Finding Feature Information
Supported Vendor-Proprietary RADIUS Attributes
Comprehensive List of Vendor-Proprietary RADIUS Attribute Descriptions
Feature Information for RADIUS Vendor-Proprietary Attributes

RADIUS Vendor-Proprietary Attributes

The IETF draft standard for RADIUS specifies a method for communicating vendor-proprietary information between the network access server and the RADIUS server. However, some vendors have extended the RADIUS attribute set for specific applications. This document provides Cisco IOS XE support information for these vendor-proprietary RADIUS attrubutes.

Finding Feature Information
Supported Vendor-Proprietary RADIUS Attributes
Comprehensive List of Vendor-Proprietary RADIUS Attribute Descriptions
Feature Information for RADIUS Vendor-Proprietary Attributes

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Supported Vendor-Proprietary RADIUS Attributes

The table below lists Cisco-supported vendor-proprietary RADIUS attributes and the Cisco IOS XE release in which they are implemented. In cases where the attribute has a security server-specific format, the format is specified. Refer to Refer to Vendor-Proprietary RADIUS Attributes table for a list of descriptions.

Table 1 Supported Vendor-Proprietary RADIUS Attributes
Number	Vendor-Proprietary Attribute	IOS XE 2.1
17	Change-Password	yes
21	Password-Expiration	yes
68	Tunnel-ID	yes
108	My-Endpoint-Disc-Alias	no
109	My-Name-Alias	no
110	Remote-FW	no
111	Multicast-GLeave-Delay	no
112	CBCP-Enable	no
113	CBCP-Mode	no
114	CBCP-Delay	no
115	CBCP-Trunk-Group	no
116	Appletalk-Route	no
117	Appletalk-Peer-Mode	no
118	Route-Appletalk	no
119	FCP-Parameter	no
120	Modem-PortNo	no
121	Modem-SlotNo	no
122	Modem-ShelfNo	no
123	Call-Attempt-Limit	no
124	Call-Block-Duration	no
125	Maximum-Call-Duration	no
126	Router-Preference	no
127	Tunneling-Protocol	no
128	Shared-Profile-Enable	no
129	Primary-Home-Agent	no
130	Secondary-Home-Agent	no
131	Dialout-Allowed	no
133	BACP-Enable	no
134	DHCP-Maximum-Leases	no
135	Primary-DNS-Server	yes
136	Secondary-DNS-Server	yes
137	Ascend-Client-Assign-DNS	no
138	User-Acct-Type	no
139	User-Acct-Host	no
140	User-Acct-Port	no
141	User-Acct-Key	no
142	User-Acct-Base	no
143	User-Acct-Time	no
144	Assign-IP-Client	no
145	Assign-IP-Server	no
146	Assign-IP-Global-Pool	no
147	DHCP-Reply	no
148	DHCP-Pool-Number	no
149	Expect-Callback	no
150	Event-Type	no
151	Ascend-Session-Svr-Key	yes
152	Ascend-Multicast-Rate-Limit	yes
153	IF-Netmask	no
154	h323-Remote-Address	no
155	Ascend-Multicast-Client	yes
156	FR-Circuit-Name	no
157	FR-LinkUp	no
158	FR-Nailed-Grp	no
159	FR-Type	no
160	FR-Link-Mgt	no
161	FR-N391	no
162	FR-DCE-N392	no
163	FR-DTE-N392	no
164	FR-DCE-N393	no
165	FR-DTE-N393	no
166	FR-T391	no
167	FR-T392	no
168	Bridge-Address	no
169	TS-Idle-Limit	no
170	TS-Idle-Mode	no
171	DBA-Monitor	no
172	Base-Channel-Count	no
173	Minimum-Channels	no
174	IPX-Route	no
175	FT1-Caller	no
176	Ipsec-Backup-Gateway	yes
177	rm-Call-Type	yes
178	Group	no
179	FR-DLCI	no
180	FR-Profile-Name	no
181	Ara-PW	no
182	IPX-Node-Addr	no
183	Home-Agent-IP-Addr	no
184	Home-Agent-Password	no
185	Home-Network-Name	no
186	Home-Agent-UDP-Port	no
187	Multilink-ID	yes
188	Ascend-Num-In-Multilink	yes
189	First-Dest	no
190	Pre-Bytes-In	yes
191	Pre-Bytes-Out	yes
192	Pre-Paks-In	yes
193	Pre-Paks-Out	yes
194	Maximum-Time	yes
195	Disconnect-Cause	yes
196	Connect-Progress	yes
197	Data-Rate	yes
198	PreSession-Time	yes
199	Token-Idle	no
201	Require-Auth	no
202	Number-Sessions	no
203	Authen-Alias	no
204	Token-Expiry	no
205	Menu-Selector	no
206	Menu-Item	no
207	PW-Warntime	no
208	PW-Lifetime	yes
209	IP-Direct	yes
210	PPP-VJ-Slot-Compression	yes
211	PPP-VJ-1172	no
212	PPP-Async-Map	no
213	Third-Prompt	no
214	Send-Secret	yes
215	Receive-Secret	no
216	IPX-Peer-Mode	no
217	IP-Pool	yes
218	Static-Addr-Pool	yes
219	FR-Direct	no
220	FR-Direct-Profile	no
221	FR-Direct-DLCI	no
222	Handle-IPX	no
223	Netware-Timeout	no
224	IPX-Alias	no
225	Metric	no
226	PRI-Number-Type	no
227	Dial-Number	yes
228	Route-IP	yes
229	Route-IPX	no
230	Bridge	no
231	Send-Auth	yes
232	Send-Passwd	no
233	Link-Compression	yes
234	Target-Util	yes
235	Maximum-Channels	yes
236	Inc-Channel-Count	no
237	Dec-Channel-Count	no
238	Seconds-of-History	no
239	History-Weigh-Type	no
240	Add-Seconds	no
241	Remove-Seconds	no
242	Data-Filter	yes
243	Call-Filter	no
244	Idle-Limit	yes
245	Preempt-Limit	no
246	Callback	no
247	Data-Service	yes
248	Force-56	yes
249	Billing Number	no
250	Call-By-Call	no
251	Transit-Number	no
252	Host-Info	no
253	PPP-Address	no
254	MPP-Idle-Percent	no
255	Xmit-Rate	yes

Comprehensive List of Vendor-Proprietary RADIUS Attribute Descriptions

The table below lists and describes the known vendor-proprietary RADIUS attributes:

Table 2 Vendor-Proprietary RADIUS Attributes

Number

Vendor-Proprietary Attribute

Description

Change-Password

Specifies a request to change the password of a user.

Password-Expiration

Specifies an expiration date for a user’s password in the user’s file entry.

Tunnel-ID

(Ascend 5) Specifies the string assigned by RADIUS for each session using CLID or DNIS tunneling. When accounting is implemented, this value is used for accoutning.

108

My-Endpoint-Disc-Alias

(Ascend 5) No description available.

109

My-Name-Alias

(Ascend 5) No description available.

110

Remote-FW

(Ascend 5) No description available.

111

Multicast-GLeave-Delay

(Ascend 5) No description available.

112

CBCP-Enable

(Ascend 5) No description available.

113

CBCP-Mode

(Ascend 5) No description available.

114

CBCP-Delay

(Ascend 5) No description available.

115

CBCP-Trunk-Group

(Ascend 5) No description available.

116

Appletalk-Route

(Ascend 5) No description available.

117

Appletalk-Peer-Mode

(Ascend 5) No description available.

118

Route-Appletalk

(Ascend 5) No description available.

119

FCP-Parameter

(Ascend 5) No description available.

120

Modem-PortNo

(Ascend 5) No description available.

121

Modem-SlotNo

(Ascend 5) No description available.

122

Modem-ShelfNo

(Ascend 5) No description available.

123

Call-Attempt-Limit

(Ascend 5) No description available.

124

Call-Block-Duration

(Ascend 5) No description available.

125

Maximum-Call-Duration

(Ascend 5) No description available.

126

Router-Preference

(Ascend 5) No description available.

127

Tunneling-Protocol

(Ascend 5) No description available.

128

Shared-Profile-Enable

(Ascend 5) No description available.

129

Primary-Home-Agent

(Ascend 5) No description available.

130

Secondary-Home-Agent

(Ascend 5) No description available.

131

Dialout-Allowed

(Ascend 5) No description available.

133

BACP-Enable

(Ascend 5) No description available.

134

DHCP-Maximum-Leases

(Ascend 5) No description available.

135

Primary-DNS-Server

Identifies a primary DNS server that can be requested by Microsoft PPP clients from the network access server during IPCP negotiation.

136

Secondary-DNS-Server

Identifies a secondary DNS server that can be requested by Microsoft PPP clients from the network access server during IPCP negotiation.

137

Client-Assign-DNS

No description available.

138

User-Acct-Type

No description available.

139

User-Acct-Host

No description available.

140

User-Acct-Port

No description available.

141

User-Acct-Key

No description available.

142

User-Acct-Base

No description available.

143

User-Acct-Time

No description available.

144

Assign-IP-Client

No description available.

145

Assign-IP-Server

No description available.

146

Assign-IP-Global-Pool

No description available.

147

DHCP-Reply

No description available.

148

DHCP-Pool-Number

No description available.

149

Expect-Callback

No description available.

150

Event-Type

No description available.

151

Session-Svr-Key

No description available.

152

Multicast-Rate-Limit

No description available.

153

IF-Netmask

No description available.

154

Remote-Addr

No description available.

155

Multicast-Client

No description available.

156

FR-Circuit-Name

No description available.

157

FR-LinkUp

No description available.

158

FR-Nailed-Grp

No description available.

159

FR-Type

No description available.

160

FR-Link-Mgt

No description available.

161

FR-N391

No description available.

162

FR-DCE-N392

No description available.

163

FR-DTE-N392

No description available.

164

FR-DCE-N393

No description available.

165

FR-DTE-N393

No description available.

166

FR-T391

No description available.

167

FR-T392

No description available.

168

Bridge-Address

No description available.

169

TS-Idle-Limit

No description available.

170

TS-Idle-Mode

No description available.

171

DBA-Monitor

No description available.

172

Base-Channel-Count

No description available.

173

Minimum-Channels

No description available.

174

IPX-Route

No description available.

175

FT1-Caller

No description available.

176

Backup

No description available.

177

Call-Type

No description available.

178

Group

No description available.

179

FR-DLCI

No description available.

180

FR-Profile-Name

No description available.

181

Ara-PW

No description available.

182

IPX-Node-Addr

No description available.

183

Home-Agent-IP-Addr

Indicates the home agent’s IP address (in dotted decimal format) when using Ascend Tunnel Management Protocol (ATMP).

184

Home-Agent-Password

With ATMP, specifies the password that the foreign agent uses to authenticate itself.

185

Home-Network-Name

With ATMP, indicates the name of the connection profile to which the home agent sends all packets.

186

Home-Agent-UDP-Port

Indicates the UDP port number the foreign agent uses to send ATMP messages to the home agent.

187

Multilink-ID

Reports the identification number of the multilink bundle when the session closes. This attribute applies to sessions that are part of a multilink bundle. The Multilink-ID attribute is sent in authentication-response packets.

188

Num-In-Multilink

Reports the number of sessions remaining in a multilink bundle when the session reported in an accounting-stop packet closes. This attribute applies to sessions that are part of a multilink bundle. The Num-In-Multilink attribute is sent in authentication-response packets and in some accounting-request packets.

189

First-Dest

Records the destination IP address of the first packet received after authentication.

190

Pre-Bytes-In

Records the number of input bytes before authentication. The Pre-Bytes-In attribute is sent in accounting-stop records.

191

Pre-Bytes-Out

Records the number of output bytes before authentication. The Pre-Bytes-Out attribute is sent in accounting-stop records.

192

Pre-Paks-In

Records the number of input packets before authentication. The Pre-Paks-In attribute is sent in accounting-stop records.

193

Pre-Paks-Out

Records the number of output packets before authentication. The Pre-Paks-Out attribute is sent in accounting-stop records.

194

Maximum-Time

Specifies the maximum length of time (in seconds) allowed for any session. After the session reaches the time limit, its connection is dropped.

195

Disconnect-Cause

Specifies the reason a connection was taken offline. The Disconnect-Cause attribute is sent in accounting-stop records. This attribute also causes stop records to be generated without first generating start records if disconnection occurs before authentication is performed. See the Vendor-Specific Attributes (VSA) and RADIUS Disconnect-Cause Attribute Values for more information on their meanings.

196

Connect-Progress

Indicates the connection state before the connection is disconnected.

197

Data-Rate

Specifies the average number of bits per second over the course of the connection’s lifetime. The Data-Rate attribute is sent in accounting-stop records.

198

PreSession-Time

Specifies the length of time, in seconds, from when a call first connects to when it completes authentication. The PreSession-Time attribute is sent in accounting-stop records.

199

Token-Idle

Indicates the maximum amount of time (in minutes) a cached token can remain alive between authentications.

201

Require-Auth

Defines whether additional authentication is required for class that has been CLID authenticated.

202

Number-Sessions

Specifies the number of active sessions (per class) reported to the RADIUS accounting server.

203

Authen-Alias

Defines the RADIUS server’s login name during PPP authentication.

204

Token-Expiry

Defines the lifetime of a cached token.

205

Menu-Selector

Defines a string to be used to cue a user to input data.

206

Menu-Item

Specifies a single menu-item for a user-profile. Up to 20 menu items can be assigned per profile.

207

PW-Warntime

(Ascend 5) No description available.

208

PW-Lifetime

Enables you to specify on a per-user basis the number of days that a password is valid.

209

IP-Direct

When you include this attribute in a user’s file entry, a framed route is installed to the routing and bridging tables.

Note

Packet routing is dependent upon the entire table, not just this newly installed entry. The inclusion of this attribute does not guarantee that all packets should be sent to the specified IP address; thus, this attribute is not fully supported. These attribute limitations occur because the Cisco router cannot bypass all internal routing and bridging tables and send packets to a specified IP address.

210

PPP-VJ-Slot-Comp

Instructs the Cisco router not to use slot compression when sending VJ-compressed packets over a PPP link.

211

PPP-VJ-1172

Instructs PPP to use the 0x0037 value for VJ compression.

212

PPP-Async-Map

Gives the Cisco router the asynchronous control character map for the PPP session. The specified control characters are passed through the PPP link as data and used by applications running over the link.

213

Third-Prompt

Defines a third prompt (after username and password) for additional user input.

214

Send-Secret

Enables an encrypted password to be used in place of a regular password in outdial profiles.

215

Receive-Secret

Enables an encrypted password to be verified by the RADIUS server.

216

IPX-Peer-Mode

(Ascend 5) No description available.

217

IP-Pool-Definition

Defines a pool of addresses using the following format: X a.b.c Z; where X is the pool index number, a.b.c is the pool’s starting IP address, and Z is the number of IP addresses in the pool. For example, 3 10.0.0.1 5 allocates 10.0.0.1 through 10.0.0.5 for dynamic assignment.

218

Assign-IP-Pool

Tells the router to assign the user and IP address from the IP pool.

219

FR-Direct

Defines whether the connection profile operates in Frame Relay redirect mode.

220

FR-Direct-Profile

Defines the name of the Frame Relay profile carrying this connection to the Frame Relay switch.

221

FR-Direct-DLCI

Indicates the DLCI carrying this connection to the Frame Relay switch.

222

Handle-IPX

Indicates how NCP watchdog requests will be handled.

223

Netware-Timeout

Defines, in minutes, how long the RADIUS server responds to NCP watchdog packets.

224

IPX-Alias

Allows you to define an alias for IPX routers requiring numbered interfaces.

225

Metric

No description available.

226

PRI-Number-Type

No description available.

227

Dial-Number

Defines the number to dial.

228

Route-IP

Indicates whether IP routing is allowed for the user’s file entry.

229

Route-IPX

Allows you to enable IPX routing.

230

Bridge

No description available.

231

Send-Auth

Defines the protocol to use (PAP or CHAP) for username-password authentication following CLID authentication.

232

Send-Passwd

Enables the RADIUS server to specify the password that is sent to the remote end of a connection on outgoing calls.

233

Link-Compression

Defines whether to turn on or turn off “stac” compression over a PPP link.

Link compression is defined as a numeric value as follows:

0: None
1: Stac
2: Stac-Draft-9
3: MS-Stac

234

Target-Util

Specifies the load-threshold percentage value for bringing up an additional channel when PPP multilink is defined.

235

Maximum-Channels

Specifies allowed/allocatable maximum number of channels.

236

Inc-Channel-Count

No description available.

237

Dec-Channel-Count

No description available.

238

Seconds-of-History

No description available.

239

History-Weigh-Type

No description available.

240

Add-Seconds

No description available.

241

Remove-Seconds

No description available.

242

Data-Filter

Defines per-user IP data filters. These filters are retrieved only when a call is placed using a RADIUS outgoing profile or answered using a RADIUS incoming profile. Filter entries are applied on a first-match basis; therefore, the order in which filter entries are entered is important.

243

Call-Filter

Defines per-user IP data filters. On a Cisco router, this attribute is identical to the Data-Filter attribute.

244

Idle-Limit

Specifies the maximum time (in seconds) that any session can be idle. When the session reaches the idle time limit, its connection is dropped.

245

Preempt-Limit

No description available.

246

Callback

Allows you to enable or disable callback.

247

Data-Svc

No description available.

248

Force-56

Determines whether the network access server uses only the 56 K portion of a channel, even when all 64 K appear to be available.

249

Billing Number

No description available.

250

Call-By-Call

No description available.

251

Transit-Number

No description available.

252

Host-Info

No description available.

253

PPP-Address

Indicates the IP address reported to the calling unit during PPP IPCP negotiations.

254

MPP-Idle-Percent

No description available.

255

Xmit-Rate

(Ascend 5) No description available.

See the Configuring RADIUS feature module for more information on vendor-propritary RADIUS attributes.

Feature Information for RADIUS Vendor-Proprietary Attributes

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Table 3 Feature Information for RADIUS Vendor-Proprietary Attributes
Feature Name	Releases	Feature Information
RADIUS Vendor-Proprietary Attributes	Cisco IOS XE Release 2.1	The IETF draft standard for RADIUS specifies a method for communicating vendor-proprietary information between the network access server and the RADIUS server. However, some vendors have extended the RADIUS attribute set for specific applications. This document provides Cisco IOS XE support information for these vendor-proprietary RADIUS attrubutes. In Cisco IOS XE Release 2.1, this feature was introduced on the Cisco ASR 1000 Series Aggregation Services Routers.

RADIUS Attributes Configuration Guide, Cisco IOS XE Fuji 16.8.x

Bias-Free Language

Book Title

RADIUS Attributes Configuration Guide, Cisco IOS XE Fuji 16.8.x

Chapter Title