RADIUS Vendor-Specific Attributes and RADIUS Disconnect

RADIUS Vendor-Specific Attributes and RADIUS
Disconnect-Cause Attribute Values
The Internet Engineering Task Force (IETF) draft standard specifies a method for communicating
vendor-specific information between the network access server and the RADIUS server by using the
vendor-specific attribute (attribute 26). Attribute 26 encapsulates vendor specific attributes (VSA), thereby,
allowing vendors to support their own extended attributes otherwise not suitable for general use.
• Finding Feature Information, page 1
• Information About RADIUS Vendor-Specific Attributes and RADIUS Disconnect-Cause Attribute
Values, page 2
• RADIUS Disconnect-Cause Attribute Values, page 14
• Additional References, page 19
• Feature Information for RADIUS Vendor-Specific Attributes and RADIUS Disconnect-Cause Attribute
Values, page 20
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest caveats and
feature information, see Bug Search Tool and the release notes for your platform and software release. To
find information about the features documented in this module, and to see a list of the releases in which each
feature is supported, see the feature information table at the end of this module.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
RADIUS Attributes Configuration Guide, Cisco IOS Release 15M&T
1
RADIUS Vendor-Specific Attributes and RADIUS Disconnect-Cause Attribute Values
Information About RADIUS Vendor-Specific Attributes and RADIUS Disconnect-Cause Attribute Values
Information About RADIUS Vendor-Specific Attributes and
RADIUS Disconnect-Cause Attribute Values
The Cisco RADIUS implementation supports one vendor-specific option using the format recommended in
the specification. Cisco’s vendor-ID is 9, and the supported option has vendor-type 1, which is named
“cisco-avpair.” The value is a string of the following format:
protocol : attribute sep value *
“Protocol” is a value of the Cisco “protocol” attribute for a particular type of authorization; protocols that can
be used include IP, IPX, VPDN, VOIP, SHELL, RSVP, SIP, AIRNET, OUTBOUND. “Attribute” and “value”
are an appropriate attribute-value (AV) pair defined in the Cisco TACACS+ specification, and “sep” is “=”
for mandatory attributes and “*” for optional attributes. This allows the full set of features available for
TACACS+ authorization to also be used for RADIUS.
For example, the following AV pair causes Cisco’s “multiple named ip address pools” feature to be activated
during IP authorization (during PPP’s IPCP address assignment):
cisco-avpair= ”ip:addr-pool=first“
If you insert an “*”, the AV pair “ip:addr-pool=first” becomes optional. Note that any AV pair can be made
optional.
cisco-avpair= ”ip:addr-pool*first“
The following example shows how to cause a user logging in from a network access server to have immediate
access to EXEC commands:
cisco-avpair= ”shell:priv-lvl=15“
Attribute 26 contains the following three elements:
• Type
• Length
• String (also known as data)
• Vendor-Id
• Vendor-Type
• Vendor-Length
• Vendor-Data
RADIUS Attributes Configuration Guide, Cisco IOS Release 15M&T
2
RADIUS Vendor-Specific Attributes and RADIUS Disconnect-Cause Attribute Values
Information About RADIUS Vendor-Specific Attributes and RADIUS Disconnect-Cause Attribute Values
The figure below shows the packet format for a VSA encapsulated “behind” attribute 26.
Figure 1: VSA Encapsulated Behind Attribute 26
Note
It is up to the vendor to specify the format of their VSA. The Attribute-Specific field (also known as
Vendor-Data) is dependent on the vendor's definition of that attribute.
The table below describes significant fields listed in the Vendor-Specific RADIUS IETF Attributes table
(second table below), which lists supported vendor-specific RADIUS attributes (IETF attribute 26).
Table 1: Vendor-Specific Attributes Table Field Descriptions
Field
Description
Number
All attributes listed in the following table are extensions of IETF
attribute 26.
Vendor-Specific Command Codes
A defined code used to identify a particular vendor. Code 9
defines Cisco VSAs, 311 defines Microsoft VSAs, and 529
defines Ascend VSAs.
Sub-Type Number
The attribute ID number. This number is much like the ID
numbers of IETF attributes, except it is a “second layer” ID
number encapsulated behind attribute 26.
Attribute
The ASCII string name of the attribute.
Description
Description of the attribute.
Table 2: Vendor-Specific RADIUS IETF Attributes
Number
Vendor-Specific
Company Code
Sub-Type Number
Attribute
Description
MS-CHAP Attributes
RADIUS Attributes Configuration Guide, Cisco IOS Release 15M&T
3
RADIUS Vendor-Specific Attributes and RADIUS Disconnect-Cause Attribute Values
Information About RADIUS Vendor-Specific Attributes and RADIUS Disconnect-Cause Attribute Values
Number
Vendor-Specific
Company Code
Sub-Type Number
Attribute
Description
26
311
1
MSCHAP-Response
Contains the response
value provided by a PPP
MS-CHAP user in
response to the
challenge. It is only used
in Access-Request
packets. This attribute is
identical to the PPP
CHAP Identifier. ( RFC
2548
26
311
11
MSCHAP-Challenge
Contains the challenge
sent by a network access
server to an MS-CHAP
user. It can be used in
both Access-Request and
Access-Challenge
packets. ( RFC 2548 )
26
9
1
l2tp-cm-local-window-size Specifies the maximum
receive window size for
L2TP control messages.
This value is advertised
to the peer during tunnel
establishment.
26
9
1
l2tp-drop-out-of-order
Respects sequence
numbers on data packets
by dropping those that
are received out of order.
This does not ensure that
sequence numbers will
be sent on data packets,
just how to handle them
if they are received.
26
9
1
l2tp-hello-interval
Specifies the number of
seconds for the hello
keepalive interval. Hello
packets are sent when no
data has been sent on a
tunnel for the number of
seconds configured here.
VPDN Attributes
RADIUS Attributes Configuration Guide, Cisco IOS Release 15M&T
4
RADIUS Vendor-Specific Attributes and RADIUS Disconnect-Cause Attribute Values
Information About RADIUS Vendor-Specific Attributes and RADIUS Disconnect-Cause Attribute Values
Number
Vendor-Specific
Company Code
Sub-Type Number
Attribute
Description
26
9
1
l2tp-hidden-avp
When enabled, sensitive
AVPs in L2TP control
messages are scrambled
or hidden.
26
9
1
l2tp-nosession-timeout
Specifies the number of
seconds that a tunnel will
stay active with no
sessions before timing
out and shutting down.
26
9
1
tunnel-tos-reflect
Copies the IP ToS field
from the IP header of
each payload packet to
the IP header of the
tunnel packet for packets
entering the tunnel at the
LNS.
26
9
1
l2tp-tunnel-authen
If this attribute is set, it
performs L2TP tunnel
authentication.
26
9
1
l2tp-tunnel-password
Shared secret used for
L2TP tunnel
authentication and AVP
hiding.
26
9
1
l2tp-udp-checksum
This is an authorization
attribute and defines
whether L2TP should
perform UDP checksums
for data packets. Valid
values are “yes” and “no.”
The default is no.
9
3
Fax-Account-Id-Origin
Indicates the account ID
origin as defined by
system administrator for
the mmoip aaa
receive-id or the mmoip
aaa send-id commands.
Store and Forward Fax
Attributes
26
RADIUS Attributes Configuration Guide, Cisco IOS Release 15M&T
5
RADIUS Vendor-Specific Attributes and RADIUS Disconnect-Cause Attribute Values
Information About RADIUS Vendor-Specific Attributes and RADIUS Disconnect-Cause Attribute Values
Number
Vendor-Specific
Company Code
Sub-Type Number
Attribute
Description
26
9
4
Fax-Msg-Id=
Indicates a unique fax
message identification
number assigned by
Store and Forward Fax.
26
9
5
Fax-Pages
Indicates the number of
pages transmitted or
received during this fax
session. This page count
includes cover pages.
26
9
6
Fax-Coverpage-Flag
Indicates whether or not
a cover page was
generated by the
off-ramp gateway for this
fax session. True
indicates that a cover
page was generated; false
means that a cover page
was not generated.
26
9
7
Fax-Modem-Time
Indicates the amount of
time in seconds the
modem sent fax data (x)
and the amount of time
in seconds of the total
fax session (y), which
includes both fax-mail
and PSTN time, in the
form x/y. For example,
10/15 means that the
transfer time took 10
seconds, and the total fax
session took 15 seconds.
26
9
8
Fax-Connect-Speed
Indicates the modem
speed at which this
fax-mail was initially
transmitted or received.
Possible values are 1200,
4800, 9600, and 14400.
26
9
9
Fax-Recipient-Count
Indicates the number of
recipients for this fax
transmission. Until
e-mail servers support
Session mode, the
number should be 1.
RADIUS Attributes Configuration Guide, Cisco IOS Release 15M&T
6
RADIUS Vendor-Specific Attributes and RADIUS Disconnect-Cause Attribute Values
Information About RADIUS Vendor-Specific Attributes and RADIUS Disconnect-Cause Attribute Values
Number
Vendor-Specific
Company Code
Sub-Type Number
Attribute
Description
26
9
10
Fax-Process-Abort-Flag Indicates that the fax
session was aborted or
successful. True means
that the session was
aborted; false means that
the session was
successful.
26
9
11
Fax-Dsn-Address
Indicates the address to
which DSNs will be sent.
26
9
12
Fax-Dsn-Flag
Indicates whether or not
DSN has been enabled.
True indicates that DSN
has been enabled; false
means that DSN has not
been enabled.
26
9
13
Fax-Mdn-Address
Indicates the address to
which MDNs will be
sent.
26
9
14
Fax-Mdn-Flag
Indicates whether or not
message delivery
notification (MDN) has
been enabled. True
indicates that MDN had
been enabled; false
means that MDN had not
been enabled.
26
9
15
Fax-Auth-Status
Indicates whether or not
authentication for this
fax session was
successful. Possible
values for this field are
success, failed, bypassed,
or unknown.
26
9
16
Email-Server-Address
Indicates the IP address
of the e-mail server
handling the on-ramp
fax-mail message.
RADIUS Attributes Configuration Guide, Cisco IOS Release 15M&T
7
RADIUS Vendor-Specific Attributes and RADIUS Disconnect-Cause Attribute Values
Information About RADIUS Vendor-Specific Attributes and RADIUS Disconnect-Cause Attribute Values
Number
Vendor-Specific
Company Code
Sub-Type Number
Attribute
Description
26
9
17
Email-Server-Ack-Flag
Indicates that the
on-ramp gateway has
received a positive
acknowledgment from
the e-mail server
accepting the fax-mail
message.
26
9
18
Gateway-Id
Indicates the name of the
gateway that processed
the fax session. The
name appears in the
following format:
hostname.domain-name.
26
9
19
Call-Type
Describes the type of fax
activity: fax receive or
fax send.
26
9
20
Port-Used
Indicates the slot/port
number of the Cisco
AS5300 used to either
transmit or receive this
fax-mail.
26
9
21
Abort-Cause
If the fax session aborts,
indicates the system
component that signaled
the abort. Examples of
system components that
could trigger an abort are
FAP (Fax Application
Process), TIFF (the TIFF
reader or the TIFF
writer), fax-mail client,
fax-mail server, ESMTP
client, or ESMTP server.
9
23
Remote-Gateway-ID
Indicates the IP address
of the remote gateway.
H323 Attributes
26
(h323-remote-address)
26
9
24
Connection-ID
(h323-conf-id)
RADIUS Attributes Configuration Guide, Cisco IOS Release 15M&T
8
Identifies the conference
ID.
RADIUS Vendor-Specific Attributes and RADIUS Disconnect-Cause Attribute Values
Information About RADIUS Vendor-Specific Attributes and RADIUS Disconnect-Cause Attribute Values
Number
Vendor-Specific
Company Code
Sub-Type Number
Attribute
Description
26
9
25
Setup-Time
Indicates the setup time
for this connection in
Coordinated Universal
Time (UTC) formerly
known as Greenwich
Mean Time (GMT) and
Zulu time.
(h323-setup-time)
26
9
26
Call-Origin
(h323-call-origin)
26
9
27
Call-Type
(h323-call-type)
26
9
28
Connect-Time
(h323-connect-time)
26
9
29
Disconnect-Time
(h323-disconnect-time)
26
9
30
Disconnect-Cause
26
9
31
Voice-Quality
9
33
Indicates call leg type.
Possible values are
telephony and VoIP.
Indicates the connection
time for this call leg in
UTC.
Indicates the time this
call leg was disconnected
in UTC.
Specifies the reason a
(h323-disconnect-cause) connection was taken
offline per Q.931
specification.
(h323-voice-quality)
26
Indicates the origin of the
call relative to the
gateway. Possible values
are originating and
terminating (answer).
Gateway-ID
(h323-gw-id)
Specifies the impairment
factor (ICPIF) affecting
voice quality for a call.
Indicates the name of the
underlying gateway.
Large Scale Dialout
Attributes
26
9
1
callback-dialstring
Defines a dialing string
to be used for callback.
26
9
1
data-service
No description available.
RADIUS Attributes Configuration Guide, Cisco IOS Release 15M&T
9
RADIUS Vendor-Specific Attributes and RADIUS Disconnect-Cause Attribute Values
Information About RADIUS Vendor-Specific Attributes and RADIUS Disconnect-Cause Attribute Values
Number
Vendor-Specific
Company Code
Sub-Type Number
Attribute
Description
26
9
1
dial-number
Defines the number to
dial.
26
9
1
force-56
Determines whether the
network access server
uses only the 56 K
portion of a channel,
even when all 64 K
appear to be available.
26
9
1
map-class
Allows the user profile
to reference information
configured in a map class
of the same name on the
network access server
that dials out.
26
9
1
send-auth
Defines the protocol to
use (PAP or CHAP) for
username-password
authentication following
CLID authentication.
RADIUS Attributes Configuration Guide, Cisco IOS Release 15M&T
10
RADIUS Vendor-Specific Attributes and RADIUS Disconnect-Cause Attribute Values
Information About RADIUS Vendor-Specific Attributes and RADIUS Disconnect-Cause Attribute Values
Number
Vendor-Specific
Company Code
Sub-Type Number
Attribute
Description
26
9
1
send-name
PPP name authentication.
To apply for PAP, do not
configure the ppp pap
sent-name password
command on the
interface. For PAP,
“preauth:send-name” and
“preauth:send-secret” will
be used as the PAP
username and PAP
password for outbound
authentication. For
CHAP,
“preauth:send-name” will
be used not only for
outbound authentication,
but also for inbound
authentication. For a
CHAP inbound case, the
NAS will use the name
defined in
“preauth:send-name” in
the challenge packet to
the caller box.
Note
The send-name
attribute has
changed over
time: Initially, it
performed the
functions now
provided by both
the send-name
and
remote-name
attributes.
Because the
remote-name
attribute has
been added, the
send-name
attribute is
restricted to its
current behavior.
RADIUS Attributes Configuration Guide, Cisco IOS Release 15M&T
11
RADIUS Vendor-Specific Attributes and RADIUS Disconnect-Cause Attribute Values
Information About RADIUS Vendor-Specific Attributes and RADIUS Disconnect-Cause Attribute Values
Number
Vendor-Specific
Company Code
Sub-Type Number
Attribute
Description
26
9
1
send-secret
PPP password
authentication. The
vendor-specific attributes
(VSAs)
“preauth:send-name” and
“preauth:send-secret” will
be used as the PAP
username and PAP
password for outbound
authentication. For a
CHAP outbound case,
both
“preauth:send-name” and
“preauth:send-secret” will
be used in the response
packet.
26
9
1
remote-name
Provides the name of the
remote host for use in
large-scale dial-out.
Dialer checks that the
large-scale dial-out
remote name matches the
authenticated name, to
protect against accidental
user RADIUS
misconfiguration. (For
example, dialing a valid
phone number but
connecting to the wrong
router.)
Miscellaneous Attributes
RADIUS Attributes Configuration Guide, Cisco IOS Release 15M&T
12
RADIUS Vendor-Specific Attributes and RADIUS Disconnect-Cause Attribute Values
Information About RADIUS Vendor-Specific Attributes and RADIUS Disconnect-Cause Attribute Values
Number
Vendor-Specific
Company Code
Sub-Type Number
Attribute
Description
26
9
2
Cisco-NAS-Port
Specifies additional
vendor specific attribute
(VSA) information for
NAS-Port accounting. To
specify additional
NAS-Port information in
the form an
Attribute-Value Pair
(AVPair) string, use the
radius-server vsa send
global configuration
command.
Note
This VSA is
typically used in
Accounting, but
may also be used
in
Authentication
(Access-Request)
packets.
26
9
1
min-links
Sets the minimum
number of links for
MLP.
26
9
1
proxyacl#<n>
Allows users to
configure the
downloadable user
profiles (dynamic ACLs)
by using the
authentication proxy
feature so that users can
have the configured
authorization to permit
traffic going through the
configured interfaces.
RADIUS Attributes Configuration Guide, Cisco IOS Release 15M&T
13
RADIUS Vendor-Specific Attributes and RADIUS Disconnect-Cause Attribute Values
RADIUS Disconnect-Cause Attribute Values
Number
Vendor-Specific
Company Code
Sub-Type Number
Attribute
Description
26
9
1
spi
Carries the authentication
information needed by
the home agent to
authenticate a mobile
node during registration.
The information is in the
same syntax as the ip
mobile secure host
<addr> configuration
command. Basically it
contains the rest of the
configuration command
that follows that string,
verbatim. It provides the
Security Parameter Index
(SPI), key, authentication
algorithm, authentication
mode, and replay
protection timestamp
range.
For more information on configuring your NAS to recognize and use VSAs, refer to the “Configuring Router
to Use Vendor-Specific RADIUS Attributes” section of th e “ Configuring RADIUS ” module.
RADIUS Disconnect-Cause Attribute Values
Disconnect-cause attribute values specify the reason a connection was taken offline. The attribute values are
sent in Accounting request packets. These values are sent at the end of a session, even if the session fails to
be authenticated. If the session is not authenticated, the attribute can cause stop records to be generated without
first generating start records.
The table below lists the cause codes, values, and descriptions for the Disconnect-Cause (195) attribute.
Note
The Disconnect-Cause is incremented by 1000 when it is used in RADIUS AVPairs; for example, disc-cause
4 becomes 1004.
Table 3: Disconnect-Cause Attribute Values
Cause Code
Value
Description
0
No-Reason
No reason is given for the disconnect.
1
No-Disconnect
The event was not disconnected.
RADIUS Attributes Configuration Guide, Cisco IOS Release 15M&T
14
RADIUS Vendor-Specific Attributes and RADIUS Disconnect-Cause Attribute Values
RADIUS Disconnect-Cause Attribute Values
Cause Code
Value
Description
2
Unknown
Reason unknown.
3
Call-Disconnect
The call has been disconnected.
4
CLID-Authentication-Failure
Failure to authenticate number of the
calling-party.
9
No-Modem-Available
A modem in not available to connect the
call.
10
No-Carrier
No carrier detected.
Note
Codes 10, 11, and 12 can be sent
if there is a disconnection during
initial modem connection.
11
Lost-Carrier
Loss of carrier.
12
No-Detected-Result-Codes
Failure to detect modem result codes.
20
User-Ends-Session
User terminates a session.
Note
21
Idle-Timeout
Codes 20, 22, 23, 24, 25, 26, 27,
and 28 apply to EXEC sessions.
Timeout waiting for user input.
Codes 21, 100, 101, 102, and 120 apply to
all session types.
22
Exit-Telnet-Session
Disconnect due to exiting Telnet session.
23
No-Remote-IP-Addr
Could not switch to SLIP/PPP; the remote
end has no IP address.
24
Exit-Raw-TCP
Disconnect due to exiting raw TCP.
25
Password-Fail
Bad passwords.
26
Raw-TCP-Disabled
Raw TCP disabled.
27
Control-C-Detected
Control-C detected.
28
EXEC-Process-Destroyed
EXEC process destroyed.
29
Close-Virtual-Connection
User closes a virtual connection.
30
End-Virtual-Connection
Virtual connected has ended.
31
Exit-Rlogin
User exists Rlogin.
RADIUS Attributes Configuration Guide, Cisco IOS Release 15M&T
15
RADIUS Vendor-Specific Attributes and RADIUS Disconnect-Cause Attribute Values
RADIUS Disconnect-Cause Attribute Values
Cause Code
Value
Description
32
Invalid-Rlogin-Option
Invalid Rlogin option selected.
33
Insufficient-Resources
Insufficient resources.
40
Timeout-PPP-LCP
PPP LCP negotiation timed out.
Note
Codes 40 through 49 apply to PPP
sessions.
41
Failed-PPP-LCP-Negotiation
PPP LCP negotiation failed.
42
Failed-PPP-PAP-Auth-Fail
PPP PAP authentication failed.
43
Failed-PPP-CHAP-Auth
PPP CHAP authentication failed.
44
Failed-PPP-Remote-Auth
PPP remote authentication failed.
45
PPP-Remote-Terminate
PPP received a Terminate Request from
remote end.
46
PPP-Closed-Event
Upper layer requested that the session be
closed.
47
NCP-Closed-PPP
PPP session closed because there were no
NCPs open.
48
MP-Error-PPP
PPP session closed because of an MP error.
49
PPP-Maximum-Channels
PPP session closed because maximum
channels were reached.
50
Tables-Full
Disconnect due to full terminal server
tables.
51
Resources-Full
Disconnect due to full internal resources.
52
Invalid-IP-Address
IP address is not valid for Telnet host.
53
Bad-Hostname
Hostname cannot be validated.
54
Bad-Port
Port number is invalid or missing.
60
Reset-TCP
TCP connection has been reset.
Note
Codes 60 through 67 apply to
Telnet or raw TCP sessions.
61
TCP-Connection-Refused
TCP connection has been refused by the
host.
62
Timeout-TCP
TCP connection has timed out.
RADIUS Attributes Configuration Guide, Cisco IOS Release 15M&T
16
RADIUS Vendor-Specific Attributes and RADIUS Disconnect-Cause Attribute Values
RADIUS Disconnect-Cause Attribute Values
Cause Code
Value
Description
63
Foreign-Host-Close-TCP
TCP connection has been closed.
64
TCP-Network-Unreachable
TCP network is unreachable.
65
TCP-Host-Unreachable
TCP host is unreachable.
66
TCP-Network-Admin Unreachable
TCP network is unreachable for
administrative reasons.
67
TCP-Port-Unreachable
TCP port in unreachable.
100
Session-Timeout
Session timed out.
101
Session-Failed-Security
Session failed for security reasons.
102
Session-End-Callback
Session terminated due to callback.
120
Invalid-Protocol
Call refused because the detected protocol
is disabled.
150
RADIUS-Disconnect
Disconnected by RADIUS request.
151
Local-Admin-Disconnect
Administrative disconnect.
152
SNMP-Disconnect
Disconnected by SNMP request.
160
V110-Retries
Allowed V.110 retries have been exceeded.
170
PPP-Authentication-Timeout
PPP authentication timed out.
180
Local-Hangup
Disconnected by local hangup.
185
Remote-Hangup
Disconnected by remote end hangup.
190
T1-Quiesced
Disconnected because T1 line was
quiesced.
195
Call-Duration
Disconnected because the maximum
duration of the call was exceeded.
600
VPN-User-Disconnect
Call disconnected by client (through PPP).
Code is sent if the LNS receives a PPP
terminate request from the client.
601
VPN-Carrier-Loss
Loss of carrier. This can be the result of a
physical line going dead.
Code is sent when a client is unable to dial
out using a dialer.
RADIUS Attributes Configuration Guide, Cisco IOS Release 15M&T
17
RADIUS Vendor-Specific Attributes and RADIUS Disconnect-Cause Attribute Values
RADIUS Disconnect-Cause Attribute Values
Cause Code
Value
Description
602
VPN-No-Resources
No resources available to handle the call.
Code is sent when the client is unable to
allocate memory (running low on memory).
603
VPN-Bad-Control-Packet
Bad L2TP or L2F control packets.
This code is sent when an invalid control
packet, such as missing mandatory
Attribute-Value pairs (AVP), from the peer
is received. When using L2TP, the code
will be sent after six retransmits; when
using L2F, the number of retransmits is
user configurable.
Note
604
VPN-Admin-Disconnect
VPN-Tunnel-Shut will be sent if
there are active sessions in the
tunnel.
Administrative disconnect. This can be the
result of a VPN soft shutdown, which is
when a client reaches maximum session
limit or exceeds maximum hopcount.
Code is sent when a tunnel is brought down
by issuing the clear vpdn tunnel
command.
605
VPN-Tunnel-Shut
Tunnel teardown or tunnel setup has failed.
Code is sent when there are active sessions
in a tunnel and the tunnel goes down.
Note
606
VPN-Local-Disconnect
This code is not sent when tunnel
authentication fails.
Call is disconnected by LNS PPP module.
Code is sent when the LNS sends a PPP
terminate request to the client. It indicates
a normal PPP disconnection initiated by
the LNS.
607
VPN-Session-Limit
VPN soft shutdown is enabled.
Code is sent when a call has been refused
due to any of the soft shutdown restrictions
previously mentioned.
608
VPN-Call-Redirect
VPN call redirect is enabled.
For Q.850 cause codes and descriptions, see the Cisco IOS Voice Troubleshooting and Monitoring Guide ,
Release 12.4T.
RADIUS Attributes Configuration Guide, Cisco IOS Release 15M&T
18
RADIUS Vendor-Specific Attributes and RADIUS Disconnect-Cause Attribute Values
Additional References
Additional References
The following sections provide references related to RADIUS Vendor-Specific Attributes (VSA) and RADIUS
Disconnect-Cause Attribute Values.
Related Documents
Related Topic
Document Title
Security Features
Cisco IOS Security Configuration Guide: Securing
User Services , Release 15.0.
Security Server Protocols
“ Configuring RADIUS ” module.
RADIUS Configuration
Standards
Standard
Title
Internet Engineering Task Force (IETF) Internet
Draft: Network Access Servers Requirements
Network Access Servers Requirements: Extended
RADIUS Practices
MIBs
MIB
MIBs Link
No new or modified MIBs are supported by this
feature, and support for existing MIBs has not been
modified by this feature.
To locate and download MIBs for selected platforms,
Cisco IOS releases, and feature sets, use Cisco MIB
Locator found at the following URL:
http://www.cisco.com/go/mibs
RFCs
RFC
Title
RFC 2865
Remote Authentication Dial In User Service
(RADIUS)
RADIUS Attributes Configuration Guide, Cisco IOS Release 15M&T
19
RADIUS Vendor-Specific Attributes and RADIUS Disconnect-Cause Attribute Values
Feature Information for RADIUS Vendor-Specific Attributes and RADIUS Disconnect-Cause Attribute Values
Technical Assistance
Description
Link
The Cisco Support website provides extensive online http://www.cisco.com/techsupport
resources, including documentation and tools for
troubleshooting and resolving technical issues with
Cisco products and technologies.
To receive security and technical information about
your products, you can subscribe to various services,
such as the Product Alert Tool (accessed from Field
Notices), the Cisco Technical Services Newsletter,
and Really Simple Syndication (RSS) Feeds.
Access to most tools on the Cisco Support website
requires a Cisco.com user ID and password.
Feature Information for RADIUS Vendor-Specific Attributes and
RADIUS Disconnect-Cause Attribute Values
The following table provides release information about the feature or features described in this module. This
table lists only the software release that introduced support for a given feature in a given software release
train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
RADIUS Attributes Configuration Guide, Cisco IOS Release 15M&T
20
RADIUS Vendor-Specific Attributes and RADIUS Disconnect-Cause Attribute Values
Feature Information for RADIUS Vendor-Specific Attributes and RADIUS Disconnect-Cause Attribute Values
Table 4: Feature Information for RADIUS Vendor-Specific Attributes (VSA) and RADIUS Disconnect-Cause Attribute Values
Feature Name
Releases
RADIUS Vendor-Specific
12.0(30)S3s 12.3(11)YS1
Attributes (VSA) and RADIUS
12.2(33)SRC
Disconnect-Cause Attribute Values
Feature Information
This document discusses the
Internet Engineering Task Force
(IETF) draft standard, which
specifies a method for
communicating vendor-specific
information between the network
access server and the RADIUS
server by using the vendor-specific
attribute (attribute 26). Attribute
26 encapsulates vendor specific
attributes, thereby, allowing
vendors to support their own
extended attributes otherwise not
suitable for general use.
This feature was introduced into
Cisco IOS Release 12.0(30)S3s.
This feature was integrated into
Cisco IOS Release 12.3(11)YS1.
This feature was integrated into
Cisco IOS Release 12.2(33)SRC.
RADIUS Attributes Configuration Guide, Cisco IOS Release 15M&T
21
RADIUS Vendor-Specific Attributes and RADIUS Disconnect-Cause Attribute Values
Feature Information for RADIUS Vendor-Specific Attributes and RADIUS Disconnect-Cause Attribute Values
RADIUS Attributes Configuration Guide, Cisco IOS Release 15M&T
22
Download PDF
Similar pages