[1 to 31] string. A tunnel group with the name default_radius_group is created on the LAC when this attribute with tag-0 is omitted. This attribute is not the same as attribute [26.4874.64] ERX-Tunnel-Group or [26.6527.46] Alc-Tunnel-Group because these attributes both reference a tunnel group name created in CLI context. When not specified, the default value for Tunnel-Assignment-ID-[1 to 31] string is unnamed. String lengths above the limits are treated as a setup failure. |
|
83 |
Tunnel-Preference |
Indicates the relative preference assigned to each tunnel if more than one set of tunneling attributes is returned by the RADIUS server to the tunnel initiator. 0x0 (zero) being the lowest and 0x0FFFFFF(16777215) being the highest numerical value. The tunnel having the numerically lowest value in the Value field of this Attribute is assigned the highest preference. Other tunnel selection criteria are used if preference values from different tunnels are equal. Preference 50 is used when attribute is omitted. Values above the Limits wrap around by Freeradius before send to the NAS (start again from zero until the Limits). |
|
90 |
Tunnel-Client-Auth-ID |
Used during the authentication phase of tunnel establishment and copied by the LAC in L2TP SCCRQ AVP 7 Host Name. Reported in L2TP Tunnel or Link accounting when length is different from zero. The value with tag 0 is used as default for the tunnels where the value is not specified. Preconfigured values are used when the attribute is omitted (configure router/service vprn service-id l2tp local-name). The Node system-name is copied in AVP Host Name if this attribute is omitted and no local-name is configured. |
|
91 |
Tunnel-Server-Auth-ID |
Used during the authentication phase of tunnel establishment and reported in L2TP Tunnel or Link accounting when length is different from zero. For authentication the value of this attribute is compared with the value of AVP 7 Host Name from the received LNS SCCRP. Authentication from LAC point of view passes if both attributes are the same. This authentication check is not performed if the RADIUS attribute is omitted. |
|
26.2352.21 |
Tunnel-Max-sessions |
The maximum number of sessions allowed per tunnel group (untagged attribute only). This attribute has the same function as attribute 26.6527.48 Alc-Tunnel-Max-Sessions:0. No sessions are setup above the limits. Preconfigured values configure router/service vprn service-id l2tp session-limit are used when attribute is omitted. |
|
26.4874.33 |
ERX-Tunnel-Maximum-Sessions |
The maximum number of sessions allowed per tunnel group (untagged attribute only). This attribute has the same meaning as attribute 26.6527.48 Alc-Tunnel-Max-Sessions:0. No sessions are setup above the limits. Preconfigured values (configure router/service vprn service-id l2tp session-limit) are used when attribute is omitted. |
|
26.4874.64 |
ERX-Tunnel-Group |
The name of the tunnel group that refers to the CLI-created tunnel-group-name context configure router/service vprn service-id l2tp group tunnel-group-name. Any other RADIUS returned L2TP parameter is ignored and other required info to setup the tunnel should come from the CLI-created context. Strings above the limits are treated as a setup failure. |
|
26.6527.46 |
Alc-Tunnel-Group |
The tunnel-group-name that refers to the CLI-created tunnel-group-name context configure router/service vprn service-id l2tp group tunnel-group-name. Any other RADIUS returned L2TP parameter is ignored and other required info to setup the tunnel should come from the CLI-created context. Strings above the limits are treated as a setup failure. |
|
26.6527.47 |
Alc-Tunnel-Algorithm |
Describes how new sessions are assigned (weighted-access, weighted-random or existing-first) to one of the set of suitable tunnels that are available or could be made available. A preconfigured algorithm (configure router/service vprn service-id l2tp session-assign-method) is used when this attribute is omitted. Attribute value existing-first specifies that the first suitable tunnel is used or set up for the first session and re-used for all subsequent sessions. The weighted-access attribute value (session-assign-method weighted) specifies that the sessions are equally distributed over the available tunnels; new tunnels are set up until the maximum number is reached; the distribution aims at an equal ratio of the actual number of sessions to the maximum number of sessions. When there are multiple tunnels with an equal number of sessions (equal weight), LAC selects the first tunnel from the candidate list. The weighted-random attribute value enhances the weighted-access algorithm such that when there are multiple tunnels with an equal number of sessions (equal weight), LAC randomly selects a tunnel. The maximum number of sessions per tunnel is retrieved using attribute 26.6527.48 Alc-Tunnel-Max-Sessions or set to a preconfigured value if Alc-Tunnel-Max-Sessions is omitted. Values outside the limits are treated as a setup failure. |
|
26.6527.48 |
Alc-Tunnel-Max-Sessions |
The maximum number of sessions allowed per tunnel (if tag is 1 to 31) or per tunnel group (if tag is 0).This attribute has the same meaning as attribute 26.2352.21 Tunnel-Max-sessions and 26.4874.33 ERX-Tunnel-Maximum-Sessions with the only difference that these latter attributes refers to the tunnel group only (untagged attributed). No sessions are setup above the Limits. Preconfigured values (configure router/service vprn service-id l2tp session-limit) are used when attribute is omitted. |
|
26.6527.49 |
Alc-Tunnel-Idle-Timeout |
The period in seconds that an established tunnel with no active sessions (Established-Idle) persists before being disconnected. The value with tag 0 is used as default for the tunnels where the value is not specified. Preconfigured values are used when attribute is omitted (configure router/service vprn service-id l2tp idle-timeout). The tunnel is not disconnected (infinite) without local configured idle-timeout or if the attribute has value -1 (16777215). Values above the Limits are treated as setup failures. |
|
26.6527.50 |
Alc-Tunnel-Hello-Interval |
The time interval in seconds between two consecutive tunnel Hello messages. A value of 0 or -1 (16777215) specifies that the keepalive function is disabled (infinite). The value with tag 0 is used as default for the tunnels where the value is not specified. Preconfigured values are used when attribute is omitted (configure router/service vprn service-id l2tp hello-interval). Values outside the limits are treated as a setup failure. |
|
26.6527.51 |
Alc-Tunnel-Destruct-Timeout |
The time in seconds that operational data of a disconnected tunnel persists on the node before being removed. Availability of the data after tunnel disconnection allows better troubleshooting. The value with tag 0 is used as default for the tunnels where the value is not specified. Preconfigured values are used when attribute is omitted (configure router/service vprn service-id l2tp destruct-timeout). Values outside the limits are treated as a setup failure. |
|
26.6527.52 |
Alc-Tunnel-Max-Retries-Estab |
The number of retries allowed for established tunnels before their control connection goes down. An exponential back-off mechanism is used for the retransmission interval: the first retransmission occurs after 1 second, the next after 2 seconds, then 4 seconds up to a maximum interval of 8 seconds (1,2,4,8,8,8,8). The value with tag 0 is used as default for the tunnels where the value is not specified. Preconfigured values are used when attribute is omitted (configure router/service vprn service-id l2tp max-retries-estab). Values outside the limits are treated as a setup failure. |
|
26.6527.53 |
Alc-Tunnel-Max-Retries-Not-Estab |
The number of retries allowed for unestablished tunnels before their control connection goes down. An exponential back-off mechanism is used for the retransmission interval: the first retransmission occurs after 1 second, the next after 2 seconds, then 4 seconds up to a maximum interval of 8 seconds (1,2,4,8,8,8,8). The value with tag 0 is used as default for the tunnels where the value is not specified. Preconfigured values are used when attribute is omitted (configure router/service vprn service-id l2tp max-retries-not-estab). Values outside the limits are treated as a setup failure. |
|
26.6527.54 |
Alc-Tunnel-AVP-Hiding |
Indicates if data is hidden in the Attribute Value field of an L2TP AVP. The H bit in the header of each L2TP AVP provides a mechanism to indicate to the receiving peer whether the contents of the AVP are hidden or present in cleartext. This feature can be used to hide sensitive control message data such as user passwords or user IDs. All L2TP AVPs are passed in cleartext if the attribute is omitted and corresponds with the nothing value. The sensitive-only value specifies that the H bit is only set for AVPs containing sensitive information. The all value specifies that the H bit is set for all AVPs where it is allowed. The value with tag 0 is used as default for the tunnels where the value is not specified. Preconfigured values are used when the attribute is omitted configure router/service vprn service-id l2tp avp-hiding. AVP hiding uses the shared LAC-LNS secret defined in attribute [69] Tunnel-Password or in configuration. If no password is specified, the tunnel setup fails for sensitive-only and all values. Values outside the Limits are treated as a setup failure. |
|
26.6527.97 |
Alc-Tunnel-Challenge |
Indicates whether the tunnel authentication (challenge-response) is to be used. L2TP tunnel-authentication is based on RFC 1994 CHAP authentication and requires the shared-secret defined in attribute [69] Tunnel-Password. The value with tag 0 is used as default for the tunnels where the value is not specified. When the attribute is omitted and no [69] Tunnel-Password attribute is specified, a preconfigured value is used (configure router/service vprn service-id l2tp challenge). When the attribute is omitted and a [69] Tunnel-Password attribute is specified, then the always value is used. When the attribute has the always value, no [69] Tunnel-Password attribute is specified and no preconfigured value exists for the password, then the tunnel setup fails. Values outside the limits are treated as a setup failure. |
|
26.6527.100 |
Alc-Serv-Id |
The service ID on the LNS node where the PPP sessions are established (configure service ies/vprn service-id subscriber-interface ip-int-name group-interface ip-int-name). Preconfigured values are used if attribute is omitted (configure subscriber-mgmt local-user-db local-user-db-name ppp host host-name interface ip-int-name service-id service-id or configure router/service vprn service-id l2tp group ppp default-group-interface ip-int-name service-id service-id). Values above the limits or unreferenced are treated as a setup failure. Note: [26.6527.100] Alc-Serv-Id takes precedence over
[241.26.6527.88] Alc-Serv-Name if both are specified.
|
|
26.6527.101 |
Alc-Interface |
Refers to the group interface ip-int-name on LNS node only where the PPP sessions are established (configure service ies/vprn service-id subscriber-interface ip-int-name group-interface ip-int-name lns). Preconfigured values are used if the attribute is omitted (configure subscriber-mgmt local-user-db local-user-db-name ppp host host-name interface ip-int-name service-id service-id or configure router/service vprn service-id l2tp group ppp default-group-interface ip-int-name service-id service-id). Alc-interface names longer than the maximum allowed value are treated as session setup failures. |
|
26.6527.104 |
Alc-Tunnel-Serv-Id |
The service ID from which the tunnel should be established, enables the tunnel origin to be in a VPRN (VRF). The default value equals Base. Values above the limits or unreferenced are treated as a setup failure. Note: [26.6527.104] Alc-Tunnel-Serv-Id takes precedence over
[241.26.6527.91] Alc-Tunnel-Serv-Name if both are
specified.
|
|
26.6527.120 |
Alc-Tunnel-Rx-Window-Size |
The initial receive window size being offered to the remote peer. This attribute is copied in the AVP 10 L2TP Receive Window Size. The remote peer may send the specified number of control messages before it must wait for an acknowledgment. The value with tag 0 is used as default for the tunnels where the value is not specified. A preconfigured value is used when the attribute is omitted (configure router/service vprn service-id l2tp receive-window-size). Values outside the allowed limits are treated as a setup failure. |
|
26.6527.144 |
Alc-Tunnel-Acct-Policy |
Refers to a preconfigured L2TP tunnel accounting policy name (configure aaa l2tp-accounting-policy policy-name). L2TP tunnel accounting (RFC 2867) can collect usage data based either on L2TP tunnel and L2TP sessions and send these accounting data to a RADIUS server. Different RADIUS attributes such as [66] Tunnel-Client-Endpoint, [67] Tunnel-Server-Endpoint, [68] Acct-Tunnel-Connection, [82] Tunnel-Assignment-ID can be used to identify the tunnel or session. The value with tag 0 is used as default for the tunnels where the value is not specified. Preconfigured values are used when the attribute is omitted (configure router/service vprn service-id l2tp radius-accounting-policy). Unreferenced policy names or policy names longer than the allowed maximum are treated as host setup failures. |
|
26.6527.204 |
Alc-Tunnel-DF-bit |
This attribute is used on an L2TP LAC only. By default, a LAC does not allow L2TP packet fragmentation by sending L2TP toward the LNS with the Do not Fragment (DF) bit set to 1. This DF bit can be set to 0 to allow downstream routers to fragment the L2TP packets. The LAC itself does not fragment L2TP packets. Packets sent with MTU bigger than the allowed size on the LAC egress port are dropped. This attribute is silently ignored if RADIUS returns an Alc-Tunnel-Group attribute. In that case, the tunnel level, group level, or as last resort, the root level configuration is used instead. |
|
26.6527.214 |
Alc-Tunnel-Recovery-Method |
Sets the L2TP LAC failover recovery method to be used for this tunnel: MCS or recovery tunnel (RFC 4951). Preconfigured values are used when the attribute is omitted (configure router/service vprn service-id l2tp failover recovery-method). When the tunnel recovery method is set to recovery-tunnel but LNS does not support this capability, then the system automatically falls back to mcs. Values outside the limits are treated as a setup failure. |
|
26.6527.215 |
Alc-Tunnel-Recovery-Time |
Only applicable when the L2TP LAC failover recovery-method is set to recovery-tunnel. Sets the L2TP LAC failover recovery-time to be negotiated with LNS using L2TP failover extensions (RFC 4951). It indicates to the LNS how long it needs to extend its protocol retry timeout before declaring the control channel down. Preconfigured values are used when attribute is omitted (configure router/service vprn service-id l2tp failover recovery-time). Values outside the limits are treated as a setup failure. |
|
241.26.6527.25 |
Alc-Steering-Profile |
The steering profile that should be applied to perform traffic steering on L2TP LAC. The steering profile is configured in the following CLI context: configure subscriber-mgmt steering-profile name. An L2TP LAC session is successfully set up when a non-existent steering profile name is referenced in an Access-Accept. A CoA containing a non-existent steering profile is rejected. In both cases, the non-existent steering profile is stored in the L2TP LAC session information and becomes active when the profile is configured at a later stage. To deactivate traffic steering on L2TP LAC, the [26.6527.238] Alc-Remove-Override attribute must be used. |
|
241.26.6527.88 |
Alc-Serv-Name |
The service name on the LNS node where the PPP sessions are established (configure service ies | vprn service-id name service-name subscriber-interface ip-int-name group-interface ip-int-name). Preconfigured values are used if the attribute is omitted (configure subscriber-mgmt local-user-db local-user-db-name ppp host host-name interface ip-int-name service-id service-id or configure router | service vprn service-id l2tp group ppp default-group-interface ip-int-name service-id service-id). Values that exceed the limits or are unreferenced are treated as a setup failure. Note: [26.6527.100] Alc-Serv-Id takes precedence over
[241.26.6527.88] Alc-Serv-Name if both are specified.
|
|
241.26.6527.91 |
Alc-Tunnel-Serv-Name |
The service name from which the tunnel should be established, enables the tunnel origin to be in a VPRN (VRF). The default value equals Base. Values that exceed the limits or are unreferenced are treated as a setup failure. Note: [26.6527.104] Alc-Tunnel-Serv-Id takes precedence over
[241.26.6527.91] Alc-Tunnel-Serv-Name if both are
specified.
|
| Attribute ID | Attribute name | Type | Limits | SR OS format |
|---|---|---|---|---|
|
64 |
Tunnel-Type |
integer |
3 (mandatory value) |
Mandatory 3=L2TP For example: Tunnel-Type = L2TP |
|
65 |
Tunnel-Medium-Type |
integer |
1 (mandatory value) |
Mandatory 1=IP or IPv4 For example: Tunnel-Medium-Type = IP |
|
66 |
Tunnel-Client-Endpoint |
string |
Max. length = 15 bytes (untagged) or 16 bytes (tagged) |
<tag field><dotted-decimal IP address used on LAC as L2TP src-ip> If the tag field is greater than 0x1F, it is interpreted as the first byte of the following string field For example: # untagged Tunnel-Client-Endpoint = 3139382e35312e3130302e31 Tunnel-Client-Endpoint = 198.51.100.1 # tagged 0 Tunnel-Client-Endpoint = 003139382e35312e3130302e31 Tunnel-Client-Endpoint:0 = 198.51.100.1 # tagged 1 Tunnel-Client-Endpoint = 013139382e35312e3130302e31 Tunnel-Client-Endpoint:1 = 198.51.100.1 |
|
67 |
Tunnel-Server-Endpoint |
string |
Max. length = 15 bytes (untagged) or 16 bytes (tagged) Max. 451 attributes or limited by RADIUS message size |
<tag field><dotted-decimal IP address used on LAC as L2TP dst-ip> If Tag field is greater than 0x1F, it is interpreted as the first byte of the following string field For example: # tagged 1 Tunnel-Server-Endpoint = 013230332e302e3131332e31 Tunnel-Server-Endpoint:1 = 203.0.113.1 |
|
69 |
Tunnel-Password |
string |
64 chars |
For example: Tunnel-Password:1 = password |
|
81 |
Tunnel-Private-Group-ID |
string |
32 chars |
For example: Tunnel-Private-Group-ID:1 = MyPrivateTunnelGroup |
|
82 |
Tunnel-Assignment-ID |
string |
32 chars |
Tag 0x00 tunnel-group Tag 0x01-0x01f individual tunnels within this tunnel-group For example: Tunnel-Assignment-ID:0 += LNS-ALU Tunnel-Assignment-ID:1 += Tunnel-1 Tunnel-Assignment-ID:2 += Tunnel-2 |
|
83 |
Tunnel-Preference |
integer |
16777215 |
Default preference 50 For example: Tunnel 1 and 2 same preference and first selected Tunnel-Preference:1 += 10 Tunnel-Preference:2 += 10 Tunnel-Preference:3 += 20 |
|
90 |
Tunnel-Client-Auth-ID |
string |
64 chars |
For example: Tunnel-Client-Auth-Id:0 = LAC-Antwerp-1 |
|
91 |
Tunnel-Server-Auth-ID |
string |
64 chars |
For example: Tunnel-Server-Auth-ID:0 = LNS-Antwerp-1 |
|
26.2352.21 |
Tunnel-Max-sessions |
integer |
131071 |
max sessions per group with default=131071 default=131071 For example: Tunnel-Max-sessions:0 = 1000 |
|
26.4874.33 |
ERX-Tunnel-Maximum-Sessions |
integer |
131071 |
max sessions per group with default=131071 For example: ERX-Tunnel-Maximum-Sessions:0 = 1000 |
|
26.4874.64 |
ERX-Tunnel-Group |
string |
32 chars |
node preconfigured tunnel-group For example: ERX-Tunnel-Group:0 = MyCliTunnelGroupName |
|
26.6527.46 |
Alc-Tunnel-Group |
string |
32 chars |
node preconfigured tunnel-group For example: Alc-Tunnel-Group = MyCliTunnelGroupName |
|
26.6527.47 |
Alc-Tunnel-Algorithm |
integer |
values [1 to 3] |
1=weighted-access, 2=existing-first, 3=weighted-random default=existing-first For example: Alc-Tunnel-Algorithm:0 = weighted-access |
|
26.6527.48 |
Alc-Tunnel-Max-Sessions |
integer |
250000 |
max sessions per group or tunnel with default=131071 Unlimited cannot be set. The operational value is restricted to the maximum supported on the platform. For example: # 10000 for the group and individual settings per tunnel Alc-Tunnel-Max-Sessions:0 += 10000 Alc-Tunnel-Max-Sessions:1 += 2000 Alc-Tunnel-Max-Sessions:2 += 1000 |
|
26.6527.49 |
Alc-Tunnel-Idle-Timeout |
integer |
[0 to 3600] seconds |
infinite = -1 (16777215) or [0 to 3600] seconds with default= infinite For example: # do not disconnect tunnel1 Alc-Tunnel-Idle-Timeout :1 += 16777215 # disconnect tunnel2 after 1 minute Alc-Tunnel-Idle-Timeout :2 += 60 # disconnect tunnel3 immediately Alc-Tunnel-Idle-Timeout :3 += 0 |
|
26.6527.50 |
Alc-Tunnel-Hello-Interval |
integer |
[10 to 3600] seconds |
no keepalive (infinite) = 0 or -1 (16777215) or keepalive interval = [10 to 3600] seconds with default= 300 seconds For example: # tunnel 1 keepalive 120 seconds Alc-Tunnel-Hello-Interval:1 += 120 |
|
26.6527.51 |
Alc-Tunnel-Destruct-Timeout |
integer |
[60 to 86400] seconds |
[60 to 86400] seconds with default= 60 seconds For example: # tunnel 1 tunnel destruct timer 120 seconds Alc-Tunnel-Destruct-Timeout:1 += 120 |
|
26.6527.52 |
Alc-Tunnel-Max-Retries-Estab |
integer |
[2 to 7] |
default 5 For example: # retry 2 times for all tunnels in tunnel group Alc-Tunnel-Max-Retries-Estab:0 = 2 |
|
26.6527.53 |
Alc-Tunnel-Max-Retries-Not-Estab |
integer |
[2 to 7] |
default 5 For example: # retry 2 times for all tunnels in tunnel group Alc-Tunnel-Max-Retries-Not-Estab:0 = 2 |
|
26.6527.54 |
Alc-Tunnel-AVP-Hiding |
integer |
values [1 to 3] |
1=nothing,2=sensitive-only,3=all; default nothing 1=nothing: all L2TP AVPs in clear text 2=sensitive-only: AVP 11-Challenge, 13-Response, 14-Assigned Session ID, 21-Called-number, 22-Calling-number, 26-Initial Received LCP Confreq, 27-Last Sent LCP Confreq,28-Last Received LCP Confreq, 29-Proxy Authen Type, 30-Proxy Authen Name, 31-Proxy Authen Challenge, 32-Proxy Authen ID, 33-Proxy Authen Response 3=all: all AVPs that, according RFC 2661 can be hidden, are hidden. For example: # Best common practices Alc-Tunnel-AVP-Hiding:0 = sensitive-only |
|
26.6527.97 |
Alc-Tunnel-Challenge |
integer |
values [1 to 2] |
1=never, 2=always; default never For example: Alc-Tunnel-Max-Retries-Estab:0 = always |
|
26.6527.100 |
Alc-Serv-Id |
integer |
2147483647 ID |
For example: Alc-Serv-Id = 100 |
|
26.6527.101 |
Alc-Interface |
string |
32 chars |
For example: Alc-Interface = MyGroupInterface |
|
26.6527.104 |
Alc-Tunnel-Serv-Id |
integer |
2147483647 ID |
default = 'Base' router For example: # vprn service 100 Alc-Tunnel-Serv-Id = 100 |
|
26.6527.120 |
Alc-Tunnel-Rx-Window-Size |
integer |
[4 to 1024] |
Tag 0 = default when not specified (all tunnels) Tag 1 to 31 = specific tunnel default 64 For example: Alc-Tunnel-Rx-Window-Size = 1000 |
|
26.6527.144 |
Alc-Tunnel-Acct-Policy |
string |
32 chars |
For example: Alc-Tunnel-Acct-Policy = MyL2TPTunnelPolicy |
|
26.6527.204 |
Alc-Tunnel-DF-bit |
integer |
values [0 to 1] |
0=clr-lac-data, 1=set-lac-data; default = 1 For example: Alc-Tunnel-DF-bit:0 = clr-lac-data |
|
26.6527.214 |
Alc-Tunnel-Recovery-Method |
integer |
values [0 to 1] |
0=recovery-tunnel, 1=mcs; default = 0 For example: Alc-Tunnel-Recovery-Method:1 = recovery-tunnel |
|
26.6527.215 |
Alc-Tunnel-Recovery-Time |
integer |
[0 to 900] seconds |
[0 to 900] in seconds; default = 0 For example: Alc-Tunnel-Recovery-Time = 180 |
|
241.26.6527.25 |
Alc-Steering-Profile |
string |
32 chars |
Steering profile name For example: Alc-Steering-Profile = ‟steering-profile-1” |
|
241.26.6527.88 |
Alc-Serv-Name |
string |
64 chars |
For example: Alc-Serv-Name=Service-1 |
|
241.26.6527.91 |
Alc-Tunnel-Serv-Name |
string |
64 chars |
For example: Alc-Tunnel-Serv-Name=Service-1 |
| Attribute ID | Attribute name | Access Request | Access Accept | CoA request | Encrypted | Tag | Max. tag |
|---|---|---|---|---|---|---|---|
|
64 |
Tunnel-Type |
0-1 |
1 |
0 |
✓ |
31 |
|
|
65 |
Tunnel-Medium-Type |
0-1 |
1 |
0 |
✓ |
31 |
|
|
66 |
Tunnel-Client-Endpoint |
0-1 |
0-1 |
0 |
✓ |
31 |
|
|
67 |
Tunnel-Server-Endpoint |
0-1 |
1 |
0 |
✓ |
31 |
|
|
69 |
Tunnel-Password |
0 |
0-1 |
0 |
✓ |
✓ |
31 |
|
81 |
Tunnel-Private-Group-ID |
0-1 |
0-1 |
0 |
✓ |
31 |
|
|
82 |
Tunnel-Assignment-ID |
0 |
0-1 |
0 |
✓ |
31 |
|
|
83 |
Tunnel-Preference |
0 |
0-1 |
0 |
✓ |
31 |
|
|
90 |
Tunnel-Client-Auth-ID |
0-1 |
0-1 |
0 |
✓ |
31 |
|
|
91 |
Tunnel-Server-Auth-ID |
0-1 |
0-1 |
0 |
✓ |
31 |
|
|
26.2352.21 |
Tunnel-Max-sessions |
0 |
0-1 |
0 |
— |
||
|
26.4874.33 |
ERX-Tunnel-Maximum-Sessions |
0 |
0-1 |
0 |
— |
||
|
26.4874.64 |
ERX-Tunnel-Group |
0 |
0-1 |
0 |
— |
||
|
26.6527.46 |
Alc-Tunnel-Group |
0 |
0-1 |
0 |
— |
||
|
26.6527.47 |
Alc-Tunnel-Algorithm |
0 |
0-1 |
0 |
— |
||
|
26.6527.48 |
Alc-Tunnel-Max-Sessions |
0 |
0-1 |
0 |
✓ |
31 |
|
|
26.6527.49 |
Alc-Tunnel-Idle-Timeout |
0 |
0-1 |
0 |
✓ |
31 |
|
|
26.6527.50 |
Alc-Tunnel-Hello-Interval |
0 |
0-1 |
0 |
✓ |
31 |
|
|
26.6527.51 |
Alc-Tunnel-Destruct-Timeout |
0 |
0-1 |
0 |
✓ |
31 |
|
|
26.6527.52 |
Alc-Tunnel-Max-Retries-Estab |
0 |
0-1 |
0 |
✓ |
31 |
|
|
26.6527.53 |
Alc-Tunnel-Max-Retries-Not-Estab |
0 |
0-1 |
0 |
✓ |
31 |
|
|
26.6527.54 |
Alc-Tunnel-AVP-Hiding |
0 |
0-1 |
0 |
✓ |
31 |
|
|
26.6527.97 |
Alc-Tunnel-Challenge |
0 |
0-1 |
0 |
✓ |
31 |
|
|
26.6527.100 |
Alc-Serv-Id |
0 |
0-1 |
0 |
— |
||
|
26.6527.101 |
Alc-Interface |
0 |
0-1 |
0 |
— |
||
|
26.6527.104 |
Alc-Tunnel-Serv-Id |
0 |
0-1 |
0 |
— |
||
|
26.6527.120 |
Alc-Tunnel-Rx-Window-Size |
0 |
0-1 |
0 |
✓ |
31 |
|
|
26.6527.144 |
Alc-Tunnel-Acct-Policy |
0 |
0-1 |
0 |
✓ |
31 (untag-ged) |
|
|
26.6527.204 |
Alc-Tunnel-DF-bit |
0 |
0-1 |
0 |
✓ |
31 |
|
|
26.6527.214 |
Alc-Tunnel-Recovery-Method |
0 |
0-1 |
0 |
✓ |
31 |
|
|
26.6527.215 |
Alc-Tunnel-Recovery-Time |
0 |
0-1 |
0 |
✓ |
31 |
|
|
241.26.6527.25 |
Alc-Steering-Profile |
0 |
0-1 |
0-1 |
— |
||
|
241.26.6527.88 |
Alc-Serv-Name |
0 |
0-1 |
0 |
— |
||
|
241.26.6527.91 |
Alc-Tunnel-Serv-Name |
0 |
0-1 |
0 |
— |