Code

Identifies the RADIUS packet type. The type can be one of the following:

• Access-Request (1)

• Access-Accept (2)

• Access-Reject (3)

• Accounting-Request (4)

• Accounting-Response (5)

• Disconnect-Request (40)

• Disconnect-ACK (41)

• Disconnect-NAK (42)

• CoA-Request (43)

• CoA-ACK (44)

• CoA-NAK (45)

Identifier

Helps the RADIUS server match request and responses and detect duplicate requests.

Length

Specifies the length of the entire packet.

Authenticator

Authenticates the reply from the RADIUS server. There are two types of authenticators:

• Request-Authentication (available in Access-Request and Accounting-Request packets)

• Response-Authentication (available in Access-Accept, Access Reject, Access-Challenge, and Accounting-Response packets)

Access-Request

Sent from a client to a RADIUS server. The RADIUS server uses the packet to determine whether to allow access to a specific network access server (NAS), which permits subscriber access. Subscribers performing authentication must submit an Access-Request packet. When an Access-Request packet is received, the RADIUS server must forward a reply.

Access-Accept

Upon receiving an Access-Request packet, the RADIUS server sends an Access-Accept packet if all attribute values in the Access-Request packet are acceptable.

Access-Reject

Upon receiving an Access-Request packet, the RADIUS server sends an Access-Reject packet if any of the attribute values are not acceptable.

Access-Challenge

Upon receiving an Access-Request packet, the RADIUS server can send the client an Access-Challenge packet, which requires a response. If the client does not know how to respond, or if the packets are invalid, the RADIUS server discards the packets. If the client responds to the packet, a new Access-Request packet is sent with the original Access-Request packet.

Accounting-Request

Sent from a client to a RADIUS accounting server. If the RADIUS accounting server successfully records the Accounting-Request packet, it must submit an Accounting-Response packet.

Accounting-Response

Sent by the RADIUS accounting server to the client to acknowledge that the Accounting-Request has been received and recorded successfully.

CoA-Request

Sent by the RADIUS server to the NAS to dynamically change session authorizations.

CoA-Response

Sent by the NAS to the RADIUS server to acknowledge (ACK) a CoA request if the session authorizations were successfully changed. A NAK is sent if the CoA request is unsuccessful.

Disconnect-Request

Sent by the RADIUS server to the NAS to terminate a session and discard all session context.

Disconnect-Response

Sent by the NAS to the RADIUS server to acknowledge (ACK) a disconnect request if the session is successfully terminated and the context discarded. A NAK is sent if the disconnect request is unsuccessful.

ASCII string name of the attribute; for example, UserName.

Numerical identification of the attribute; for example, the User-Name attribute is 1.

Each attribute can be specified through one of the following value types:

• binary—0 to 254 octets.

• date—32-bit value in big endian order; for example, seconds since 00:00:00 GMT, JAN. 1, 1970.

• ipadd—4 octets in network byte order.

• integer—32-bit value in big endian order (high byte first).

• string—0 to 253 octets.

1

User-Name

Yes

Yes

No

String. Name of the user to be authenticated; only used in Access-Request packets.

The radius attribute username command provides options to change the format of the User-Name attribute.

2

User-Password

Yes

No

No

String. Sent unless using the CHAP-Password attribute.

3

CHAP-Password

Yes

No

No

String. Sent in Access-Request packet unless using the User-Password attribute.

4

NAS-IP-Address

Yes

Yes

No

IP address. Specifies an IPv4 source IP address for RADIUS packets sent by the SmartEdge router.

This attribute is not sent unless explicitly enabled through the radius attribute nas-ip-address command (in context configuration mode).

5

NAS-Port

Yes

Yes

No

Integer. This attribute is sent using the slot-port format. For details on this format or to modify the format in which this attribute is sent, see the radius attribute nas-port command.

6

Service-Type

Yes

Yes

Yes

Integer. Type of service requested or provided. Values are:

• 2=Framed

• 5=Outbound

• 6=Administrative

• 7=NAS Prompt

7

Framed-Protocol

Yes

Yes

Yes

Integer. The value indicates the framing to be used for framed access. This attribute must not be used in a user profile designed for RFC 1483 and RFC 1490 bridged or routed circuits, or for telnet sessions. This value is sent only for Point-to-Point Protocol (PPP) service types. The value for PPP is 1.

8

Framed-IP-Address

Yes

Yes

Yes

IP address. In Accounting-Request packets, returns the IP address assigned to the subscriber either dynamically or statically. In Access-Accept packets, a return value of 255.255.255.254 or 0.0.0.0 causes the SmartEdge router to assign the subscriber an address from an IP address pool. This attribute is received in Access-Response messages and is sent in Access-Request messages conditioned by the aaa hint ip address command (in context configuration mode).

9

Framed-IP-Netmask

No

Yes

Yes

IP address. Assigns a range of addresses to a subscriber circuit—it is not a netmask in the conventional sense of determining which address bits are host versus. prefix, and so on.

11

Filter-Id

No

Yes

Yes

String. Specifies that inbound or outbound traffic be filtered. Use the in:<name> and out:<name> format.

12

Framed-MTU

No

Yes

Yes

Integer. Maximum transmission unit (MTU) to be configured for the user when it is not negotiated by some other means (such as Point-to-Point Protocol [PPP]). It is only used in Access-Accept packets.

18

Reply-Message

No

No

Yes

String. Text that can be displayed to the user. Multiple Reply-Message attributes can be included. If any are displayed, they must be displayed in the same order as they appear in the packet.

22

Framed-Route

No

Yes

Yes

IP address. The format is h.h.h.h/nn g.g.g.g n where:

• h.h.h.h=IP address of destination host or network.

• nn=optional netmask size in bits (if not present, defaults to 32).

• g.g.g.g=IP address of gateway.

• n=Number of hops for this route.

24

State

No

No

Yes

Binary String.

25

Class

No

Yes

Yes

String. If received, this information must be sent on, without interpretation, in all subsequent packets sent to the RADIUS accounting server for that subscriber session.

26

Vendor-Specific

Yes

Yes

No

String. Allows Redback Networks to support its own VSAs, embedded with the Vendor-Id attribute set to 2352. For the VSAs supported by the SmartEdge router, see Table 7.

27

Session-Timeout

No

Yes

Yes

Integer. Sets the maximum number of seconds of service allowed the subscriber before termination of the session. Corresponds to the SmartEdge router timeout command (in subscriber configuration mode) with the absolute keyword, except that the attribute requires seconds instead of minutes. The value 0 indicates that the timeout is disabled.

28

Idle-Timeout

No

Yes

Yes

Integer. Sets the maximum number of consecutive seconds of idle connection allowed to the user before termination of the session. Corresponds to the SmartEdge router timeout idle command (in subscriber configuration mode), except that the attribute calls for seconds instead of minutes.

30

Called-Station-Id

Yes

No

No

String. The telephone number that the call came from.

31

Calling-Station-Id

Yes

Yes

No

Dependent on the type of subscriber terminated in the SmartEdge router :

This attribute is not sent unless explicitly enabled through the radius attribute calling-station-id command (in context configuration mode).

32

NAS-Identifier

Yes

Yes

No

String. Value for the system hostname.

33

Proxy_State

No

Yes

No

Binary String. Specifies the state sent by the proxy server.

40

Acct-Status-Type

No

Yes

No

Integer. Values can be:

• 1=Start

• 2 =Stop

• 3=Interim-Updated

• 7=Accounting-On

• 8=Accounting-Off

• 9=Tunnel Start

• 10=Tunnel Stop

• 12=Link Start

• 13=Link Stop

• 15=Reserved for failed

• 101=Service-Start

• 102=Service-Stop

• 103=Service-Interim-Update

41

Acct-Delay-Time

No

Yes

No

Integer. Time, in seconds, for which the client has been trying to send the record.

42

Acct-Input-Octets

No

Yes

No

Integer. Number of octets that have been received from the port over the course of providing this service. Can only be present in Accounting-Request records where the Acct-Status-Type attribute is set to Stop or Update.

43

Acct-Output-Octets

No

Yes

No

Integer. Number of octets that have been sent to the port in the course of delivering this service. Can only be present in Accounting-Request records where the Acct-Status-Type attribute is set to Stop or Update.

44

Acct-Session-Id

Yes

Yes

No

String. Unique session accounting ID to match start and stop records for in a log file. The start and stop records for a given subscriber session have the same Acct-Session-Id attribute value. The format is cct-handle timestamp.

If service accounting is enabled with VSA 191, this attribute also includes the service accounting identifier, which is the service-name that is defined in VSA 190. The session accounting and service accounting identifiers are separated by a colon (:).

By default, this attribute is sent in Accounting-Request packets. To send this attribute in Access-Request packets, you must use the radius attribute acct-session-id command (in context configuration mode).

45

Acct-Authentic

No

Yes

No

String. Values are RADIUS and local.

46

Acct-Session-Time

No

Yes

No

Integer. Number of seconds for which the user has received service. Can only be present in Accounting-Request records where the Acct-Status-Type attribute is set to Stop or Update.

47

Acct-Input-Packets

No

Yes

No

Integer. Number of packets that have been received from the port over the course of providing this service to a framed user. Can only be present in Accounting-Request records where the Acct-Status-Type attribute is set to Stop or Update.

48

Acct-Output-Packets

No

Yes

No

Integer. Number of packets that have been sent to the port in the course of delivering this service to a Framed User. Can only be present in Accounting-Request records where the Acct-Status-Type attribute is set to Stop or Update.

49

Acct-Terminate-Cause

No

Yes

No

Integer. Value represents the cause of session termination. Values are:

• 1=User request

• 2=Lost carrier

• 3=Lost service

• 4=Idle timeout

• 5=Session timeout

• 6=Admin reset

• 8=Port error

• 9=NAS error

• 10=NAS request

• 15=Service unavailable

• 17=User error

50

Acct-Multi-Session-Id

No

Yes

No

String. Links multiple related sessions with a unique accounting ID.

52

Acct-Input-Gigawords

No

Yes

No

Integer. Value represents the number of times the Acct-Input-Octets counter has wrapped around 2^32 in the course of providing this service. This attribute can only be present in Accounting-Request records where the Acct-Status-Type attribute is set to Stop or Interim-Update.

53

Acct-Output-Gigawords

No

Yes

No

Integer. Value represents the number of times the Acct-Output-Octets counter has wrapped around 2^32 in the course of delivering this service. This attribute can only be present in Accounting-Request records where the Acct-Status-Type attribute is set to Stop or Interim-Update.

55

Event-Timestamp

No

Yes

No

Integer. Value represents the time this event occurred on the NAS, in seconds, since January 1, 1970 00:00 UTC.

61

NAS-Port-Type

Yes

Yes

No

Integer. The default value is either 0 or 5, indicating an asynchronous connection through a console port or a connection through a transport protocol, respectively, depending on how the subscriber is connected to its authenticating NAS. The range of values is 0 to 255.

Values 0 to 19 are as follows:

• 0—async

• 1—sync

• 2—ISDN (sync)

• 3—ISDN (async V120)

• 4—ISDN (async V110)

• 5—Virtual

• 6—PIAFS (wireless ISDN used in Japan)

• 7—HDLC (clear-channel)

• 8—X.25

• 9—X.75

• 10—G3_Fax (G.3 Fax)

• 11—SDSL (symmetric DSL)

• 12—ADSL_CAP (asymmetric DSL, Carrierless Amplitude Phase Modulation)

• 13—ADSL_DMT (asymmetric DSL, discrete multi-tone)

• 14—IDSL (ISDN digital subscriber line)

• 15—Ethernet

• 16—xDSL (digital subscriber line of unknown type)

• 17—Cable

• 18—Wireless (wireless—Other)

• 19—Wireless_802_11 (wireless—IEEE 802.11)

You can modify the value of this attribute through the radius attribute nas-port-type command (in ATM profile, dot1q profile, link-group, or port configuration mode).

62

Port-Limit

No

Yes

Yes

Integer. Maximum number of sessions a particular subscriber can have active at one time.

64

Tunnel-Type

No

Yes

Yes

Integer. Value indicates the tunneling protocol to be used. The supported value is 3, which indicates the Layer 2 Tunneling Protocol (L2TP).

65

Tunnel-Medium-Type

No

Yes

Yes

Integer. Value represents the transport medium to use when creating an L2TP tunnel for protocols that can operate over multiple transports. The supported value is 1, which indicates IPv4.

66

Tunnel-Client-Endpoint

No

Yes

Yes

String. Fully qualified domain name or IP address of the initiator end of an L2TP tunnel.

67

Tunnel-Server-Endpoint

No

Yes

Yes

String. Fully qualified domain name or IP address of the server end of an L2TP tunnel.

68

Acct-Tunnel-Connection

No

Yes

No

String. Unique accounting ID to easily match start and stop records in a log file for L2TP sessions. The start and stop records for a given session will have the same Acct-Tunnel-Connection attribute value.

69

Tunnel-Password

No

No

Yes

String. Password. Only used in Access-Accept packets.

77

Connect-Info

Yes

Yes

No

String containing either:

• An ATM, 802.1Q, or Frame Relay profile name sent to the RADIUS server.

• The values from L2TP attribute-value pairs (AVPs) 24 and 38 in the Tx/Rx format. Speeds are in bits-per-second.

80

Message-Authenticator

Yes

No

Yes

String. Signs access requests to prevent spoofing.

81

Tunnel-Pvt-Grp-ID

Yes

Yes

Yes

String. Indicates the group ID for a particular tunneled session. If the tunnel initiator can pre-determine the group resulting from a particular connection, the Tunnel-Private-Group-ID Attribute may be included in the Access-Request packet and should be included in the Access-Accept packet (if this tunnel session is to be treated as belonging to a particular private group). Private groups may be used to associate a tunneled session with a particular group of users.

82

Tunnel-Assignment-ID

No

Yes

Yes

String. Used to distinguish between different peers with configurations that use the same IP address. If no Tunnel-Client-Endpoint or Tunnel-Server-Endpoint attribute is supplied with this tag, and if the Tunnel-Assignment-ID matches the name of a locally configured peer, the session will be tunneled to that peer.

83

Tunnel-Preference

No

No

Yes

String. If more than one set of tunneling attributes is returned by the RADIUS server to the tunnel initiator, this attribute should be included in all sets to indicate the preference assigned to each set; the lower the value for a set, the more preferable it is.

85

Acct-Interim-Interval

No

No

Yes

Integer. The Value field indicates the number of seconds between each interim update sent from the NAS for this specific session.

The value must be between 600 and 604,800 seconds (7 days). Any value outside this range logs a message to the system and the value resets to the corresponding minimum or maximum allowed value.

Before you set this value, consider the possible impact to network traffic.

87

NAS-Port-ID

Yes

Yes

No

String. By default, this attribute is sent in RADIUS packets. The default format is: slot/port [vpi-vci vpi vci | vlan-id [tunl-vlan-id:]pvc-vlan-id] [pppoe sess-id | clips sess-id].

where slot and port are each 4 bits and tunl-vlan-id and pvc-vlan-id are each 12 bits. The tunl-vlan-id field is 0 if it does not exist.

For example, 4/1 vpi-vci 207 138 pppoe 5.

Use the radius attribute nas-port-id command (in context configuration mode) to specify another format for this attribute.

88

Framed-Pool

No

Yes

Yes

String. Name of the interface or IP pool used to assign an IP pool address to the subscriber. The behavior is identical to vendor VSA 36, IP-Address-Pool-Name.

If both the Framed-Pool and IP-Address-Pool-Name attributes are both received in a RADIUS Access-Accept packet, Framed-Pool takes precedence and is applied.

89

CUI

Yes

Yes

Yes

String. Optional. Chargeable User Identify (CUI). Identifies users when they roam outside their home network.

90

Tunnel-Client-Auth-ID

No

Yes

Yes

String. Defines the local hostname provided to remote tunnel peer (used during tunnel setup). The behavior is identical to vendor VSA 16, Tunnel-Local-Name.

91

Tunnel-Server-Auth-ID

No

Yes

Yes

String. Defines an alias for the remote peer name. The value of this attribute must match the value of the hostname AVP that the peer sends in the SCCRQ or SCCRP message (depending on the tunnel initiator).

95

NAS-IPv6-Address

Yes

Yes

No

IP address. Specifies an IPv6 source IP address of the Network Access Server (NAS) in RADIUS Access-Request and Access-Accounting request packets configured using the CLI. These RADIUS packets are sent by the SmartEdge router.

This attribute is not sent unless explicitly enabled through the radius attribute nas-ipv6 address interface <name> command (in context configuration mode).

For more information about NAS and RADIUS, see Configuring RADIUS.

96

Framed-Interface-ID

No

Yes

Yes

64-bit integer. Provides an interface ID for PPP clients that cannot generate their own interface ID. This value is sent in the Access-Response (Access-Accept) message for an IPv6 subscriber. When this value is in the authentication request, the AAA client receives this attribute from the authentication response.

97

Framed-IPv6-Prefix

No

Yes

Yes

Binary. Used for stateless address autoconfiguration. Indicates the Framed-IPv6-Prefix to be assigned to the user.

The Framed-IPv6-Prefix is also sent if the prefixes are applied in the a subscriber record.

99

Framed-IPv6-Route

No

Yes

Yes

String. Provides routing information to be configured for the user on the NAS.

100

Framed-IPv6-Pool

No

Yes

Yes

String. Name of a shared IPv6 prefix pool that is configured under the same context as the subscriber. The subscriber obtains its IPv6 prefixes from the specified IPv6 pool.

123

Delegated-IPv6-Prefix

No

Yes

Yes

Binary. Indicates the IPv6 prefix to be delegated to the subscriber using DHCPv6. This value is sent in Access-Accept and Accounting-Request messages. Multiple instances of this attribute can be present in one RADIUS packet.

The Delegated-IPv6-Prefix is also sent if the prefixes are applied in the subscriber record.

242

Ascend_Data_Filter

No

Yes

Yes

Binary String.

1

User-Name

Yes

No

Yes

No

5

NAS-Port

Yes

No

Yes

No

6

Service-Type

Yes

Yes⁽¹⁾

Yes

Yes⁽¹⁾

7

Framed-Protocol

Yes

No

No

No

8

Framed-IP-Address

Yes

No

Yes

No

9

Framed-IP-Netmask

Yes

No

No

No

11

Filter-Id

Yes

No

No

No

12

Framed-MTU

Yes

No

No

No

18

Reply-Message

Yes

No

Yes

No

22

Framed-Route

Yes

No

No

No

24

State

Yes

Yes

Yes

Yes

25

Class

Yes

No

Yes

No

26

Vendor-Specific

Yes

No

Yes

No

27

Session-Timeout

Yes

No

No

No

28

Idle-Timeout

Yes

No

No

No

30

Called-Station-Id

Yes

No

Yes

No

31

Calling-Station-Id

Yes

No

Yes

No

32

NAS-Identifier

Yes

No

Yes

No

33

Proxy_State

Yes

Yes

Yes

Yes

44

Acct-Session-Id

Yes

No

Yes

No

50

Acct-Multi-Session-Id

Yes

No

Yes

No

55

Event-Timestamp

Yes

Yes

Yes

Yes

61

NAS-Port-Type

Yes

No

Yes

No

62

Port-Limit

Yes

No

No

No

64

Tunnel-Type

Yes

No

No

No

65

Tunnel-Medium-Type

Yes

No

No

No

66

Tunnel-Client-Endpoint

Yes

No

No

No

67

Tunnel-Server-Endpoint

Yes

No

No

No

69

Tunnel-Password

Yes

No

No

No

81

Tunnel_Pvt_Grp_ID

Yes

Yes

Yes

82

Tunnel-Assignment-ID

Yes

No

No

No

83

Tunnel-Preference

Yes

No

No

No

85

Acct_Interim_Interval

Yes

No

No

No

87

NAS-Port-Id

Yes

No

Yes

No

90

Tunnel-Client-Auth-ID

Yes

No

No

No

91

Tunnel-Server-Auth-ID

Yes

No

No

No

95

NAS-IPv6-Address

No

No

No

No

96

Framed-Interface-Id

No

No

No

No

97

Framed-IPv6-Prefix

No

No

No

No

99

Framed-IPv6-Route

No

No

No

No

101

Error-Cause

No

Yes⁽¹⁾

No

Yes

123

Delegated-IPv6-Prefix

No

No

No

No

242

Ascend_Data_Filter

Yes

No

No

No

11

Filter-Id

Filters inbound or outbound traffic through an access control list (ACL).

25

Class

Forwards the information sent by the RADIUS server to the SmartEdge router, without interpretation, in subsequent accounting messages to the RADIUS accounting server for that subscriber session.

26

Vendor_Specific

Allows Redback Networks to support its own VSAs.

27

Session-Timeout

Sets the in-service time allowed before the session terminates.

28

Idle-Timeout

Sets the idle time allowed before the session terminates.

85

Acct_Interim_Interval

Sets the value to an integer.

242

Ascend_Data_Filter

Allows multiple values.

1

Client-DNS-Pri

No

Yes

Yes

IP address of the primary DNS server for this subscriber’s connection.

2

Client-DNS-Sec

No

Yes

Yes

IP address of the secondary DNS server for this subscriber’s connection.

3

DHCP-Max-Leases

No

Yes

Yes

Integer. Maximum number of DHCP addresses this subscriber can allocate to hosts. The range of values is 1 to 255.

4

Context-Name

No

Yes

Yes

Binds the subscriber session to specified context, overriding the structured username. This information is only interpreted when global AAA is enabled.

5

Bridge-Group

No

No

Yes

String. Bridge group name; attaches subscriber to the named bridge group.

6

BG-Aging-Time

No

No

Yes

String. bg-name:val; configures bridge aging time for subscriber attaching to the named bridge group.

7

BG-Path-Cost

No

No

Yes

String. bg-name:val; configures bridge path cost for subscriber attaching to the named bridge group.

8

BG-Span-Dis

No

No

Yes

String. bg-name:val; disables spanning tree for subscriber attaching to the named bridge group.

The val argument can have the following values:

• 1 = TRUE

• 2 = FALSE

9

BG-Trans-BPDU

No

No

Yes

String. bg-name:val; sends transparent spanning tree bridge protocol data units (BPDUs) for a subscriber attaching to the named bridge group.

The val argument can have the following values:

• 1 = TRUE

• 2 = FALSE

14

Source-Validation

No

Yes

Yes

Integer. Enables source validation for subscriber, according to one of the following values:

• 1=TRUE

• 0=FALSE

15

Tunnel-Domain

No

No

Yes

Integer. Binds the subscriber to a tunnel based on the domain name portion of the username, according to one of the following values:

• 1=TRUE

• 0=FALSE

16

Tunnel-Local-Name

No

No

Yes

String. Defines the local hostname provided to the remote peer during tunnel setup.

17

Tunnel-Remote-Name

No

No

Yes

String. Defines an alias for the remote peer name.

18

Tunnel-Function

No

Yes

Yes

Integer. Determines this tunnel configuration as a LAC-only endpoint or an LNS endpoint, according to one of the following values:

• 1=LAC only

• 2=LNS only

19

Tunnel_Flow_Control

Yes

Yes

No

Integer.

20

Tunnel_Static

Integer.

21

Tunnel-Max-Sessions

No

Yes

Yes

Integer. Limits the number of sessions per tunnel using this tunnel configuration.

22

Tunnel-Max-Tunnels

No

Yes

Yes

Integer. Limits the number of tunnels that can be initiated using this tunnel configuration.

23

Tunnel-Session-Auth

No

No

Yes

Integer. Specifies the authentication method to use during PPP authentication, according to one of the following values:

• 1=CHAP

• 2=PAP

• 3=CHAP-PAP

24

Tunnel-Window

No

No

Yes

Integer. Configures the receive window size for incoming L2TP messages.

25

Tunnel-Retransmit

No

No

Yes

Integer. Specifies the number of times the SmartEdge router retransmits a control message.

26

Tunnel-Cmd-Timeout

No

No

Yes

Integer. Specifies the number of seconds for the timeout interval between control message retransmissions.

27

PPPOE-URL

No

Yes

Yes

String in PPPoE URL format. Defines the PPPoE URL that is sent to the remote PPPoE client in the PADM packet.

28

PPPOE-MOTM

No

Yes

Yes

String. Defines the PPPoE MOTM message that is sent to the remote PPPoE client in the PADM packet.

29

Tunnel-Group

No

Yes

Yes

Integer. Indicates whether this record is a tunnel group with a list of member peers:

• 1 = TRUE

• 0 = FALSE

30

Tunnel-Context

No

Yes

Yes

String. Context name. Used in a DNIS peer record, this attribute specifies the context where the named peer should be found.

31

Tunnel-Algorithm

No

No

Yes

Integer. Specifies the session distribution algorithm used to choose between the peer configurations in the RADIUS response. This VSA instructs the SmartEdge router on how to interpret standard RADIUS attribute 83, Tunnel-Preference, according to one of the following values:

• 1=Priority

• 2=Load-Balance

• 3=Weighted round-robin

32

Tunnel-Deadtime

No

No

Yes

Integer. Specifies the number of minutes during which no sessions are attempted to an L2TP peer when the peer is down.

33

Mcast-Send

No

Yes

Yes

Integer. Defines whether the subscriber can send multicast packets, according to one of the following values:

• 1=NO SEND

• 2=SEND

• 3=UNSOLICITED SEND

34

Mcast-Receive

No

Yes

Yes

Integer. Defines whether the subscriber can receive multicast packets, according to one of the following values:

• 1=NO RECEIVE

• 2=RECEIVE

35

Mcast-MaxGroups

No

Yes

Yes

Integer. Specifies the maximum number of multicast groups of which the subscriber can be a member.

36

Ip-Address-Pool-Name

No

Yes

Yes

String. Name of the interface or IP pool used to assign an IP pool address to the subscriber.

37

Tunnel-DNIS

No

Yes

Yes

Integer. L2TP peer parameter specifying if incoming sessions from this peer are to be switched based on the incoming DNIS AVP if present or on the incoming DNIS AVP only (terminated if no DNIS AVP is present):

• 1 = DNIS

• 2 = DNIS ONLY

38

Medium-Type

Yes

Yes

No

Integer. Contains the medium type of the circuit. The system sets this value to DSL for CLIPS and PPP subscribers.

39

PVC-Encapsulation-Type

No

No

Yes

Integer. Encapsulation type to be applied to the circuit:

• 2 = Routed 1483

• 4 = ATM multi

• 5 = Bridged 1483

• 6 = ATM PPP

• 7 = ATM PPP serial

• 8 = ATM PPP NLPID

• 9 = ATM PPP auto

• 10 = ATM PPPoE

• 12 = ATM PPP LLC

• 22 = Ethernet IPoE

• 23 = Ethernet PPPoE

• 24 = Ethernet dot1q

• 26 = Ethernet dot1q pppoe

• 31 = Ethernet dot1q tunnel pppoe

• 32 = Ethernet dot1q multi

• 33 = Ethernet dot1q tunnel multi

40

PVC-Profile-Name

No

No

Yes

String. Name of the ATM profile that is assigned to the subscriber record, a named profile, or the default profile, using the shaping profile command (in subscriber configuration mode), to use for this circuit.

42

Bind-Type

No

No

Yes

Integer. Binding type to be applied to this circuit:

• 1 = authentication

• 3 = interface

• 4 = subscriber

• 14 = autosubscriber

• CCOD (circuit creation on demand) circuits support only subscriber bind types.

43

Bind-Auth-Protocol

No

No

Yes

Integer. Authentication protocol to use for this circuit:

• 1 = PAP

• 2 = CHAP

• 4 = CHAP PAP

• 5 = AAA-PPP-CHAP-WAIT-PAP

• 7 = PAP CHAP

44

Bind-Auth-Max-Sessions

No

No

Yes

Integer. Maximum number of PPPoE sessions allowed to be created for this circuit. Also specifies the same for PPPoE sessions tunneled with Ethernet encapsulation over L2TP on the LNS.

45

Bind-Bypass-Bypass

No

No

Yes

String. Name of the bypass being bound.

46

Bind-Auth-Context

No

No

Yes

String. Bind authentication context name. Also specifies the same for PPPoE sessions tunneled with Ethernet encapsulation over L2TP on the LNS.

47

Bind-Auth-Service-Grp

No

No

Yes

String. Bind authentication service group name. Also specifies the same for PPPoE sessions tunneled with Ethernet encapsulation over L2TP on the LNS.

48

Bind-Bypass-Context

No

No

Yes

String. Bind bypass context name.

49

Bind-Int-Context

No

No

Yes

String. Bind interface context name. Also specifies the same for IP bridging sessions tunneled with Ethernet encapsulation over L2TP on the LNS.

50

Bind-Tun-Context

No

No

Yes

String. Bind tunnel context name.

51

Bind-Ses-Context

No

No

Yes

String. Bind session context name.

52

Bind-Dot1q-Slot

No

No

Yes

Integer. Bind 802.1Q slot number.

53

Bind-Dot1q-Port

No

No

Yes

Integer. Bind 802.1Q port number.

54

Bind-Dot1q-Vlan-Tag-Id

No

No

Yes

Integer. Bind 802.1Q VLAN tag ID.

55

Bind-Int-Interface-Name

No

No

Yes

String. Bind interface name. Also specifies the same for IP bridging sessions tunneled with Ethernet encapsulation over L2TP on the LNS.

56

Bind-L2TP-Tunnel-Name

No

No

Yes

String. Bind L2TP tunnel name.

57

Bind-L2TP-Flow-Control

No

No

Yes

Integer. Bind L2TP flow control.

58

Bind-Sub-User-At-Context

No

No

Yes

String. Bind subscriber context name.

59

Bind-Sub-Password

No

No

Yes

String. Bind subscriber password.

60

Ip-Host-Addr

No

No

Yes

String in the form A.B.C.D hh:hh:hh:hh:hh:hh.

IP host address and MAC address. A space must separate the IP address from the MAC address.

61

Ip_Tos_Field

No

No

Yes

Integer. Specifies the value of the IP ToS field. Used for soft QoS:

• 0 = normal

• 1 = min-cost only

• 2 = max-reliability only

• 3 = max-reliability plus min-cost

• 4 = max-throughput only

• 5 = max-throughput plus min-cost

• 6 = max-throughput plus max-reliability

• 7 = max-throughput plus max-reliability plus min-cost

• 8 = min-delay only

• 9 = min-delay plus min-cost

• 10 = min-delay plus max-reliability

• 11 = min-delay plus max-reliability plus min-cost

• 12 = min-delay plus max-throughput

• 13 = min-delay plus max-throughput plus min-cost

• 14 = min-delay plus max-throughput plus max-reliability

• 15 = min-delay plus max-throughput plus max-reliability plus min-cost

62

NAS-Real-Port

Yes

Yes

No

Integer. Indicates the port number of the physical circuit on which the session was received. The format (in bits) is:

SSSSPPPPCCCCCCCCCCCCCCCCCCCCCCCC

where:

• S = Slot

• P = Port

• C = Circuit (for ATM, 8-bits of VPI, and 16-bits of VCI)

63

Tunnel-Session-Auth-Ctx

No

Yes

Yes

String. L2TP peer parameter that specifies the name of the context in which all incoming PPP over L2TP sessions should be authenticated, regardless of the domain specified in the username.

64

Tunnel-Session-Auth-Service-Grp

No

Yes

Yes

String. L2TP peer parameter specifying the service group (service access control list [ACL]) to be used for all incoming PPP over L2TP sessions.

65

Tunnel-Rate-Limit-Rate

No

Yes

Yes

4-byte integer. L2TP or GRE peer parameter specifying the rate-limit rate for a tunnel in kbps. Valid range of values is 10 to 1,250,000 kbps. If this parameter is configured, the Tunnel-Rate-Limit-Burst must also be configured.

66

Tunnel-Rate-Limit-Burst

No

Yes

Yes

4-byte integer. L2TP or GRE peer parameter specifying the rate-limit burst for a tunnel in bytes. Valid range of values is 0 to 1,562,500,000 bytes. If this parameter is configured, the Tunnel-Rate-Limit-Rate must also be configured.

67

Tunnel-Police-Rate

No

Yes

Yes

4-byte integer. L2TP or GRE peer parameter specifying the policing rate for a tunnel in kbps. Valid range of values is 10 to 1,250,000 kbps. If this parameter is configured, the Tunnel-Police-Burst must also be configured.

68

Tunnel-Police-Burst

No

Yes

Yes

4-byte integer. L2TP or GRE peer parameter specifying the policing burst for a tunnel in bytes. Valid range of values is 0 to 1,562,500,000 bytes. If this parameter is configured, the Tunnel-Police-Rate must also be configured.

69

Tunnel-L2F-Second-Password

No

Yes

Yes

String. L2F peer parameter specifying the password string used to authenticate the L2F remote peer. ⁽¹⁾

70

ACL-Definition

No

Yes

Yes

String. Used to define ACL definitions in the RADIUS database. The ACL-Name attribute is the username and the Service-Type attribute must be set to Access-Control-List. The data content of this attribute contains ACL definitions similar to the SmartEdge router command-line interface (CLI).

71

PPPoE-IP-Route-Add

No

Yes

Yes

String. Allows the PPPoE subscriber routing table to be populated in terms of what routes to be installed if multiple PPPoE sessions exist. A more granular set of routes can be achieved when multiple sessions are active to the client. The format is h.h.h.h nn g.g.g.g m where:

• h.h.h.h=IP address of destination host or network.

• nn=optional netmask size in bits (if not present, defaults to 32).

• g.g.g.g=IP address of gateway.

• m=Number of hops for this route.

If the first byte of VSA 71 is 121 (classless static route), then this VSA is used to handle the DHCP option 121.

72

TTY-Level-Start

No

No

Yes

Integer. Indicates the starting privilege level for the administrator. The range of values is 0 to 15 and the value must be less than or equal to the value of TTY-Level-Max.

73

TTY-Level-Max

No

No

Yes

Integer. Indicates the maximum privilege level for the administrator. The range of values is 0 to 15, and the value must be greater than or equal to the value of TTY-Level-Start.

74

Tunnel-Checksum

No

Yes

Yes

Integer. Enables GRE checksums. When enabled, a checksum is computed for each outgoing GRE packet. This allows the remote system to verify the integrity of each packet. Incoming packets that fail the checksum are discarded. A value of 1 equals enabled. Any other value for this attribute equals disabled.

75

Tunnel-Profile

No

No

Yes

String. Attaches a profile to the tunnel. Used when configuring a tunnel from a RADIUS server. A Tunnel-Profile attribute in a subscriber record is ignored.

78

Tunnel-Client-VPN

No

Yes

Yes

String. Name of the target context (a virtual private network [VPN]) on the client side of the tunnel. Required for GRE. If omitted, the system automatically sets the value equal to the value set for the Tunnel-Server-VPN attribute.

79

Tunnel-Server-VPN

No

Yes

Yes

String. Name of the target context (VPN) on the server side of the tunnel.

85

Tunnel-Hello-Timer

No

No

Yes

Integer. Hello timer (in seconds) representing the time the tunnel is silent before it transmits a hello message. It is configured using the hello-timer command (in L2TP peer configuration mode).

86

Redback-Reason

No

Yes

No

Integer. If the NetOp Policy Manager (PM) sends the SmartEdge router (through SNMP) a non-zero clear reason while trying to clear (bounce) the subscriber session, this clear reason value is sent to the RADIUS server in the RADIUS accounting Stop packet in this VSA.

87

Qos_Policing

No

Yes

Yes

String. Attaches a QoS policing policy to the subscriber session.

88

Qos_Metering

No

Yes

Yes

String. Attaches a QoS metering policy to the subscriber session.

89

Qos_Queuing

No

Yes

Yes

String. Attaches a QoS queuing policy of any type supported by the circuit to the subscriber session.

90

Igmp_Svc_Prof_Id

No

Yes

Yes

String. Name of the IGMP service profile that is applied to the subscriber session.

91

Sub_Profile_Name

No

Yes

Yes

Name of the subscriber profile that is applied to the subscriber session.

92

Forward-Policy

No

Yes

Yes

String. Attaches an in or out forward policy to the subscriber session. The forward policy is in the following format:

in:forward-policy-name

out:forward-policy-name

94

Reauth-String

No

No

Yes

String. The format is: ID-type;subID;attr-num;attr-value; attr-num;attr-value...

When the ID-type is 1, the subID is read as a RADIUS accounting session ID. When the ID-type is 2, the subID is read as a name.

The semicolon (;) acts as a delimiter. Attr-num is an integer that identifies a RADIUS attribute. For example, standard RADIUS attribute 11 (Filter-Id) for an access control list (ACL) or vendor VSA 87 (Qos_Policing) for a QoS policing policy. (vendor VSAs include the Redback prefix, 2352.) Attr-value is the value of the RADIUS attribute specified by attr-num.

95

Reauth-More

No

No

Yes

Integer. 0 or 1 (False or True).

96

Agent-Remote-Id

Yes

Yes

No

String. Used for two types of subscriber sessions:

• Incoming CLIPS sessions to the SmartEdge router from a DHCP relay network. This is suboption 2 in a DHCP option 82 packet.

• PPPoE sessions. Sent by the PPP client in the PADR.

This attribute can also be set through the radius attribute calling-station-id and radius attribute nas-port-id commands in context configuration mode.

97

Agent-Circuit-Id

Yes

Yes

No

String. Used for two types of subscriber sessions:

• CLIPS sessions coming into the SmartEdge router by way of a DHCP relay network. This is suboption 1 in a DHCP option 82 packet.

• PPPoE sessions. Sent by the PPP client in the PADR.

This attribute can also be set through the radius attribute calling-station-id and radius attribute nas-port-id commands in context configuration mode.

98

Platform-Type

Yes

Yes

No

Integer. Indicates the Redback product family from which the RADIUS access request is sent. The supported values are:

• 2=PLATFORM_TYPE_SE800

• 3=PLATFORM_TYPE_SE400

99

Client_NBNS_Pri

No

Yes

Yes

IP address. Configures the IP address of a primary NetBios Name Server (NBNS) that the subscriber must use.

100

Client_NBNS_Sec

No

Yes

Yes

IP address. Configures the IP address of a secondary NBNS that the subscriber must use.

101

Shaping-Profile-Name

No

Yes

Yes

String. Name of the ATM shaping profile.

104

IP-Interface-Name

No

Yes

Yes

String. Interface name. Binds a subscriber to the specified interface. This VSA is used in conjunction with VSA 3, DHCP-Max-Leases.

This attribute can also be set through the ip interface name command (in subscriber configuration mode).

105

NAT-Policy-Name

No

Yes

Yes

String. NAT policy name. Attaches the specified NAT policy to a subscriber.

107

HTTP-Redirect-Profile-Name

No

Yes (alive/ and stop records only)

Yes

String of up to 32 characters. HTTP redirect profile name.

108

Bind-Auto-Sub-User

No

No

Yes

String. Subscriber name prefix as specified by the bind auto-subscriber command (in ATM PVC, CLIPS PVC, or dot1q PVC configuration mode). The prefix is included in the automatically generated subscriber name. For more information about this command and the format for the automatically generated subscriber name, see Configuring Bindings.

109

Bind-Auto-Sub-Context

No

No

Yes

String. Name of context in which the subscriber is bound with the bind auto-subscriber command (in ATM PVC, CLIPS PVC, or dot1q PVC configuration mode). For more information about this command, see Configuring Bindings.

110

Bind-Auto-Sub-Password

No

No

Yes

String. Password prefix as specified by the bind auto-subscriber command (in ATM PVC, CLIPS PVC, or dot1q PVC configuration mode). The prefix is included in the automatically generated subscriber password. For more information about this command and the format for the automatically generated subscriber password, see Configuring Bindings.

111

Circuit-Protocol-Encap

No

Yes

Yes

Integer. Circuit encapsulation for CCOD child circuit. The following are the supported values:

• 27 = PPPoE encapsulation

• 34 = PPPoE multiencapsulation

• 35 = PPPoE tunnel multiencapsulation

112

OS-Version

Yes

Yes

No

String. Software version number.

113

Session-Traffic-Limit

No

Yes

Yes

String. Specifies that inbound or outbound traffic be limited. Use the in: limit and out: limit format where limits are independent and in Kbytes. Specifies that inbound, outbound, or aggregated traffic be limited. Use the in: limit, out: limit or aggregate: limit format, where limits are in Kilobytes (KB). The limit values set for inbound and outbound traffic are independent of each other. The limit value set for aggregate traffic is the total sum of both inbound and outbound traffic.

When configuring Session-Traffic-Limit, you can configure the limit for either of these options:

• Inbound traffic, outbound traffic, or both

• Aggregate traffic

You cannot configure the limit for aggregate traffic and for inbound or outbound traffic.

114

QoS-Reference

No

Yes

Yes

String. Specifies the node name, the node-name index, the group name, and the group-name index. A colon (:) separates the node-name index from the group name.

125

DHCP-Vendor-Class-Id

Yes

Yes

No

String. DHCP option 60 value.

127

DHCP-Vendor-Encap-Options

No

Yes

Yes

String. DHCP option 43 values. The format is:

code:value:code:value

where:

• code = DHCP vendor-encapsulation option number

• value = option data in one of the following formats:
  IP address type = dot notation
  Number = decimal integer
  ASCII string = ASCII characters without quotation marks
  Binary string = Hex values of bytes separated by commas (“,”)

For descriptions of the vendor-encapsulated options found in RFC 2132, DHCP Options and BOOTP Vendor Extension, see the tables in the option command.

128

Acct-Input-Octets-64

No

Yes

No

Integer. 64-bit value for the Acct-Input-Octets standard attribute per RFC 2139.

129

Acct-Output-Octets-64

No

Yes

No

Integer. 64-bit value for the Acct-Output-Octets standard attribute per RFC 2139.

130

Acct-Input-Packets-64

No

Yes

No

Integer. 64-bit value for the Acct-Input-Packets standard attribute per RFC 2139.

131

Acct-Output-Packets-64

No

Yes

No

Integer. 64-bit value for Acct-Output-Packets attribute per RFC 2139.

132

Assigned-IP-Address

No

Yes

No

IP address. Reports IP addresses assigned to a subscriber by way ofIP pools or DHCP.

133

Acct-Mcast-In-Octets-64

No

Yes

No

Integer. 64-bit value for the Acct-Mcast-In-Octets attribute.

134

Acct-Mcast-Out-Octets-64

No

Yes

No

Integer. 64-bit value for the Acct-Mcast-Out-Octets attribute.

135

Acct-Mcast-In-Packets-64

No

Yes

No

Integer. 64-bit value for the Acct-Mcast-In-Packets attribute.

136

Acct-Mcast-Out-Packets-64

No

Yes

No

Integer. 64-bit value for the Acct-Mcast-Out-Packets attribute.

137

LAC-Port

Yes

Yes

No

Integer. Contains the circuit handle for the incoming session on an L2TP LAC. This attribute should be present for a subscriber on an L2TP tunnel switch or LNS only. The circuit can be virtual for a PPPoE session.

138

LAC-Real-Port

Yes

Yes

No

Integer. Contains the circuit handle for the real circuit of an incoming PPPoE session on an L2TP LAC. This attribute should be present for a subscriber on an L2TP tunnel switch or LNS only.

139

LAC-Port-Type

Yes

Yes

No

Integer. Contains the port type for the incoming session on an L2TP LAC. This attribute should be present for a subscriber on an L2TP tunnel switch or LNS only. The port can be virtual for a PPPoE session. Values for port types are:

• 40 = NAS_PORT_TYPE_10BT

• 41 = NAS_PORT_TYPE_100BT

• 42 = NAS_PORT_TYPE_DS3_FR

• 43 = NAS_PORT_TYPE_DS3_ATM

• 44 = NAS_PORT_TYPE_OC3

• 45 = NAS_PORT_TYPE_HSSI

• 46 = NAS_PORT_TYPE_EIA530

• 47 = NAS_PORT_TYPE_T1

• 48 = NAS_PORT_TYPE_CHAN_T3

• 49 = NAS_PORT_TYPE_DS1_FR

• 50 = NAS_PORT_TYPE_E3_ATM

• 51 = NAS_PORT_TYPE_IMA_ATM

• 52 = NAS_PORT_TYPE_DS3_ATM_2

• 53 = NAS_PORT_TYPE_OC3_ATM_2

• 54 = NAS_PORT_TYPE_1000BSX

• 55 = NAS_PORT_TYPE_E1_FR

• 56 = NAS_PORT_TYPE_E1_ATM

• 57 = NAS_PORT_TYPE_E3_FR

• 58 = NAS_PORT_TYPE_OC3_POS

• 59 = NAS_PORT_TYPE_OC12_POS

• 60 = NAS_PORT_TYPE_PPPOE

140

LAC-Real-Port-Type

Yes

Yes

No

Integer. Contains the port type for the real circuit of an incoming PPPoE session on an L2TP LAC. This attribute should be present for a subscriber on an L2TP tunnel switch or LNS only.

See VSA 139 for port-type values.

141

Acct-Dyn-Ac-Ent

No

Yes

No

String. Used for dynamic redirect ACLs. Specifies that when a watch access entry is triggered, an accounting update is generated.

Format for the accounting entry is:

status:direction:access-entry:byte-count:packet count:

• status = ON or OFF. The status is ON when the dynamic access entry is triggered and OFF when the dynamic access entry expires.

• direction = IN or OUT. Flow of traffic in which the ACL was applied. Direction is IN for subscriber traffic destined for the SMS device and OUT for traffic destined to the subscriber.

• access-entry = Triggered dynamic access entry that caused the update to be generated.

• byte-count = Number of bytes that have passed through the dynamic access entry since it was triggered.

• packet-count = Number of packets that have passed through the dynamic access entry since it was triggered.

142

Session-Error-Code

No

Yes

No

Integer. 32 bits. Stop record only. Communicates specific error code information between Redback devices.

143

Session-Error-Msg

No

Yes

No

String. Stop record only. Describes how the session terminated.

144

Acct_Reason

No

Yes

No

Integer. Reason code describing why the SmartEdge router generated an accounting packet for a particular subscriber to RADIUS. Reason code values are:

• 1 = AAA_LOAD_ACCT_SESSION_UP

• 2 = AAA_LOAD_ACCT_SESSION_DOWN

• 3 = AAA_LOAD_ACCT_PERIODIC

• 16 = AAA_LOAD_ACCT_VOLUME_INGRESS_ EXCEEDED

• 17 = AAA_LOAD_ACCT_VOLUME_EGRESS_ EXCEEDED

• 18 = AAA_LOAD_ACCT_IDLE_TIMEOUT

• 19 = AAA_LOAD_ACCT_TIME_EXCEEDED

145

Mac-Addr

Yes

Yes

No

String. MAC address. The format is 17 octets in hex. The MAC address is sent for all subscriber PPPoE sessions. Supported media includes ATM PVCs, 802.1Q PVCs (tagged or untagged VLANs), and Ethernet ports.

147

Acct-Mcast-In-Octets

No

Yes

No

Integer. Number of inbound multicast octets.

148

Acct-Mcast-Out-Octets

No

Yes

No

Integer. Number of outbound multicast octets.

149

Acct-Mcast-In-Packets

No

Yes

No

Integer. Number of inbound multicast packets.

150

Acct-Mcast-Out-Packets

No

Yes

No

Integer. Number of outbound multicast packets.

151

Reauth-Session-Id

No

No

Yes

String. Identifies the reauthorize session request. The value in this attribute is a string of attributes and values for the identified subscriber.

156

Qos-Rate-Inbound

No

Yes

Yes

String. Changes the inbound QoS rate. The format is rate:burst:excess-burst; changing the burst and excess-burst values is optional.

157

Qos-Rate-Outbound

No

Yes

Yes

String. Changes the outbound QoS rate. The format is rate:burst:excess-burst; changing the burst and excess-burst values is optional.

158

Route-Tag

No

Yes

Yes

Integer. Assigns a route tag to the subscriber’s IP address (Framed-IP-Route), as well as the subscriber’s route statements (Framed-IP-Route).

164

Dynamic-Policy-Filter

No

Yes

Yes

String. The string consists of a set of ASCII tokens separated by one or more spaces. No other characters are allowed. The tokens are shown in a syntax statement in Section 3.5 section along with descriptions of the keywords and arguments in the syntax table.

165

HTTP-Redirect-URL

No

Yes

Yes

String. URL to which the SmartEdge router redirects HTTP requests.

166

DSL-Actual-Rate-Up

Yes

Yes

No

Integer 32-bit value. The actual DSL rate in the upstream direction.

167

DSL-Actual-Rate-Down

Yes

Yes

No

Integer 32-bit value. The actual DSL rate in the downstream direction.

168

DSL-Min-Rate-Up

Yes

Yes

No

Integer 32-bit value. The minimum DSL rate in the upstream direction.

169

DSL-Min-Rate-Down

Yes

Yes

No

Integer 32-bit value. The minimum DSL rate in the downstream direction.

170

DSL-Attainable-Rate-Up

Yes

Yes

No

Integer 32-bit value. The attainable DSL rate in the upstream direction.

171

DSL-Attainable-Rate-Down

Yes

Yes

No

Integer 32-bit value. The attainable DSL rate in the downstream direction.

172

DSL-Max-Rate-Up

Yes

Yes

No

Integer 32-bit value. The maximum DSL rate in the upstream direction.

173

DSL-Max-Rate-Down

Yes

Yes

No

Integer 32-bit value. The maximum DSL rate in the downstream direction.

174

DSL-Min-Low-Power-Rate-Up

Yes

Yes

No

Integer 32-bit value. The DSL minimum low power rate in the upstream direction.

175

DSL-Min-Low-Power-Rate-Down

Yes

Yes

No

Integer 32-bit value. The DSL minimum low power rate in the downstream direction.

176

DSL-Max-Inter-Delay-Up

Yes

Yes

No

Integer 32-bit value. The maximum DSL interleaving delay in the upstream direction.

177

DSL-Actual-Inter-Delay-Up

Yes

Yes

No

Integer 32-bit value. The actual DSL interleaving delay in the upstream direction.

178

DSL-Max-Inter-Delay-Down

Yes

Yes

No

Integer 32-bit value. The maximum DSL interleaving delay in the downstream direction.

179

DSL-Actual-Inter-Delay-Down

Yes

Yes

No

Integer 32-bit value. The actual DSL interleaving delay in the downstream direction.

180

DSL-Line-State

Yes

Yes

No

Integer 32-bit value. The DSL port state:

• 1 = SHOWTIME

• 2 = IDLE

• 3 = SILENT

181

DSL-L2-Encapsulation

Yes

Yes

No

Integer 32-bit value. The DSL data link protocol and data link encapsulation:

Data link byte:

• 0 = ATM AAL5

• 1 = ETHERNET

Encapsulation byte 1:

• 1 = Untagged

• 2 = Ethernet

Encapsulation byte 2:

• 0 = NA

• 1 = PPPoA LLC

• 2 = PPPoA NULL

• 3 = IPoA LLC

• 4 = IPoA NULL

• 5 = Ethernet over AAL5 LLC with FCS

• 6 = Ethernet over AAL5 LLC without FCS

• 7 = Ethernet over AAL5 NULL with FCS

• 8 = Ethernet over AAL5 NULL without FCS

182

DSL-Transmission-System

Yes

Yes

No

Integer 32-bit value. The DSL access-loop type of transmission system:

• 1 = ADSL1

• 2 = ADSL2

• 3 = ADSL2+

• 4 = VDSL1

• 5 = VDSL2

• 6 = SDSL

• 7 = UNKNOWN

183

DSL-PPPOA-PPPOE-Inter-Work-Flag

Yes

Yes

No

Integer. PPPoA-to-PPPoE interworking flag.

184

DSL-combined-Line-Info

Yes

Yes

No

String. The value of the TLV described in GSMP Extensions for Layer 2 Control (L2C) Topology Discovery and Line Configuration, section 5.4.1 ,“Topology Discovery.”

185

DSL-Actual-Rate-Down-Factor

Yes

Yes

No

Integer. The rate that can be learned from the DSLAM or from a PPPoE or DHCP tag, depending on the configuration of the access-line rate command (in subscriber configuration mode).

189

Flow_FAC_Profile

No

Yes

No

String. Specifies the name of a Flow Admission-Control profile. This attribute is used to apply flow on the circuit of the configured subscriber. The Flow_FAC_Profile attribute can only be configured under subscriber profile.

190

Service-Name

No

Yes

Yes

String. The name of the service to be activated, together with the following optional fields:

• :service id—Used when there is more than one instance of the same service.

• service-parameter—Zero or more parameters formatted as name-value pairs. Names and values are separated by an equals sign (=) with no spaces around it. Pairs are separated by spaces. You can also specify service parameters in VSA 192. See VSA 192 for formatting details.

191

Service-Options

No

No

Yes

Integer. Specifies whether accounting is enabled for service management:

• ACCT-DISABLED = 0x00

• ACCT-ENABLED = 0x01

192

Service-Parameter

No

Yes

Yes

String. Service parameters for a service that is specified in VSA 190, formatted as name-value pairs. Names and values are separated by an equal sign (=) with no spaces around it. Pairs are separated by spaces. If a parameter needs an array, the values in the array are separated by commas (,) with no space between the value and the comma. If the value is a string that includes either spaces or commas, enclose the string in double quotes (“).

193

Service-Error-Cause

No

Yes

No

Integer. Specifies a service management error according to one of the following values:

• 0 = Service success

• 401 = Unsupported attribute

• 402 = Missing attribute

• 404 = Invalid request

• 506 = Resource unavailable

• 550 = Generic service error

• 551 = Service not found

• 552 = Service already active

• 553 = Service accounting disabled

• 554 = Service duplicate parameter

If the RADIUS server does not support this VSA, the 550, 551, and 552, 553, and 554 error codes can be mapped to the standard Error-Cause attribute 550 (other proxy processing error).

194

Deactivate-Service-Name

No

No

No

String. The service profile name of the service to be deactivated together with the following optional fields:

• :service id—Used when there is more than one instance of the same service.

• service-parameter—Zero or more parameters formatted as name-value pairs. Names and values are separated by an equals sign (=) with no spaces around it. Pairs are separated by spaces.

195

QoS-Overhead

No

Yes

Yes

String. Attaches a QoS overhead profile to the subscriber session. If the overhead profile is defined in the RADIUS record of the subscriber, the subscriber has the specified overhead profile when the subscriber session comes up.

196

Dynamic-QoS-Param

No

No

Yes

String. The format varies by QoS parameter. For more information, see Section 3.6.

Zero or more Dynamic-QoS-Param VSAs can be sent in an Access-Accept or CoA-Request packet to the SmartEdge router.

199

Double_Authentication

No

No

Yes

Integer. The integer value is 1. Indicates that the session needs one more authentication. It is valid only if it is received from a global access response.

201

DHCP-Field

Yes

Yes

No

Binary. Identifies a standard DHCP client field.

This generic VSA is used to identify standard DHCP client fields that must be sent in RADIUS authentication or accounting requests. To distinguish each supported DHCP client field, a unique dhcp-sub-field field is used within this VSA to indicate a specific value that corresponds to a specific DHCP client field. Currently, this VSA supports only dhcp-sub-field field of type 1, the giaddr or gateway address field. A RADIUS server uses the gateway address field to provide static routes to clients based on this address.

202

DHCP-Option

Yes

Yes

No

Binary. Identifies a DHCP client option.

This VSA is a generic VSA, which is used to identify various supported DHCP client options that must be sent in RADIUS authentication or accounting requests. To distinguish each supported DHCP client option, a unique dhcp-sub-type field is used within this VSA to indicate a specific value that corresponds to a specific DHCP option. Currently, this VSA supports DHCP options 12 (hostname), 61 (client identifier), and 77 (user class).

203

Security-Service

No

Yes

Yes

String configured in RADIUS. Specifies an ASE security profile. Optionally specifies a preshared key using the following format: Security-Service="ike preshared-key hex hex-value | ASCII-value". The IKE preshared key is only received in an Acct-Response message; it is never sent in an Access-Request or Acct-Request message.

The ASE DPI traffic management policy name is received in the Access-Request and sent in the Acct-Request in the format Security-Service="dpi traffic-management policy policy-name".

To enable DPI security service for a subscriber either through COA or reauthorization at a later point, configure RADIUS to send the Access-Accept message at initial subscriber logon with the following format: Security-Service="dpi traffic-management enable-coa".

204

Reauth-Service-Name

No

No

No

String. The name of the service to be reauthorized, together with the optional field of service-parameter. Parameters are formatted as name-value pairs. Names and values are separated by an equals sign (=) with no spaces around it. Pairs are separated by spaces. The service name and service parameters are separated by spaces. For example: Reauth-Service-Name: = “voip_service inLimit=1000 timeout=10”

This VSA is used to provide dynamic reauthorization of the RADIUS service attributes of an RSE service without bringing the associated service down. The following are the supported RADIUS service attributes:

• Service-Interim-Accounting

• Service-Timeout

• Service-Volume-Limit

For more information about these attributes, see Section 7.

If not all reauthorizable service parameters fit in VSA 204 due to the limitations of number of characters you can use in this VSA, you can use vendor VSA 192, Service-Parameters, to carry these additional service parameters. You can also configure VSA 204 to carry only the service name and VSA 192 carry all the service parameters. See VSA 192 for formatting details.

If you are using VSA 192 with VSA 204, use a RADIUS attribute tag to correlate this VSA with VSA 204. The tag is an arbitrary number you assign to both VSAs.

For example:

Reauth-Service-Name:2 = “voip_service”
Service-Parameters:2 = “timeout=1 
inLimit=777 outLimit=1000”

In the above example, 2 is the RADIUS attribute tag assigned to both VSAs.

If a CoA-Request message is to include more than one set of associated VSAs that are tagged with RADIUS attribute tags, and there exists among these sets at least one common VSA, ensure that the RADIUS attribute tag you assign to each set is unique. Ensuring the uniqueness of each tag allows the SmartEdge router to successfully process the CoA-Request message.

207

RB-IPV6-DNS

No

Yes

Yes

String. This attribute is a Redback VSA to configure the IPv6 Primary and Secondary DNS of a subscriber. An example is shown below:

IPv6-DNS = "1=2000::106:a00:20ff:fe99:a998,2=2000::106:a00:20ff:fe99:a995

1= value indicates the primary ipv6 dns for the subscriber.

2=value indicates the secondary ipv6-dns for the subscriber. Note that the primary and secondary ipv6 dns can be configured using the same VSA. This attribute cannot be modified through CoA. For more information on these commands, refer to dns6 primary and secondary CLI commands.

208

RB-IPv6 Option

No

Yes

Yes

String. This VSA is used to configure multiple ipv6 attributes for a single subscriber. The nd-profile, ipv6-source-validation, and ipv6-route-tag can be configured using the IPv6-Option Redback VSA. IPv6 Source validation or reverse-path-forwarding for the subscriber can be configured using the following syntax:

IPv6-Option ="source-validation=1"

The example below shows how a route-tag can be configured for the subscriber:

IPv6-Option ="route-tag=22"

The ND profile for the subscriber can be configured as shown below.

IPv6-Option += “nd-profile=nd1”

This attribute, IPv6-Option cannot be modified through CoA.

209

Cluster-Partition-ID

Yes

Yes

No

String (up to 243 characters) sent in Access-Request and Accounting-Request messages to provide the VRRP Partition Id.

After a VRRP state transition, this VSA contains a new value for the VRRP Partition ID (in the Access-Request and Accounting-Request messages). The subscriber sessions initiated before the VRRP transition should be cleaned up.

210

Circuit_Group_Member

No

Yes

Yes

String. Name of a configured circuit group, which is an alphanumeric string comprising up to 39 characters. This VSA is used to specify that the subscriber is a member of the specified circuit group.

This VSA is the equivalent of the
circuit-group-member command configured in the local subscriber record.

Subscriber circuit-group-membership cannot be dynamically modified, added, or removed. To make circuit-group-membership changes, terminate the subscriber session, reassign circuit group membership, and then reestablish the subscriber session.

For information about circuit groups including VPCGs, see Circuit Groups.

212

Delegated-Max-Prefix

No

Yes

Yes

Integer. Number of IPv6-Delegated-Prefixes that must be assigned to the subscriber. Range is from 1 to 5; default is 1.

4

Context_Name

Yes

No

Yes

No

33

Mcast_Send

Yes

No

No

No

34

Mcast_Receive

Yes

No

No

No

35

Mcast_MaxGroups

Yes

No

No

No

87

Qos_Policing

Yes

Yes

88

Qos_Metering

Yes

Yes

89

Qos_Queuing

Yes

Yes

90

Igmp_Svc_Prof_Id

Yes

No

No

No

92

Forward-Policy

Yes

No

No

No

94

Reauth_String

Yes

No

No

No

95

Reauth_More

Yes

No

No

No

96

RBN_Agent_Remote_ID

Yes

No

Yes

No

97

RBN_Agent_Circuit_ID

Yes

No

Yes

No

101

Shaping_Profile_Name

Yes

No

No

No

102

Bridge_Profile

Yes

No

No

No

105

Nat_Policy_Name

Yes

No

No

No

107

HTTP_Redirect_Profile_Name

Yes

No

No

No

112

OS_Version

Yes

No

No

No

113

Session_Traffic_Limit

Yes

No

No

No

114

Qos_Reference

Yes

No

No

No

156

Qos_Rate_Inbound

Yes

No

No

No

157

Qos_Rate_Outbound

Yes

No

No

No

164

Dynamic-Policy-Filter

Yes

No

No

No

165

HTTP-Redirect-URL

Yes

No

No

No

189

Flow_FAC_Profile

Yes

No

No

No

190

Service-Name

Yes

Yes

No

No

191

Service-Options

Yes

No

No

No

192

Service-Parameter

Yes

No

No

No

193

Service-Error-Cause

No

Yes

No

No

194

Deactivate-Service-Name

Yes

Yes

No

No

196

Dynamic-QoS-Param

Yes

No

No

No

203

Security-Service

Yes

No

No

No

204

Reauth-Service-Name

Yes

Yes

No

No

33

Mcast-Send

Defines whether the subscriber can send multicast packets.

34

Mcast-Receive

Defines whether the subscriber can receive multicast packets.

35

Mcast-MaxGroups

Specifies the maximum number of multicast groups of which the subscriber can be a member.

87

Qos_Policing

Attaches a QoS policing policy to the subscriber session.

88

Qos_Metering

Attaches a QoS metering policy to the subscriber session.

89

Qos_Queuing

Attaches a QoS queuing service profile to the subscriber session.

90

Igmp_Svc_Prof_Id

Applies an IGMP service profile to the subscriber session.

92

Forward-Policy

Attaches an in or out forward policy to the subscriber session.

101

Shaping-Profile-Name

Indicates the name of the ATM shaping profile.

102

Bridge-Profile-Name

Indicates the name of the bridge profile.

105

Nat_Policy_Name

Indicates the NAT policy name. Attaches the specified NAT policy to a subscriber.

107

HTTP-Redirect-Profile-Name

Indicates the name of the HTTP redirect profile.

113

Session-Traffic-Limit

Specifies that inbound or outbound traffic be limited. Specifies that inbound, outbound, or aggregated traffic be limited.

114

Qos_Reference

Specifies the node name, node-name index, group name, and group-name index.

A colon (:) separates the node-name index from the group name.

156

Qos_Rate_Inbound

Changes the inbound QoS rate; changing the excess burst rate is optional.

157

Qos_Rate_Outbound

Changes the outbound QoS rate; changing the excess burst rate is optional.

164

Dynamic_Policy_Filter

Specifies a class rule for a dynamic policy ACL.

165

HTTP_Redirect_URL

Specifies the URL to which the SmartEdge router redirects HTTP requests.

189

Flow_FAC_Profile

Specifies flow.

190

Service_Name

Carries the service name and parameters required to activate the service.

191

Service_Options

Carries the service action, which indicates the action that SmartEdge router should perform.

The enumerated types for this attribute are shown below:

a) ACTIVATE-ENABLED = 0x01

b) ACTIVATE-DISABLED = 0x00

192

Service_Parameter

Carries the parameters required to activate the service.

194

Deactivate_Service_Name

195

Qos_Overhead

Attaches a QoS overhead profile to the subscriber session

196

Dynamic_QoS_Param

Parameterizes QoS policies

203

Security-Service

204

Reauth-Service-Name

Carries the service name and parameters required to reauthorize the named service.

ip

Specifies that the filter applies to IP packets.

dir

Specifies the direction of the traffic with one of the following keywords:

• in—Traffic is inbound to the SmartEdge router.

• out—Traffic is outbound from the SmartEdge router.

forward

Specifies the filter action.

dstip n.n.n.n[/nn

Optional. IP address and netmask for the destination port. The range of values for the netmask is 0 to 32.

srcip n.n.n.n[/nn

Optional. IP address and netmask for the source port. The range of values for the netmask is 0 to 32.

dscp dscp-value

Optional. Differentiated Services Code Point (DSCP) value that the packet must have to be considered a match. The range of values is decimal 0 to 63, a hexadecimal value listed in Table 13, or one of the keywords listed in Table 13.

tos tos-value tos-mask

Optional. Type of service (ToS) that the packet must have to be considered a match. The range of values for the tos-value argument is decimal 0 to 255 or the hexadecimal equivalent, but only certain values are allowed. The tos-mask argument identifies the group of bits in the IP ToS byte; see Table 14.

protocol

Optional. Protocol, according to one of the following keywords:

• icmp—Internet Control Message Protocol (ICMP)

• tcp—Transmission Control Protocol (TCP)

• udp—User Datagram Protocol (UDP)

• ospf—Open Shortest Path First (OSPF) protocol

dstport dst-op dst-port

Optional. Comparison operation and port name or number for the destination port. Table 11 lists the keywords for the comparison operation (the dst-op argument). For the dst-port argument, you can specify either a port name or a port number. Table 12 lists the keywords for the port name. The range of values for port number is 1 to 1,023.

srcport src-op src-port

Optional. Comparison operation and port name or number for the source port. Table 11 lists the keywords for the comparison operation (the src-op argument). For the src-port argument, you can specify either a port name or a port number. Table 12 lists the keywords for the port name. The range of values for port number is 1 to 1,023.

est

Optional. TCP established. This keyword is valid only if you specify the tcp keyword for the protocol.

class class-name

Class name. The format is a string of 1 to 39 case-sensitive printable characters.

service

Type of service policy, according to one of the following keywords:

• fwd—Forward policy

• nat—Network Address Translation (NAT) policy

• qos—Quality of service (QoS) policy (either metering or policing)

<

Port number is less than the specified port number.

=

Port name or number matches the specified port name or number.

>

Port number is greater than the specified port number.

!=

Port name or number does not match the specified port name or number.

cmd

514/udp; shell command

domain

53/udp, 53/tcp; Domain Name Server

exec

512/tcp; remote process execution

finger

79/udp, 79/tcp; Finger

ftp

21/udp, 21/tcp; FTP

ftp-data

20/udp, 20/tcp; FTP default data

gopher

70/udp, 70/tcp; Gopher

hostname

101/udp, 101/tcp; NIC Host Name Server

kerberos

88/udp, 88/tcp; Kerberos

login

513/tcp; remote login, such as Telnet

nameserver

42/udp, 42/tcp; Host Name Server

nntp

119/udp, 119/tcp; NNTP

ntp

123/tcp, 123/udp; NTP

smtp

25/udp; SMTP

talk

517/udp; similar to a tenex link, but across machine; does not use link protocol; a rendezvous port from which a tcp connection is established

telnet

23/udp; Telnet

tftp

69/udp; TFTP

www

80/udp, 80/tcp; World Wide Web HTTP

af11

0x0a

Assured Forwarding—Class 1/Drop precedence 1

af12

0x0c

Assured Forwarding—Class 1/Drop precedence 2

af13

0x0e

Assured Forwarding—Class 1/Drop precedence 3

af21

0x12

Assured Forwarding—Class 2/Drop precedence 1

af22

0x14

Assured Forwarding—Class 2/Drop precedence 2

af23

0x16

Assured Forwarding—Class 2/Drop precedence 3

af31

0x1a

Assured Forwarding—Class 3/Drop precedence 1

af32

0x1c

Assured Forwarding—Class 3/Drop precedence 2

af33

0x1e

Assured Forwarding—Class 3/Drop precedence 3

af41

0x22

Assured Forwarding—Class 4/Drop precedence 1

af42

0x24

Assured Forwarding—Class 4/Drop precedence 2

af43

0x26

Assured Forwarding—Class 4/Drop precedence 3

cs0

0x00

Class selector 0

cs1

0x08

Class selector 1

cs2

0x10

Class selector 2

cs3

0x18

Class selector 3

cs4

0x20

Class selector 4

cs5

0x28

Class selector 5

cs6

0x30

Class selector 6

cs7

0x38

Class selector 7

df

0x00

Default Forwarding (alternative to cs0)

ef

0x2e

Expedited Forwarding

prec1

0x08

Precedence selector 1 (alternative to cs1)

prec2

0x10

Precedence selector 2 (alternative to cs2)

prec3

0x18

Precedence selector 3 (alternative to cs3)

prec4

0x20

Precedence selector 4 (alternative to cs4)

prec5

0x28

Precedence selector 5 (alternative to cs5)

prec6

0x30

Precedence selector 6 (alternative to cs6)

prec7

0x38

Precedence selector 7 (alternative to cs7)

Flags

1 to 4

30

0x1E

Precedence

5 to 7

224

0xE0

Combined

1 to 7

254

0xFE

DSCP

2 to 7

252

0xFC

attribute

Specifies one of the following dynamic quality of service (QoS) parameters:

• fwd-in-access-groupgroup-name⁽¹⁾

• meter-circuit-burst bytes

• meter-circuit-exceed {mark-dscp dscp-value | mark-precedence precedence-value | mark-priority priority-value} | {drop-qos-priority priority-value} | drop-all | no-action}

• meter-circuit-excess-burst bytes

• meter-circuit-conform {mark-dscp dscp-value | mark-precedence precedence-value | mark-priority priority-value} | no-action}

• meter-circuit-mark {mark-dscp dscp-value | mark-precedence precedence-value | mark-priority priority-value}

• meter-circuit-rate rate-absolute rate-value

• meter-circuit-violate {mark-dscp dscp-value | mark-precedence precedence-value | mark-priority priority-value} | drop-all | no-action}

• meter-class-burstclass-nameburst-bytes

• meter-class-conform class-name {mark-dscp | mark-precedence | mark-priority | no-action}

• meter-class-exceedclass-name {mark-dscp | mark-precedence | mark-priority | drop-qos-priority-group | drop-all | no-action}

• meter-class-excess-burstclass-nameexcess-burst-bytes

• meter-class-markclass-name {mark-dscp | mark-precedence | mark-priority}

• meter-class-rateclass-name {rate-absolute kbps | rate-percentage percentage}

• meter-class-violateclass-name {mark-dscp | mark-precedence | mark-priority | drop-all | no-action}

• police-circuit-burst bytes

• police-circuit-conform {mark-dscp dscp-value | mark-precedence precedence-value | mark-priority priority-value} | no-action}

• police-circuit-exceed {mark-dscp dscp-value | mark-precedence precedence-value | mark-priority priority-value} | {drop-qos-priority priority-value} | drop-all | no-action}

• police-circuit-excess-burst bytes

• police-circuit-mark {mark-dscp dscp-value | mark-precedence precedence-value | mark-priority priority-value}

• police-circuit-rate rate-absolute rate-value

• police-circuit-violate {mark-dscp dscp-value | mark-precedence precedence-value | mark-priority priority-value} | drop-all | no-action}

• police-class-burstclass-nameburst-bytes

• police-class-conformclass-name {mark-dscp | mark-precedence | mark-priority | no-action}

• police-class-exceedclass-name {mark-dscp | mark-precedence | mark-priority | drop-qos-priority-group | drop-all | no-action}

• police-class-excess-burstclass-nameexcess-burst-bytes

• police-class-markclass-name {mark-dscp | mark-precedence | mark-priority}

• police-class-rate class-name {rate-absolutekbps | rate-percentage percentage}

• police-class-violateclass-name {mark-dscp | mark-precedence | mark-priority | drop-all | no-action}

• pwfq-priority-group-rate group-num {rate-absolutekbps | rate-percentage percentage}

• pwfq-queue-priority queue-num {priority-group | weight-value}

• pwfq-queue-weight queue-numweight-value

• pwfq-circuit-rate-min rate-value

• pwfq-circuit-rate-max rate-value

• pwfq-circuit-weight weight

parent

Optional. Enter the parent keyword to apply the modification of a dynamic-qos-param attribute to the parent circuit of the subscriber session instead of the subscriber session. The parent circuit of a subscriber session is considered to be the 802.1q VLAN or ATM PVC which encapsulates its traffic and under which the bind authentication or bind subscriber CLI configuration entry of the subscriber was specified.

You can also use the remove keyword with the parent keyword to remove applied dynamic parameter on parent circuit.

remove

Optional. Enter the remove keyword to remove a dynamic parameter and revert the QoS parameter to the default value.

39

PVC-Encapsulation-Type

40

PVC-Profile-Name

42

Bind-Type

43

Bind-Auth-Protocol

44

Bind-Auth-Max-Sessions

46

Bind-Auth-Context

89

Qos_Queuing

97

Agent-Circuit-Id

195

QoS-Overhead

39

PVC-Encapsulation-Type

40

PVC-Profile-Name

42

Bind-Type

43

Bind-Auth-Protocol

44

Bind-Auth-Max-Sessions

46

Bind-Auth-Context

89

Qos_Queuing

97

Agent-Circuit-Id

108

Bind-Auto-Sub-User

109

Bind-Auto-Sub-Context

110

Bind-Auto-Sub-Password

111

Circuit-Protocol-Encap

195

QoS-Overhead

242

Ascend-Data-Filter

No

Yes

Yes

Multivalue attribute. An Access-Accept packet contains multiple binary strings each representing a rule in an IP access control list (ACL). The rules are interpreted in the order they are received from the RADIUS server. If the RADIUS server returns both the SmartEdge router Filter-Id and Ascend-Data-Filter attributes for the same subscriber in the same direction, the Ascend-Data-Filter attribute is ignored, the SmartEdge router Filter-Id attribute is applied in that direction, and an event message to that effect is logged.

Service-Interim-Accounting

Integer. Number of seconds after which the service accounting counters are updated. The range of values is 900 to 2,147,483,647. Before this attribute is sent to the SmartEdge PPA for processing, the value for the Service-Interim-Accounting attribute is rounded to the nearest integer that divides by 60 evenly. For example, if 925 is the value for the Service-Interim-Accounting attribute, the SmartEdge router rounds this integer to 900.

Service-Timeout

Integer. Number of seconds after which a session times out. The range of values is 60 to 2,147,483,647.

Service-Volume-Limit

Integer. Volume of traffic (in KB) in either the upstream or downstream direction after which a service for a subscriber session has exceeded its volume limit. The range of values is 0 through 2,147,483,647.

7

Home Agent IP Address

Yes

Yes

No

IP address of the HA.

57

MN-HA SPI

Yes

No

No

Integer. Security Parameter Index (SPI). Sent when the SPI is changing for the mode node (MN) along with the HA and MN shared secret key.

58

MN-HA shared secret key

No

No

Yes

Octet string. Shared secret key used for MN and HA authentication.

79

Foreign Agent Address

No

Yes

No

IP address of the foreign agent (FA).

57

MN-HA SPI

Integer. SPI. Sent when the SPI is changing for the MN, along with the HA and MN shared secret key.

58

MN-HA shared secret key

Octet string. Shared secret key used for MN and HA authentication.

1

WiMax-Capability

Yes

No

Yes

Type-length values (TLVs). Indicates the capabilities that the home agent (HA) supports, such as accounting and hotlining:

• TLV ID 1: WiMAX release

• TLV ID 2: Accounting capabilities

• TLV ID 3: Hotlining capabilities

• TLV ID 4: Idle Mode notification capabilities

The WiMax-Capability attribute is optionally received in the access response message.

3

GMT-Time-Zone-Offset

No

Yes

No

Integer. The difference in seconds between the HA and RADIUS server, in Greenwich Mean Time (GMT). This information is used to calculate local time. The GMT-Time-Zone-Offset attribute is optionally sent in the Acct-Request message.

4

WIMAX-Session-ID

Yes⁽¹⁾

No

Yes

Binary string. Unique identifier in the home network for the session set in the home network AAA server. The Received in Access-Response is also received in the CoA.

6

hHA-IP-MIP4

Yes

No

No

IP address. IP address of the home agent (HA).

10

MN-HA-MIP4-Key

No

No

Yes

Binary string. The shared secret key used for authentication between the mobile node (MN) and HA.

11

MN-HA-MIP4-SPI

Yes

No

Yes

Integer. Security Parameter Index (SPI) that corresponds to the shared secret key used for mobile node (MN) and HA authentication. The HA includes this attribute in the Access-Request message to request the corresponding shared key from the RADIUS server. The RADIUS server includes this attribute in the Access-Response message and when it sends the CoA message to the HA to indicate that a new key will be used for subsequent MN and HA authentication or reauthentication for an existing mobile subscriber session.

15

HA-RK-Key

No

No

Yes

Octet. Key used to generate FA-HA keys.

16

HA-RK-SPI

Yes (Optional)

No

Yes

Integer. SPI associated with HA-RK-Key.

17

HA-RK-Lifetime

No

No

Yes

Integer. Lifetime of the HA-RK-Key.

18

RRQ-HA-IP

Yes

No

No

IP address. The IP address identified in the HA IP address file in the RRQ.

19

RRQ-MN-HA-Key

No

No

Yes (Optional)

Encrypted string. MN-HA key bound to the HA IP address.

24

Hotline-Indicator

No

Yes

Yes

String. Enables hotlining. Sent by RADIUS or COA server that is reported in the session and hotlining accounting records. The Hotline-Profile-ID and Hotline-Indicator enable hotlining.

48

Acct-Input-Packets-Gigawords

No

Yes

No

Integer. Incremented when the standard RADIUS attribute 47, Acct-Input-Packets, overflows. The Sent in Acct-Request is optional.

49

Acct-Output-Packets-Gigawords

No

Yes

No

Integer. Incremented when the standard RADIUS attribute 48, Acct-Output-Packets, overflows. The Sent in Acct-Request is optional.

53

Hotline-Profile-ID

No

Yes

Yes

String. Hotlining profile identifier sent by RADIUS or CoA server. The Hotline-Profile-ID and Hotline-Indicator attributes enable hotlining.

58

HA-RK-Key-Requested

Yes (if dynamic keys are required)

No

No

Integer. Flag indicating that the HA requires an HA-RK-Key.

64

vHA-IP-MIP4

No

Yes

Yes

IP address. IP address of the visited HA from the AAA server.

4

WiMAX-Session-ID

Yes

No

Binary string. Unique identifier in the home network for the session set in the home network AAA server. The Received in Access-Response is also received in the CoA.

24

Hotline-Indicator

Yes

No

String. Sent by RADIUS or CoA server that is reported in the session and hotlining accounting records. A CoA containing a Hotline-Profile-ID without an accompanying Hotline-Indicator deactivates hotlining for that profile.

53

Hotline-Profile-ID

Yes

No

String. Hotlining profile identifier sent by RADIUS or CoA. A CoA containing a Hotline-Profile-ID without an accompanying Hotline-Indicator deactivates hotlining for that profile.