aaa commands
configure
— aaa
— apply-groups reference
— apply-groups-exclude reference
— diameter
— node diam-fqdn
— apply-groups reference
— apply-groups-exclude reference
— connection
— ipv4
— allow-connections boolean
— local-address ipv4-unicast-address
— ipv6
— allow-connections boolean
— local-address ipv6-unicast-address
— timer number
— description description
— origin-realm diam-fqdn
— peer index number
— address (ipv4-address-no-zone | ipv6-address-no-zone)
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— connection-timer number
— default-peer boolean
— destination-host diam-fqdn
— preference number
— route index number
— application keyword
— apply-groups reference
— apply-groups-exclude reference
— preference number
— realm diam-fqdn
— watchdog-timer number
— python-policy reference
— router-instance string
— radius
— acct-on-off-group named-item
— apply-groups reference
— apply-groups-exclude reference
— description description
— coa-port number
— isa-policy named-item
— accounting
— include-attributes
— acct-delay-time boolean
— acct-triggered-reason boolean
— called-station-id boolean
— calling-station-id boolean
— circuit-id boolean
— class boolean
— credit-control-quota boolean
— dhcp-options boolean
— dhcp-vendor-class-id boolean
— frame-counters boolean
— framed-ip-address boolean
— framed-ip-netmask boolean
— framed-ipv6-prefix boolean
— hardware-timestamp boolean
— ipv6-address boolean
— mac-address boolean
— millisecond-event-timestamp boolean
— multi-session-id boolean
— nas-identifier boolean
— nas-ip-address boolean
— nas-ipv6-address boolean
— nas-port boolean
— nas-port-id boolean
— nas-port-type boolean
— nat-inside-service-id boolean
— nat-outside-ip-address boolean
— nat-outside-service-id boolean
— nat-port-forward-logging boolean
— nat-port-range-block boolean
— nat-port-time boolean
— nat-subscriber-string boolean
— octet-counters boolean
— proxied-subscriber-data boolean
— release-reason boolean
— remote-id boolean
— rssi boolean
— session-time boolean
— subscriber-id boolean
— toserver-dhcp6-options boolean
— ue-creation-type boolean
— user-name boolean
— wlan-custom-user-group boolean
— wlan-ssid-vlan boolean
— xconnect-tunnel-home-address boolean
— xconnect-tunnel-local-ipv6-address boolean
— xconnect-tunnel-remote-ipv6-address boolean
— xconnect-tunnel-service boolean
— xconnect-tunnel-type boolean
— nat-periodic-update
— interval number
— rate-limit (number | keyword)
— update-triggers
— address-state boolean
— soft-quota-exhausted boolean
— apply-groups reference
— apply-groups-exclude reference
— authentication
— include-attributes
— called-station-id boolean
— calling-station-id boolean
— circuit-id boolean
— dhcp-vendor-class-id boolean
— framed-ip-address boolean
— ipv6-address boolean
— mac-address boolean
— nas-identifier boolean
— nas-ip-address boolean
— nas-ipv6-address boolean
— nas-port boolean
— nas-port-id boolean
— nas-port-type boolean
— remote-id boolean
— toserver-dhcp-options boolean
— toserver-dhcp6-options boolean
— wlan-ssid-vlan boolean
— xconnect-tunnel-home-address boolean
— description description
— nas-ip-address-origin keyword
— password encrypted-leaf
— python-policy reference
— servers
— access-algorithm keyword
— ipv6
— mtu number
— source-prefix ipv6-prefix
— router-instance string
— server number
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— ip-address (ipv4-address-no-zone | ipv6-address-no-zone)
— purpose
— accounting
— udp-port number
— authentication
— udp-port number
— coa
— udp-port number
— secret encrypted-leaf
— source-address-range ipv4-unicast-address
— timeout number
— total-tries number
— user-name
— format keyword
— mac-format keyword
— l2tp-accounting-policy named-item
— accounting-type
— session boolean
— tunnel boolean
— acct-tunnel-connection-fmt display-string
— apply-groups reference
— apply-groups-exclude reference
— description description
— include-radius-attribute
— calling-station-id boolean
— nas-identifier boolean
— nas-port
— bit-spec binary-specification
— nas-port-id
— prefix-string string-not-all-spaces
— suffix keyword
— nas-port-type
— type (keyword | number)
— radius-server-policy reference
— route-downloader named-item
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— base-user-name named-item
— default-metric number
— default-tag number
— description description
— download-interval number
— max-routes number
— password encrypted-leaf
— radius-server-policy reference
— retry-interval
— max number
— min number
— server-policy named-item
— acct-on-off
— apply-groups reference
— apply-groups-exclude reference
— monitor reference
— oper-state-change
— group reference
— apply-groups reference
— apply-groups-exclude reference
— description description
— python-policy reference
— servers
— access-algorithm keyword
— buffering
— acct-interim
— lifetime number
— max number
— min number
— acct-start
— lifetime number
— max number
— min number
— acct-stop
— lifetime number
— max number
— min number
— health-check
— down-timeout number
— test-account
— admin-state keyword
— interval number
— password encrypted-leaf
— user-name display-string
— hold-down-time number
— ipv6-source-address ipv6-address
— retry-count number
— router-instance string
— server number
— apply-groups reference
— apply-groups-exclude reference
— server-name named-item
— source-address ipv4-address
— stickiness boolean
— timeout number
— wpp
— apply-groups reference
— apply-groups-exclude reference
— portal-group named-item
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— description description
— portal string name named-item
— system-name string
aaa command descriptions
aaa
diameter
node [origin-host] diam-fqdn
[origin-host] diam-fqdn
connection
| Synopsis | Enter the connection context | |
| Context | configure aaa diameter node diam-fqdn connection | |
| Tree | connection | |
| Introduced | 16.0.R6 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
ipv4
allow-connections boolean
| Synopsis | Listen on local address for incoming peer connections | |
| Context | configure aaa diameter node diam-fqdn connection ipv4 allow-connections boolean | |
| Tree | allow-connections | |
Description | When configured to true, the router accepts inter-peering connections on the configured source IPv4 address. A listening TCP socket is opened on the Diameter node within the corresponding router context, IP address, and Diameter port. When enabled, each Diameter node within the same routing context in SR must be configured with a unique IP address. The peer initiating the connection must be an inter-chassis peer. Specifically, the Origin-Host in the CER message must match the locally configured peer identity. When configured to false, the router refuses incoming requests for connections. | |
| Default | false | |
| Introduced | 19.10.R1 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
local-address ipv4-unicast-address
| Synopsis | IPv4 source address for the TCP peer connection | |
| Context | configure aaa diameter node diam-fqdn connection ipv4 local-address ipv4-unicast-address | |
| Tree | local-address | |
| Introduced | 16.0.R6 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
ipv6
allow-connections boolean
| Synopsis | Listen on local address for incoming peer connections | |
| Context | configure aaa diameter node diam-fqdn connection ipv6 allow-connections boolean | |
| Tree | allow-connections | |
Description | When configured to true, the router accepts inter-peering connections on the configured source IPv6 address. A listening TCP socket is opened on the Diameter node within the corresponding router context, IP address, and Diameter port. When enabled, each Diameter node within the same routing context in SR must be configured with a unique IP address. The peer initiating the connection must be an inter-chassis peer. Specifically, the Origin-Host in the CER message must match the locally configured peer identity. When configured to false, the router refuses incoming requests for connections. | |
| Default | false | |
| Introduced | 19.10.R1 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
local-address ipv6-unicast-address
| Synopsis | IPv6 source address for the TCP peer connection | |
| Context | configure aaa diameter node diam-fqdn connection ipv6 local-address ipv6-unicast-address | |
| Tree | local-address | |
| Introduced | 16.0.R6 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
timer number
| Synopsis | Connection reestablishment timer for the Diameter peer | |
| Context | configure aaa diameter node diam-fqdn connection timer number | |
| Tree | timer | |
Description | This command configures the frequency of attempts to open a TCP connection to each peer within a specific Diameter client node. After a TCP connection fails to be established (because of timeouts of TCP SYN packets) or an existing TCP connection fails, the next attempt to open the connection is tried after the expiry of the timer. There is no limit on the number of attempts. | |
| Range | 1 to 1000 | |
| Units | seconds | |
| Default | 30 | |
| Introduced | 16.0.R6 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
description description
| Synopsis | Text description | |
| Context | configure aaa diameter node diam-fqdn description description | |
| Tree | description | |
| String length | 1 to 80 | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
origin-realm diam-fqdn
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | Origin-realm name | |
| Context | configure aaa diameter node diam-fqdn origin-realm diam-fqdn | |
| Tree | origin-realm | |
Description | This command configures the origin-realm name. This is an optional command that translates to an Origin-Realm AVP that is carried in all Diameter messages. The origin host and origin realm form a Diameter Identity that must be unique within the Diameter network in which they participate. If the realm name is not configured, the realm name is extracted from the host as follows:
| |
| String length | 1 to 80 | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR | |
peer index number
index number
address (ipv4-address-no-zone | ipv6-address-no-zone)
admin-state keyword
| Synopsis | Administrative state of the Diameter peer | |
| Context | configure aaa diameter node diam-fqdn peer index number admin-state keyword | |
| Tree | admin-state | |
| Options | ||
| Default | disable | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
connection-timer number
| Synopsis | Wait time before attempting reconnection to peer | |
| Context | configure aaa diameter node diam-fqdn peer index number connection-timer number | |
| Tree | connection-timer | |
Description | This command configures the Diameter node connection timer that defines the time the systems waits before attempting to reconnect to a peer after the connection was lost. | |
| Range | 1 to 1000 | |
| Units | seconds | |
| Introduced | 16.0.R4 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
default-peer boolean
| Synopsis | Use the peer as default route for realm-based routing | |
| Context | configure aaa diameter node diam-fqdn peer index number default-peer boolean | |
| Tree | default-peer | |
Description | When configured to true, the system designates a peer as a default peer. Traffic that is destined for realms that are not associated with locally configured peers, is sent to the default-peer. In effect, the default peer becomes a default route for Diameter realms. This command is mandatory in multi-chassis redundancy where the inter-chassis peer is designated as default peer. Then, the SR with no open connections toward agents or servers, forwards all traffic to the inter-peer which maintains, as part of MCS, open connections with agents and servers. | |
| Default | false | |
| Introduced | 19.10.R1 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
destination-host diam-fqdn
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | Destination-Host AVP string for Diameter messages | |
| Context | configure aaa diameter node diam-fqdn peer index number destination-host diam-fqdn | |
| Tree | destination-host | |
Description | This command identifies the peer by its name. This peer name must match the one in Origin-Host AVP received in Capability Exchange Answer message. In case of a mismatch, the TCP connection will be terminated. | |
| String length | 1 to 80 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR | |
preference number
| Synopsis | Diameter routing preference for a peer | |
| Context | configure aaa diameter node diam-fqdn peer index number preference number | |
| Tree | preference | |
Description | This command configures the Diameter routing preference for a peer. All open peers are installed in the Diameter realm routing table but only the one with the lowest numerical value for preference is used as next-hop for a given destination realm. If multiple peers with the same preference are configured for the same realm, the peer index with the lowest value is used to break the tie. | |
| Range | 1 to 100 | |
| Default | 50 | |
| Introduced | 16.0.R4 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
route index number
index number
| Synopsis | Static Diameter route ID | |
| Context | configure aaa diameter node diam-fqdn peer index number route index number | |
| Tree | route | |
Description | This command configures the ID of the static route used to reach remote realms that are not directly connected to the origin realm. The route can also be used to override the route preference (peer preference) of the directly-connected realms. | |
| Range | 1 to 15 | |
Notes | This element is part of a list key. | |
| Introduced | 20.7.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
application keyword
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | Diameter application to which the route applies | |
| Context | configure aaa diameter node diam-fqdn peer index number route index number application keyword | |
| Tree | application | |
Description | This command specifies the Diameter application in the destination realm reachable via the static route. | |
| Options | ||
Notes | This element is mandatory. | |
| Introduced | 20.7.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR | |
preference number
| Synopsis | Static route preference; lower value is preferred | |
| Context | configure aaa diameter node diam-fqdn peer index number route index number preference number | |
| Tree | preference | |
Description | This command configures the preference of the static route. The preference is compared with the preference values of all other static and dynamic routes. The dynamic route is a realm route learned directly from the peer via the Capabilities Exchange process during the peer negotiation phase. The preference value of the dynamic route is configured directly under the peer configuration. A lower preference value is preferred for route selection. | |
| Range | 1 to 100 | |
| Default | 50 | |
| Introduced | 20.7.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
realm diam-fqdn
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | Destination realm reachable via the static route | |
| Context | configure aaa diameter node diam-fqdn peer index number route index number realm diam-fqdn | |
| Tree | realm | |
| String length | 1 to 80 | |
Notes | This element is mandatory. | |
| Introduced | 20.7.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR | |
watchdog-timer number
| Synopsis | Time between consecutive watchdog messages | |
| Context | configure aaa diameter node diam-fqdn peer index number watchdog-timer number | |
| Tree | watchdog-timer | |
Description | This command configures the time between consecutive watchdog messages. Watchdog messages are used to verify liveliness of a Diameter peer. A single watchdog message is sent to a peer in case that no traffic is received from it within a configured watchdog-timer. This watchdog request message solicits a watchdog answer message from the peer. If no traffic (watchdog answer or otherwise) is received from the peer in response to watchdog request while the watchdog timer is running, the peer is put in suspicious state and a peer failover routine is triggered. The peer closes after it has been in suspicious mode for the duration of one more watchdog-timer interval without receiving any traffic from it. After the peer is recovered, it takes three successful exchanges of Diameter watchdog messages (DWR/DWA) for the peer to become used again in Diameter forwarding. This behavior is described in RFC 3539, 3.4.1, Authentication, Authorization and Accounting (AAA) Transport Profile). This command is not applicable to legacy implementations of Diameter base in the SR OS. | |
| Range | 1 to 1000 | |
| Units | seconds | |
| Default | 30 | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
python-policy reference
| Synopsis | Python policy for received or sent Diameter messages | |
| Context | configure aaa diameter node diam-fqdn python-policy reference | |
| Tree | python-policy | |
Reference | configure python python-policy named-item | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
router-instance string
| Synopsis | Router in which this node connects to its peers | |
| Context | configure aaa diameter node diam-fqdn router-instance string | |
| Tree | router-instance | |
Description | This command references the routing instance from which Diameter peering connection is initiated. | |
| Default | Base | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
radius
acct-on-off-group [name] named-item
| Synopsis | Enter the acct-on-off-group list instance | |
| Context | configure aaa radius acct-on-off-group named-item | |
| Tree | acct-on-off-group | |
Description | Commands in this context create an acct-on-off-group. An acct-on-off-group can be referenced by:
| |
| Max. instances | 32 | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
[name] named-item
| Synopsis | Group name for accounting on/off | |
| Context | configure aaa radius acct-on-off-group named-item | |
| Tree | acct-on-off-group | |
| String length | 1 to 32 | |
Notes | This element is part of a list key. | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
description description
| Synopsis | Text description | |
| Context | configure aaa radius acct-on-off-group named-item description description | |
| Tree | description | |
| String length | 1 to 80 | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
coa-port number
| Synopsis | RADIUS listening port for CoA and Disconnect messages | |
| Context | configure aaa radius coa-port number | |
| Tree | coa-port | |
Description | This command configures the system-wide UDP port number that RADIUS is listening on for CoA and Disconnect messages. | |
| Range | 1647 | 1700 | 1812 | 3799 | |
| Default | 3799 | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
isa-policy [name] named-item
| Synopsis | Enter the isa-policy list instance | |
| Context | configure aaa radius isa-policy named-item | |
| Tree | isa-policy | |
Description | Commands in this context create a policy template related to transport of accounting messages from the BB-ISA card to the accounting server. It also defines accounting attributes that will be included in accounting messages. The policy template will be instantiated once it is applied to the BB-ISA cards in the nat-group. | |
| Max. instances | 8 | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
[name] named-item
| Synopsis | ISA RADIUS policy name referenced by a NAT application | |
| Context | configure aaa radius isa-policy named-item | |
| Tree | isa-policy | |
| String length | 1 to 32 | |
Notes | This element is part of a list key. | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
accounting
| Synopsis | Enter the accounting context | |
| Context | configure aaa radius isa-policy named-item accounting | |
| Tree | accounting | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
include-attributes
| Synopsis | Enter the include-attributes context | |
| Context | configure aaa radius isa-policy named-item accounting include-attributes | |
| Tree | include-attributes | |
Description | Commands in this context specify the attributes to include in the RADIUS accounting messages. | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
acct-delay-time boolean
| Synopsis | Include the accounting delay time attribute | |
| Context | configure aaa radius isa-policy named-item accounting include-attributes acct-delay-time boolean | |
| Tree | acct-delay-time | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
acct-triggered-reason boolean
| Synopsis | Include the accounting triggered reason attribute | |
| Context | configure aaa radius isa-policy named-item accounting include-attributes acct-triggered-reason boolean | |
| Tree | acct-triggered-reason | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
called-station-id boolean
| Synopsis | Include the Called-Station-Id attribute | |
| Context | configure aaa radius isa-policy named-item accounting include-attributes called-station-id boolean | |
| Tree | called-station-id | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
calling-station-id boolean
| Synopsis | Include the Calling-Station-Id attribute | |
| Context | configure aaa radius isa-policy named-item accounting include-attributes calling-station-id boolean | |
| Tree | calling-station-id | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
circuit-id boolean
| Synopsis | Include the Agent-Circuit-Id attribute | |
| Context | configure aaa radius isa-policy named-item accounting include-attributes circuit-id boolean | |
| Tree | circuit-id | |
Description | When configured to true, the system enables the generation of the Broad Band Forum Agent-Circuit-Id Vendor Specific AVP in Diameter NASREQ AAR messages. | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
class boolean
| Synopsis | Include the Class attribute | |
| Context | configure aaa radius isa-policy named-item accounting include-attributes class boolean | |
| Tree | class | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
credit-control-quota boolean
| Synopsis | Add unconsumed volume quota to Credit-Control-Quota | |
| Context | configure aaa radius isa-policy named-item accounting include-attributes credit-control-quota boolean | |
| Tree | credit-control-quota | |
| Default | false | |
| Introduced | 21.7.R1 | |
|
Platforms | 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
dhcp-options boolean
| Synopsis | Include the Alc-ToServer-Dhcp-Options attribute | |
| Context | configure aaa radius isa-policy named-item accounting include-attributes dhcp-options boolean | |
| Tree | dhcp-options | |
Description | When configured to true, the system enables insertion of RADIUS VSA containing all dhcp-options from dhcp-discover (or dhcp-request) message. The VSA contains all dhcp-options in a form of the string. If required (the total length of all dhcp-options exceeds 255B), multiple VSAs are included. | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
dhcp-vendor-class-id boolean
| Synopsis | Include the Alc-Dhcp-Vendor-Class-Id attribute | |
| Context | configure aaa radius isa-policy named-item accounting include-attributes dhcp-vendor-class-id boolean | |
| Tree | dhcp-vendor-class-id | |
Description | When configured to true, the router includes the "[26-6527-36] Alc-DHCP-Vendor-Class-Id” attribute in RADIUS accounting messages. The content of the DHCP Vendor-Class-Identifier option (60) is mapped in this attribute. | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
frame-counters boolean
| Synopsis | Include Acct-Input-Packets and Acct-Output-Packets | |
| Context | configure aaa radius isa-policy named-item accounting include-attributes frame-counters boolean | |
| Tree | frame-counters | |
Description | When configured to true, the router includes the frame-counters attribute. | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
framed-ip-address boolean
| Synopsis | Include the Framed-IP-Address attribute | |
| Context | configure aaa radius isa-policy named-item accounting include-attributes framed-ip-address boolean | |
| Tree | framed-ip-address | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
framed-ip-netmask boolean
| Synopsis | Include the Framed-IP-Netmask attribute | |
| Context | configure aaa radius isa-policy named-item accounting include-attributes framed-ip-netmask boolean | |
| Tree | framed-ip-netmask | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
framed-ipv6-prefix boolean
| Synopsis | Include the Framed-IPv6-Prefix attribute | |
| Context | configure aaa radius isa-policy named-item accounting include-attributes framed-ipv6-prefix boolean | |
| Tree | framed-ipv6-prefix | |
Description | When configured to true, the router includes the Framed-IPv6-Prefix attribute. If an active SLAAC lease exists, this attribute defines if the SLAAC prefix of the UE is present in accounting. | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
hardware-timestamp boolean
| Synopsis | Include the Event-Timestamp attribute | |
| Context | configure aaa radius isa-policy named-item accounting include-attributes hardware-timestamp boolean | |
| Tree | hardware-timestamp | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
ipv6-address boolean
| Synopsis | Include the Alc-Ipv6-Address attribute | |
| Context | configure aaa radius isa-policy named-item accounting include-attributes ipv6-address boolean | |
| Tree | ipv6-address | |
Description | When configured to true, the IA_NA address of the UE is included in the accounting message if an active IA_NA lease exists. When configured to false, the address is not included. | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
mac-address boolean
| Synopsis | Include the Alc-Client-Hardware-Addr attribute | |
| Context | configure aaa radius isa-policy named-item accounting include-attributes mac-address boolean | |
| Tree | mac-address | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
millisecond-event-timestamp boolean
| Synopsis | Include the Alc-Millisecond-Event-Timestamp attribute | |
| Context | configure aaa radius isa-policy named-item accounting include-attributes millisecond-event-timestamp boolean | |
| Tree | millisecond-event-timestamp | |
Description | When configured to true, the router includes the Alc-Millisecond-Event-Timestamp attribute in the accounting message. This attribute includes the time the accounting event was logged in milliseconds since Jan 1, 1970 00:00:00 UTC. When configured to false, the router does not include this attribute. | |
| Default | false | |
| Introduced | 20.10.R1 | |
|
Platforms | 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
multi-session-id boolean
| Synopsis | Include the Acct-Multi-Session-Id attribute | |
| Context | configure aaa radius isa-policy named-item accounting include-attributes multi-session-id boolean | |
| Tree | multi-session-id | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
nas-identifier boolean
| Synopsis | Include the NAS-Identifier attribute | |
| Context | configure aaa radius isa-policy named-item accounting include-attributes nas-identifier boolean | |
| Tree | nas-identifier | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
nas-ip-address boolean
| Synopsis | Include the NAS-IP-Address attribute | |
| Context | configure aaa radius isa-policy named-item accounting include-attributes nas-ip-address boolean | |
| Tree | nas-ip-address | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
nas-ipv6-address boolean
| Synopsis | Include the NAS-IPv6-Address attribute | |
| Context | configure aaa radius isa-policy named-item accounting include-attributes nas-ipv6-address boolean | |
| Tree | nas-ipv6-address | |
Description | When configured to true, the router includes the NAS-IPv6-Address attribute in RADIUS accounting messages using the address specified in the configure aaa radius isa-policy nas-ip-address-origin command. The NAS-IPv6-Address attribute is included in both IPv4 and IPv6 RADIUS connections. When configured to false, the router does not include the NAS-IPv6-Address attribute in RADIUS accounting messages. | |
| Default | false | |
| Introduced | 22.10.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
nas-port boolean
| Synopsis | Include the NAS-Port attribute | |
| Context | configure aaa radius isa-policy named-item accounting include-attributes nas-port boolean | |
| Tree | nas-port | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
nas-port-id boolean
| Synopsis | Include the NAS-Port-Id attribute | |
| Context | configure aaa radius isa-policy named-item accounting include-attributes nas-port-id boolean | |
| Tree | nas-port-id | |
Description | When configured to true, the system generates the nas-port-id RADIUS attribute. Optionally, the value of this attribute (the SAP-id) can be prefixed by a fixed string and suffixed by the circuit-id or the remote-id of the client connection. If a suffix is configured, but no corresponding data is available, the suffix used will be 0/0/0/0/0/0. | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
nas-port-type boolean
| Synopsis | Include the NAS-Port-Type attribute | |
| Context | configure aaa radius isa-policy named-item accounting include-attributes nas-port-type boolean | |
| Tree | nas-port-type | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
nat-inside-service-id boolean
| Synopsis | Include NAT inside service ID in Alc-Serv-Id attribute | |
| Context | configure aaa radius isa-policy named-item accounting include-attributes nat-inside-service-id boolean | |
| Tree | nat-inside-service-id | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
nat-outside-ip-address boolean
| Synopsis | Include the Alc-Nat-Outside-Ip-Addr attribute | |
| Context | configure aaa radius isa-policy named-item accounting include-attributes nat-outside-ip-address boolean | |
| Tree | nat-outside-ip-address | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
nat-outside-service-id boolean
| Synopsis | Include NAT outside service ID in Alc-Serv-Id attribute | |
| Context | configure aaa radius isa-policy named-item accounting include-attributes nat-outside-service-id boolean | |
| Tree | nat-outside-service-id | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
nat-port-forward-logging boolean
| Synopsis | Enable logging of port forwards via RADIUS | |
| Context | configure aaa radius isa-policy named-item accounting include-attributes nat-port-forward-logging boolean | |
| Tree | nat-port-forward-logging | |
Description | When configured to true, the router enables static or PCP port-forward logging via RADIUS. Port-forward logging is supported only in conjunction with the logging of port blocks. When configured to false, the router disables static or PCP port-forward logging. | |
| Default | false | |
| Introduced | 24.3.R1 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
nat-port-range-block boolean
| Synopsis | Include the Alc-Nat-Port-Range attribute | |
| Context | configure aaa radius isa-policy named-item accounting include-attributes nat-port-range-block boolean | |
| Tree | nat-port-range-block | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
nat-port-time boolean
| Synopsis | Enable the Alc-Nat-Port-Time RADIUS attribute | |
| Context | configure aaa radius isa-policy named-item accounting include-attributes nat-port-time boolean | |
| Tree | nat-port-time | |
Description | When configured to true, the router records the duration of port-blocks or port-forwards allocated to a NAT subscriber using the Alc-Nat-Port-Time RADIUS attribute. When configured to false, the router disables the Alc-Nat-Port-Time RADIUS attribute. | |
| Default | false | |
| Introduced | 24.7.R1 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
nat-subscriber-string boolean
| Synopsis | Include the Alc-Subsc-ID-Str attribute | |
| Context | configure aaa radius isa-policy named-item accounting include-attributes nat-subscriber-string boolean | |
| Tree | nat-subscriber-string | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
octet-counters boolean
| Synopsis | Include Acct-Input-Octets and Acct-Output-Octets | |
| Context | configure aaa radius isa-policy named-item accounting include-attributes octet-counters boolean | |
| Tree | octet-counters | |
Description | When configured to true, the router includes the octet-counters attributes. | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
proxied-subscriber-data boolean
| Synopsis | Include subscriber data as RADIUS attributes | |
| Context | configure aaa radius isa-policy named-item accounting include-attributes proxied-subscriber-data boolean | |
| Tree | proxied-subscriber-data | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
release-reason boolean
| Synopsis | Include reason in the Acct-Terminate-Cause attribute | |
| Context | configure aaa radius isa-policy named-item accounting include-attributes release-reason boolean | |
| Tree | release-reason | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
remote-id boolean
| Synopsis | Include the Agent-Remote-Id attribute | |
| Context | configure aaa radius isa-policy named-item accounting include-attributes remote-id boolean | |
| Tree | remote-id | |
Description | When configured to true, the router sends the remote ID option. The client DHCP Unique Identifier (DUID) is used as the remote ID. | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
rssi boolean
| Synopsis | Include the Alc-RSSI attribute | |
| Context | configure aaa radius isa-policy named-item accounting include-attributes rssi boolean | |
| Tree | rssi | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
session-time boolean
| Synopsis | Include the Acct-Session-Time attribute | |
| Context | configure aaa radius isa-policy named-item accounting include-attributes session-time boolean | |
| Tree | session-time | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
subscriber-id boolean
| Synopsis | Include the Alc-Subsc-ID-Str attribute | |
| Context | configure aaa radius isa-policy named-item accounting include-attributes subscriber-id boolean | |
| Tree | subscriber-id | |
Description | When configured to true, the subscriber ID attributes are included in RADIUS accounting messages. | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
toserver-dhcp6-options boolean
| Synopsis | Include the Alc-ToServer-Dhcp6-Options attribute | |
| Context | configure aaa radius isa-policy named-item accounting include-attributes toserver-dhcp6-options boolean | |
| Tree | toserver-dhcp6-options | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
ue-creation-type boolean
| Synopsis | Include the Alc-Wlan-Ue-Creation-Type attribute | |
| Context | configure aaa radius isa-policy named-item accounting include-attributes ue-creation-type boolean | |
| Tree | ue-creation-type | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
user-name boolean
| Synopsis | Include the User-Name attribute | |
| Context | configure aaa radius isa-policy named-item accounting include-attributes user-name boolean | |
| Tree | user-name | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
wlan-custom-user-group boolean
| Synopsis | Include Wlan-Custom-User-Group attribute | |
| Context | configure aaa radius isa-policy named-item accounting include-attributes wlan-custom-user-group boolean | |
| Tree | wlan-custom-user-group | |
Description | When configured to true, this command includes the Alc-Wlan-Custom-User-Group attribute in the RADIUS accounting messages. | |
| Default | false | |
| Introduced | 24.3.R1 | |
|
Platforms | 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
wlan-ssid-vlan boolean
| Synopsis | Include per-SSID VLAN in Alc-Wlan-SSID-VLAN attribute | |
| Context | configure aaa radius isa-policy named-item accounting include-attributes wlan-ssid-vlan boolean | |
| Tree | wlan-ssid-vlan | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
xconnect-tunnel-home-address boolean
| Synopsis | Include the Alc-Xconnect-Tunnel-Home-Ipv6 attribute | |
| Context | configure aaa radius isa-policy named-item accounting include-attributes xconnect-tunnel-home-address boolean | |
| Tree | xconnect-tunnel-home-address | |
Description | When configured to true, the router enables the cross connect tunnel home address RADIUS attribute. | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
xconnect-tunnel-local-ipv6-address boolean
| Synopsis | Include the Alc-Xconnect-Tunnel-Local-Ipv6 attribute | |
| Context | configure aaa radius isa-policy named-item accounting include-attributes xconnect-tunnel-local-ipv6-address boolean | |
| Tree | xconnect-tunnel-local-ipv6-address | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
xconnect-tunnel-remote-ipv6-address boolean
| Synopsis | Include the Alc-Xconnect-Tunnel-Remote-Ipv6 attribute | |
| Context | configure aaa radius isa-policy named-item accounting include-attributes xconnect-tunnel-remote-ipv6-address boolean | |
| Tree | xconnect-tunnel-remote-ipv6-address | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
xconnect-tunnel-service boolean
| Synopsis | Include the Alc-Xconnect-Tunnel-Service attribute | |
| Context | configure aaa radius isa-policy named-item accounting include-attributes xconnect-tunnel-service boolean | |
| Tree | xconnect-tunnel-service | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
xconnect-tunnel-type boolean
| Synopsis | Include the Alc-Xconnect-Tunnel-Type attribute | |
| Context | configure aaa radius isa-policy named-item accounting include-attributes xconnect-tunnel-type boolean | |
| Tree | xconnect-tunnel-type | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
nat-periodic-update
| Synopsis | Enter the nat-periodic-update context | |
| Context | configure aaa radius isa-policy named-item accounting nat-periodic-update | |
| Tree | nat-periodic-update | |
Description | Commands in this context configure periodic RADIUS logging of currently allocated port blocks for a NAT subscriber (NAT binding). | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
interval number
| Synopsis | Interval for periodic RADIUS Interim-Update messages | |
| Context | configure aaa radius isa-policy named-item accounting nat-periodic-update interval number | |
| Tree | interval | |
Description | This command configures the interval at which RADIUS logging is refreshed. The log generation might delayed past the configured interval value if the message pacing (rate-limit) is enabled or when the number of un-acknowledged (pending) messages in SR OS has reached its upper limit. An increased number of pending Interim Update messages in SR OS is due to lack of adequate responsiveness of the RADIUS server. | |
| Range | 1 to 72 | |
| Units | hours | |
| Introduced | 16.0.R4 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
rate-limit (number | keyword)
| Synopsis | Rate limit for periodic RADIUS Interim-Update messages | |
| Context | configure aaa radius isa-policy named-item accounting nat-periodic-update rate-limit (number | keyword) | |
| Tree | rate-limit | |
Description | This command configures the pacing of the Interim Update messages related to refreshment of the currently allocated port blocks. By default, when this command is not configured, the messages are sent at a high rate determined by the processing capability of the SR OS. Such a high message rate can exceed the processing power of the logging server which can result in the loss of logging information. To overcome this, the Interim Update messages can be generated in a staggered manner at a configured interval that is accommodating toward the processing capabilities of the logging server. | |
| Range | 1 to 100000 | |
| Units | packets per second | |
| Options | ||
| Default | unlimited | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
update-triggers
| Synopsis | Enter the update-triggers context | |
| Context | configure aaa radius isa-policy named-item accounting update-triggers | |
| Tree | update-triggers | |
Description | Commands in this context enable or disable the sending of triggered interim-updates, with the exception of the following:
| |
| Introduced | 16.0.R4 | |
Platforms | 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
address-state boolean
| Synopsis | Send an Interim-Update when address allocated or freed | |
| Context | configure aaa radius isa-policy named-item accounting update-triggers address-state boolean | |
| Tree | address-state | |
Description | When configured to true, the router sends an interim-update for a DSM UE whenever a DHCP, SLAAC or DHCPv6 address gets allocated or freed. | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
soft-quota-exhausted boolean
| Synopsis | Send interim update when soft volume quota is reached | |
| Context | configure aaa radius isa-policy named-item accounting update-triggers soft-quota-exhausted boolean | |
| Tree | soft-quota-exhausted | |
| Default | false | |
| Introduced | 21.7.R1 | |
|
Platforms | 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
authentication
| Synopsis | Enter the authentication context | |
| Context | configure aaa radius isa-policy named-item authentication | |
| Tree | authentication | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
include-attributes
| Synopsis | Enter the include-attributes context | |
| Context | configure aaa radius isa-policy named-item authentication include-attributes | |
| Tree | include-attributes | |
Description | Commands in this context specify the attributes to include in the RADIUS authentication messages. | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
called-station-id boolean
| Synopsis | Include the Called-Station-Id attribute | |
| Context | configure aaa radius isa-policy named-item authentication include-attributes called-station-id boolean | |
| Tree | called-station-id | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
calling-station-id boolean
| Synopsis | Include the Calling-Station-Id attribute | |
| Context | configure aaa radius isa-policy named-item authentication include-attributes calling-station-id boolean | |
| Tree | calling-station-id | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
circuit-id boolean
| Synopsis | Include the Agent-Circuit-Id attribute | |
| Context | configure aaa radius isa-policy named-item authentication include-attributes circuit-id boolean | |
| Tree | circuit-id | |
Description | When configured to true, the router is enabled to generate Broad Band Forum Agent-Circuit-Id Vendor Specific AVP in Diameter NASREQ AAR messages. | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
dhcp-vendor-class-id boolean
| Synopsis | Include the Alc-DHCP-Vendor-Class-Id attribute | |
| Context | configure aaa radius isa-policy named-item authentication include-attributes dhcp-vendor-class-id boolean | |
| Tree | dhcp-vendor-class-id | |
Description | When configured to true, the router includes the "[26-6527-36] Alc-DHCP-Vendor-Class-Id” attribute in RADIUS authentication messages. The content of the DHCP Vendor-Class-Identifier option (60) is mapped in this attribute. | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
framed-ip-address boolean
| Synopsis | Include the Framed-IP-Address attribute | |
| Context | configure aaa radius isa-policy named-item authentication include-attributes framed-ip-address boolean | |
| Tree | framed-ip-address | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
ipv6-address boolean
| Synopsis | Include the Alc-IPv6-address attribute | |
| Context | configure aaa radius isa-policy named-item authentication include-attributes ipv6-address boolean | |
| Tree | ipv6-address | |
Description | When configured to true, the router includes the Alc-IPv6-address attribute, which defines if the IPv6 address of the UE is present during authentication if the datatrigger packet is IPv6. | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
mac-address boolean
| Synopsis | Include the Alc-Client-Hardware-Addr attribute | |
| Context | configure aaa radius isa-policy named-item authentication include-attributes mac-address boolean | |
| Tree | mac-address | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
nas-identifier boolean
| Synopsis | Include the NAS-Identifier attribute | |
| Context | configure aaa radius isa-policy named-item authentication include-attributes nas-identifier boolean | |
| Tree | nas-identifier | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
nas-ip-address boolean
| Synopsis | Include the NAS-IP-Address attribute | |
| Context | configure aaa radius isa-policy named-item authentication include-attributes nas-ip-address boolean | |
| Tree | nas-ip-address | |
| Default | true | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
nas-ipv6-address boolean
| Synopsis | Include the NAS-IPv6-Address attribute | |
| Context | configure aaa radius isa-policy named-item authentication include-attributes nas-ipv6-address boolean | |
| Tree | nas-ipv6-address | |
Description | When configured to true, the router includes the NAS-IPv6-Address attribute in RADIUS authentication messages using the address specified in the configure aaa radius isa-policy nas-ip-address-origin command. The NAS-IPv6-Address attribute is included in both IPv4 and IPv6 RADIUS connections. When configured to false, the router does not include the NAS-IPv6-Address attribute in RADIUS authentication messages. | |
| Introduced | 22.10.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
nas-port boolean
| Synopsis | Include the NAS-Port attribute | |
| Context | configure aaa radius isa-policy named-item authentication include-attributes nas-port boolean | |
| Tree | nas-port | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
nas-port-id boolean
| Synopsis | Include the NAS-Port-Id attribute | |
| Context | configure aaa radius isa-policy named-item authentication include-attributes nas-port-id boolean | |
| Tree | nas-port-id | |
Description | When configured to true, the router is enabled to generate the nas-port-id RADIUS attribute. Optionally, the value of this attribute (the SAP-id) can be prefixed by a fixed string and suffixed by the circuit-id or the remote-id of the client connection. If a suffix is configured, but no corresponding data is available, the suffix used will be 0/0/0/0/0/0. | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
nas-port-type boolean
| Synopsis | Include the NAS-Port-Type attribute | |
| Context | configure aaa radius isa-policy named-item authentication include-attributes nas-port-type boolean | |
| Tree | nas-port-type | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
remote-id boolean
| Synopsis | Include the Agent-Remote-Id attribute | |
| Context | configure aaa radius isa-policy named-item authentication include-attributes remote-id boolean | |
| Tree | remote-id | |
Description | When configured to true, the router includes the remote ID option. The client DHCP Unique Identifier (DUID) is used as the remote ID. | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
toserver-dhcp-options boolean
| Synopsis | Include the Alc-ToServer-Dhcp-Options attribute | |
| Context | configure aaa radius isa-policy named-item authentication include-attributes toserver-dhcp-options boolean | |
| Tree | toserver-dhcp-options | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
toserver-dhcp6-options boolean
| Synopsis | Include the Alc-ToServer-Dhcp6-Options attribute | |
| Context | configure aaa radius isa-policy named-item authentication include-attributes toserver-dhcp6-options boolean | |
| Tree | toserver-dhcp6-options | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
wlan-ssid-vlan boolean
| Synopsis | Include per-SSID VLAN in Alc-Wlan-SSID-VLAN attribute | |
| Context | configure aaa radius isa-policy named-item authentication include-attributes wlan-ssid-vlan boolean | |
| Tree | wlan-ssid-vlan | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
xconnect-tunnel-home-address boolean
| Synopsis | Include the Alc-Xconnect-Tunnel-Home-Ipv6 attribute | |
| Context | configure aaa radius isa-policy named-item authentication include-attributes xconnect-tunnel-home-address boolean | |
| Tree | xconnect-tunnel-home-address | |
Description | When configured to true, the router includes the cross connect tunnel home address RADIUS attribute. | |
| Default | false | |
| Introduced | 16.0.R5 | |
|
Platforms | 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
description description
| Synopsis | Text description | |
| Context | configure aaa radius isa-policy named-item description description | |
| Tree | description | |
| String length | 1 to 80 | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
nas-ip-address-origin keyword
| Synopsis | RADIUS NAS-IP-Address attribute | |
| Context | configure aaa radius isa-policy named-item nas-ip-address-origin keyword | |
| Tree | nas-ip-address-origin | |
Description | This command configures the RADIUS NAS-IP-Address attribute. system-ip - Use the value of the object TIMETRA-VRTR-MIB::vRiaIpAddress.1.1.1 isa-ip - Use a value in the range specified by tmnxRadIsaPlcySrvSrcAddrStart and tmnxRadIsaPlcySrvSrcAddrEnd that corresponds to the ISA card that transmits the Access-Request packet or the Accounting-Request packet | |
| Options | ||
| Default | system-ip | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
password encrypted-leaf
| Synopsis | Password used in the RADIUS access requests | |
| Context | configure aaa radius isa-policy named-item password encrypted-leaf | |
| Tree | password | |
| String length | 1 to 42 | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
python-policy reference
| Synopsis | Python policy used for modifying RADIUS messages | |
| Context | configure aaa radius isa-policy named-item python-policy reference | |
| Tree | python-policy | |
Description | This command configures the Python policy for the ISA RADIUS proxy server. This is the Python policy for RADIUS packets to and from the client. | |
Reference | configure python python-policy named-item | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
servers
| Synopsis | Enter the servers context | |
| Context | configure aaa radius isa-policy named-item servers | |
| Tree | servers | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
access-algorithm keyword
| Synopsis | Algorithm that accesses the RADIUS servers | |
| Context | configure aaa radius isa-policy named-item servers access-algorithm keyword | |
| Tree | access-algorithm | |
Description | This command defines the algorithm used to access the list of available RADIUS servers. A RADIUS server is considered available initially and marked as unavailable if no response packets are received in a period equal to the configured packet timeout multiplied by the retry after sending a request. A server is always marked as available when any valid RADIUS packet is received from that server. Some access algorithms periodically probe unavailable servers by sending a single request. If the server responds to the request, it is immediately marked as available. direct - Use the first server as the primary server for all requests, the second as secondary, and so on round-robin - Use the first server as the primary server for the first request, the second server as primary for the second request, and so on. If the router gets to the end of the list, it starts again with the first server. hash-based - Selection is based on the hash-based procedures direct-priority - Use the first server for all requests. If that server is not available, the second server is used, and so on. This method periodically probes and falls back to higher-priority servers. | |
| Options | ||
| Default | direct | |
| Introduced | 16.0.R4 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
ipv6
mtu number
source-prefix ipv6-prefix
| Synopsis | Prefix containing individual source addresses per ISA | |
| Context | configure aaa radius isa-policy named-item servers ipv6 source-prefix ipv6-prefix | |
| Tree | source-prefix | |
Description | This command configures an IPv6 prefix containing individual /128 addresses. These addresses are used as the source address for connections to IPv6 RADIUS servers. The prefix must be large enough to accommodate all BB-ISAs or ESA VMs in the system. | |
| Introduced | 22.10.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
router-instance string
| Synopsis | Routing instance | |
| Context | configure aaa radius isa-policy named-item servers router-instance string | |
| Tree | router-instance | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
server [index] number
| Synopsis | Enter the server list instance | |
| Context | configure aaa radius isa-policy named-item servers server number | |
| Tree | server | |
Description | Commands in this context configure a RADIUS server and configures the RADIUS server IP address, index, and key values. RADIUS servers are accessed in order from lowest to highest index for authentication requests until a response from a server is received. A higher indexed server is only queried if no response is received from a lower indexed server (which implies that the server is not available). If a response from a server is received, no other RADIUS servers are queried. | |
| Max. instances | 10 | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
[index] number
admin-state keyword
| Synopsis | Administrative state of the ISA RADIUS server | |
| Context | configure aaa radius isa-policy named-item servers server number admin-state keyword | |
| Tree | admin-state | |
| Options | ||
| Default | disable | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
ip-address (ipv4-address-no-zone | ipv6-address-no-zone)
|
WARNING: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. | ||
| Synopsis | IP address of the RADIUS server | |
| Context | configure aaa radius isa-policy named-item servers server number ip-address (ipv4-address-no-zone | ipv6-address-no-zone) | |
| Tree | ip-address | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR | |
purpose
|
WARNING: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. | ||
| Synopsis | Enter the purpose context | |
| Context | configure aaa radius isa-policy named-item servers server number purpose | |
| Tree | purpose | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR | |
accounting
|
WARNING: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. | ||
| Synopsis | Enable the accounting context | |
| Context | configure aaa radius isa-policy named-item servers server number purpose accounting | |
| Tree | accounting | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR | |
udp-port number
|
WARNING: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. | ||
| Synopsis | ISA RADIUS server accounting UDP port | |
| Context | configure aaa radius isa-policy named-item servers server number purpose accounting udp-port number | |
| Tree | udp-port | |
Description | This command configures the UDP port number on which to contact the RADIUS server for authentication. | |
| Range | 1 to 65535 | |
| Default | 1813 | |
| Introduced | 16.0.R4 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR | |
authentication
|
WARNING: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. | ||
| Synopsis | Enable the authentication context | |
| Context | configure aaa radius isa-policy named-item servers server number purpose authentication | |
| Tree | authentication | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR | |
udp-port number
|
WARNING: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. | ||
| Synopsis | ISA RADIUS server authentication UDP port | |
| Context | configure aaa radius isa-policy named-item servers server number purpose authentication udp-port number | |
| Tree | udp-port | |
Description | This command configures the UDP port number on which to contact the RADIUS server for authentication. | |
| Range | 1 to 65535 | |
| Default | 1812 | |
| Introduced | 16.0.R4 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR | |
coa
|
WARNING: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. | ||
| Synopsis | Enable the coa context | |
| Context | configure aaa radius isa-policy named-item servers server number purpose coa | |
| Tree | coa | |
Description | Commands in this context configure Change of Authorization (CoA) messages. | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR | |
udp-port number
|
WARNING: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. | ||
| Synopsis | ISA RADIUS server change of authorization UDP port | |
| Context | configure aaa radius isa-policy named-item servers server number purpose coa udp-port number | |
| Tree | udp-port | |
Description | This command configures the UDP port number on which to contact the RADIUS server for authentication. | |
| Range | 1 to 65535 | |
| Default | 3799 | |
| Introduced | 16.0.R4 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR | |
secret encrypted-leaf
|
WARNING: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. | ||
| Synopsis | Secret key to access the RADIUS server | |
| Context | configure aaa radius isa-policy named-item servers server number secret encrypted-leaf | |
| Tree | secret | |
Description | This command configures the secret key to access the RADIUS server. This secret key must match the password on the RADIUS server. | |
| String length | 1 to 115 | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR | |
source-address-range ipv4-unicast-address
| Synopsis | Starting IP address of the IP address range | |
| Context | configure aaa radius isa-policy named-item servers source-address-range ipv4-unicast-address | |
| Tree | source-address-range | |
Description | This command configures the first IP address in the range of IPv4 addresses that are assigned to a BB-ISA in a given NAT group for NAT RADIUS accounting. The IP addresses are unique within the NAT group and are used to bind the RADIUS client instantiated on each BB-ISA card. The number of IPv4 addresses allocated is equal to the number of BB-ISAs in a NAT group that are enabled for NAT RADIUS accounting. Although only the first IPv4 address is explicitly configured with this command, each internally allocated IPv4 address associated with the BB-ISA card can be seen in the routing table (via show commands) as /32 with protocol designation "NAT". | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
timeout number
| Synopsis | Timeout for a response from the RADIUS server | |
| Context | configure aaa radius isa-policy named-item servers timeout number | |
| Tree | timeout | |
Description | This command configures the time the router waits for a response from a RADIUS server. | |
| Range | 1 to 90 | |
| Units | seconds | |
| Default | 5 | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
total-tries number
| Synopsis | Maximum number of tries toward the same RADIUS server | |
| Context | configure aaa radius isa-policy named-item servers total-tries number | |
| Tree | total-tries | |
Description | This command configures the number of times the router attempts to contact the RADIUS server for authentication, if not successful the first time. | |
| Range | 1 to 10 | |
| Default | 3 | |
| Introduced | 16.0.R4 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
user-name
| Synopsis | Enter the user-name context | |
| Context | configure aaa radius isa-policy named-item user-name | |
| Tree | user-name | |
Description | Commands in this context define the format of the username field in the UE authentication request sent to the RADIUS server. For authentication of IPv6 triggers (ICMPv6, DHCPv6, IPv6 data-trigger) the username format will always fall back to MAC only. | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
format keyword
mac-format keyword
| Synopsis | MAC address format when contacting RADIUS server | |
| Context | configure aaa radius isa-policy named-item user-name mac-format keyword | |
| Tree | mac-format | |
Description | This command specifies how a MAC address is represented when contacting a RADIUS server. This is only used while the value of is equal to the DHCP client vendor options and if the MAC address is used by default of the DHCP client vendor options. | |
| Options | ||
| Default | alu | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
l2tp-accounting-policy [name] named-item
| Synopsis | Enter the l2tp-accounting-policy list instance | |
| Context | configure aaa radius l2tp-accounting-policy named-item | |
| Tree | l2tp-accounting-policy | |
| Max. instances | 32 | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
[name] named-item
| Synopsis | L2TP RADIUS accounting policy name | |
| Context | configure aaa radius l2tp-accounting-policy named-item | |
| Tree | l2tp-accounting-policy | |
| String length | 1 to 32 | |
Notes | This element is part of a list key. | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
accounting-type
| Synopsis | Enter the accounting-type context | |
| Context | configure aaa radius l2tp-accounting-policy named-item accounting-type | |
| Tree | accounting-type | |
Description | Commands in this context configure the accounting type for the L2TP tunnel accounting policy. | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
session boolean
| Synopsis | Enable per-session accounting | |
| Context | configure aaa radius l2tp-accounting-policy named-item accounting-type session boolean | |
| Tree | session | |
| Default | true | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
tunnel boolean
| Synopsis | Enable per-tunnel accounting | |
| Context | configure aaa radius l2tp-accounting-policy named-item accounting-type tunnel boolean | |
| Tree | tunnel | |
| Default | true | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
acct-tunnel-connection-fmt display-string
| Synopsis | Accounting tunnel connection ASCII specification | |
| Context | configure aaa radius l2tp-accounting-policy named-item acct-tunnel-connection-fmt display-string | |
| Tree | acct-tunnel-connection-fmt | |
| String length | 1 to 253 | |
| Default | %n | |
| Introduced | 16.0.R4 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
description description
| Synopsis | Text description | |
| Context | configure aaa radius l2tp-accounting-policy named-item description description | |
| Tree | description | |
| String length | 1 to 80 | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
include-radius-attribute
| Synopsis | Enter the include-radius-attribute context | |
| Context | configure aaa radius l2tp-accounting-policy named-item include-radius-attribute | |
| Tree | include-radius-attribute | |
Description | Commands in this context specify the RADIUS attributes that the system should include into RADIUS Access-Request (for authentication) and Accounting-Request (for accounting) messages. | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
calling-station-id boolean
| Synopsis | Include the Calling-Station-Id attribute | |
| Context | configure aaa radius l2tp-accounting-policy named-item include-radius-attribute calling-station-id boolean | |
| Tree | calling-station-id | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
nas-identifier boolean
| Synopsis | Include the NAS-Identifier attribute | |
| Context | configure aaa radius l2tp-accounting-policy named-item include-radius-attribute nas-identifier boolean | |
| Tree | nas-identifier | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
nas-port
| Synopsis | Enable the nas-port context | |
| Context | configure aaa radius l2tp-accounting-policy named-item include-radius-attribute nas-port | |
| Tree | nas-port | |
Description | Commands in this context enable the generation of the nas-port RADIUS attribute. Enter decimal representation of a 32-bit string that indicates the port information. This 32-bit string can be compiled based on different information from the port (data types). Using number-of-bits data-type syntax indicates the number of bits from the 32 bits that are used for the specific data type. These data types can be combined up to 32 bits. In between the different data types, 0s and 1s as bits can be added. | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
bit-spec binary-specification
| Synopsis | RADIUS NAS-Port attribute | |
| Context | configure aaa radius l2tp-accounting-policy named-item include-radius-attribute nas-port bit-spec binary-specification | |
| Tree | bit-spec | |
| String length | 1 to 255 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
nas-port-id
| Synopsis | Enable the nas-port-id context | |
| Context | configure aaa radius l2tp-accounting-policy named-item include-radius-attribute nas-port-id | |
| Tree | nas-port-id | |
Description | Commands in this context enable the generation of the nas-port-id RADIUS attribute. Optionally, the value of this attribute (the SAP ID) can be prefixed by a fixed string and suffixed by the circuit-id or the remote-id of the client connection. If a suffix is configured, but no corresponding data is available, the suffix used is 0/0/0/0/0/0. | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
prefix-string string-not-all-spaces
| Synopsis | Prefix string added to RADIUS NAS-Port attribute | |
| Context | configure aaa radius l2tp-accounting-policy named-item include-radius-attribute nas-port-id prefix-string string-not-all-spaces | |
| Tree | prefix-string | |
| String length | 1 to 8 | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
suffix keyword
| Synopsis | Suffix type to add to the RADIUS NAS port attribute | |
| Context | configure aaa radius l2tp-accounting-policy named-item include-radius-attribute nas-port-id suffix keyword | |
| Tree | suffix | |
| Options | ||
| Introduced | 16.0.R4 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
nas-port-type
| Synopsis | Enable the nas-port-type context | |
| Context | configure aaa radius l2tp-accounting-policy named-item include-radius-attribute nas-port-type | |
| Tree | nas-port-type | |
Description | Commands in this context enable the generation of the nas-port-type RADIUS attribute. If set to nas-port-type, the following values are sent: 32 (null-encap), 33 (dot1q), 34 (qinq), 15 (DHCP hosts). The nas-port-type can also be set as a specified value, with an integer from 0 to 255. | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
type (keyword | number)
| Synopsis | Value for RADIUS NAS-Port-Type attribute | |
| Context | configure aaa radius l2tp-accounting-policy named-item include-radius-attribute nas-port-type type (keyword | number) | |
| Tree | type | |
| Range | 0 to 255 | |
| Options | ||
| Default | rfc-aligned | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
radius-server-policy reference
| Synopsis | RADIUS server policy referenced | |
| Context | configure aaa radius l2tp-accounting-policy named-item radius-server-policy reference | |
| Tree | radius-server-policy | |
Reference | configure aaa radius server-policy named-item | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
route-downloader [name] named-item
| Synopsis | Enter the route-downloader list instance | |
| Context | configure aaa radius route-downloader named-item | |
| Tree | route-downloader | |
Description | Commands in this context configure a route-downloader instance. The route-downloader is a process that uses radius access-request messages to a particular server. The server returns either an access-accept or access-deny message. Access-accept messages also contain the prefixes (in the form of static blackhole routes in various formats). Only a single route-downloader object can be created. | |
| Max. instances | 1 | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
[name] named-item
| Synopsis | RADIUS route downloader name | |
| Context | configure aaa radius route-downloader named-item | |
| Tree | route-downloader | |
| String length | 1 to 32 | |
Notes | This element is part of a list key. | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
admin-state keyword
| Synopsis | Administrative state of this route downloader | |
| Context | configure aaa radius route-downloader named-item admin-state keyword | |
| Tree | admin-state | |
| Options | ||
| Default | disable | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
base-user-name named-item
| Synopsis | Prefix of the username used as access requests | |
| Context | configure aaa radius route-downloader named-item base-user-name named-item | |
| Tree | base-user-name | |
Description | This command sets the prefix for the username that is used for access requests. The actual name used is a concatenation of this string, the “-” (dash) character and a monotonically increasing integer. | |
| String length | 1 to 32 | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
default-metric number
| Synopsis | Default metric that RTM imported routes acquire | |
| Context | configure aaa radius route-downloader named-item default-metric number | |
| Tree | default-metric | |
| Range | 0 to 254 | |
| Default | 2 | |
| Introduced | 16.0.R4 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
default-tag number
| Synopsis | Default tag of this route downloader | |
| Context | configure aaa radius route-downloader named-item default-tag number | |
| Tree | default-tag | |
Description | This command configures the default tag that routes processed by the AAA route downloader will take. Any route received with a specific tag retains the specific tag. The tag value is passed to the Route Table Manager and is available as match condition on the export statement of other routing protocols. | |
| Range | 0 to 4294967295 | |
| Default | 0 | |
| Introduced | 16.0.R4 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
description description
| Synopsis | Text description | |
| Context | configure aaa radius route-downloader named-item description description | |
| Tree | description | |
| String length | 1 to 80 | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
download-interval number
| Synopsis | Wait time between consecutive runs of the process | |
| Context | configure aaa radius route-downloader named-item download-interval number | |
| Tree | download-interval | |
Description | This command configures the time interval that the system waits for between two consecutive runs of the route-download process. The time is counted from the start-time of the run, thus, if a route-download process is still ongoing by the time the timer expires, the process will restart from count=1. | |
| Range | 1 to 1440 | |
| Units | minutes | |
| Default | 720 | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
max-routes number
| Synopsis | Maximum routes imported by this route downloader | |
| Context | configure aaa radius route-downloader named-item max-routes number | |
| Tree | max-routes | |
Description | This command configures the upper limit for the total number of routes to be received and accepted by the system. The total number is inclusive of both IPv4 and IPv6 addresses and no differentiation is needed across protocols. It includes the sum of both. Once this limit is reached, the download process stops sending new access-requests until the next download-interval expires. | |
| Range | 1 to 200000 | |
| Default | 200000 | |
| Introduced | 16.0.R4 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
password encrypted-leaf
| Synopsis | Route downloader password for RADIUS access requests | |
| Context | configure aaa radius route-downloader named-item password encrypted-leaf | |
| Tree | password | |
| String length | 1 to 71 | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
radius-server-policy reference
|
WARNING: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. | ||
| Synopsis | RADIUS server policy referenced | |
| Context | configure aaa radius route-downloader named-item radius-server-policy reference | |
| Tree | radius-server-policy | |
Description | This command references an existing radius-server-policy (available under the configure aaa context). The server (or servers) referenced by the policy is used as the targets for the access-request message. | |
Reference | configure aaa radius server-policy named-item | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR | |
retry-interval
| Synopsis | Enter the retry-interval context | |
| Context | configure aaa radius route-downloader named-item retry-interval | |
| Tree | retry-interval | |
Description | Commands in this context configure parameters of the retry interval timer, which is an exponential backoff timer. The system retries sending an Access Request message after the previous message was unanswered (for example, a RADIUS failure or ICMP port unreachable error). | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
max number
| Synopsis | Maximum duration of the retry interval | |
| Context | configure aaa radius route-downloader named-item retry-interval max number | |
| Tree | max | |
| Range | 1 to 1440 | |
| Units | minutes | |
| Default | 20 | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
min number
| Synopsis | Minimum duration of the retry interval | |
| Context | configure aaa radius route-downloader named-item retry-interval min number | |
| Tree | min | |
Description | This command specifies the minimum duration of the retry interval. This duration grows exponentially after each sequential failure. | |
| Range | 1 to 1440 | |
| Units | minutes | |
| Default | 10 | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
server-policy [name] named-item
| Synopsis | Enter the server-policy list instance | |
| Context | configure aaa radius server-policy named-item | |
| Tree | server-policy | |
Description | Commands in this context create a RADIUS server policy. A RADIUS server policy can be used in:
| |
| Max. instances | 32 | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
[name] named-item
| Synopsis | RADIUS server policy name | |
| Context | configure aaa radius server-policy named-item | |
| Tree | server-policy | |
| String length | 1 to 32 | |
Notes | This element is part of a list key. | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
acct-on-off
| Synopsis | Enable the acct-on-off context | |
| Context | configure aaa radius server-policy named-item acct-on-off | |
| Tree | acct-on-off | |
Description | Commands in this context control the sending of Accounting-On and Accounting-Off messages and the acct-on-off oper-state of the radius-server-policy:
| |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
monitor reference
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | Accounting on/off group name | |
| Context | configure aaa radius server-policy named-item acct-on-off monitor reference | |
| Tree | monitor | |
Reference | configure aaa radius acct-on-off-group named-item | |
Notes | The following elements are part of a choice: monitor or oper-state-change. | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR | |
oper-state-change
| Synopsis | Enable the oper-state-change context | |
| Context | configure aaa radius server-policy named-item acct-on-off oper-state-change | |
| Tree | oper-state-change | |
Notes | The following elements are part of a choice: monitor or oper-state-change. | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
group reference
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | Operational state for a group | |
| Context | configure aaa radius server-policy named-item acct-on-off oper-state-change group reference | |
| Tree | group | |
Reference | configure aaa radius acct-on-off-group named-item | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR | |
description description
| Synopsis | Text description | |
| Context | configure aaa radius server-policy named-item description description | |
| Tree | description | |
| String length | 1 to 80 | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
python-policy reference
| Synopsis | Python policy for RADIUS packets to/from RADIUS servers | |
| Context | configure aaa radius server-policy named-item python-policy reference | |
| Tree | python-policy | |
Reference | configure python python-policy named-item | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
servers
| Synopsis | Enter the servers context | |
| Context | configure aaa radius server-policy named-item servers | |
| Tree | servers | |
Description | Commands in this context configure RADIUS server policy command options. | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
access-algorithm keyword
| Synopsis | Algorithm to select a RADIUS server from the pool | |
| Context | configure aaa radius server-policy named-item servers access-algorithm keyword | |
| Tree | access-algorithm | |
| Options | ||
| Default | direct | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
buffering
acct-interim
| Synopsis | Enable the acct-interim context | |
| Context | configure aaa radius server-policy named-item servers buffering acct-interim | |
| Tree | acct-interim | |
Description | Commands in this context enable RADIUS accounting interim update message buffering.
| |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
lifetime number
| Synopsis | Time accounting message can be in retransmission buffer | |
| Context | configure aaa radius server-policy named-item servers buffering acct-interim lifetime number | |
| Tree | lifetime | |
| Range | 1 to 25 | |
| Units | hours | |
Notes |
This element is mandatory. | |
| Introduced | 16.0.R4 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
max number
| Synopsis | Maximum time between accounting message resend attempts | |
| Context | configure aaa radius server-policy named-item servers buffering acct-interim max number | |
| Tree | max | |
| Range | 1 to 3600 | |
| Units | seconds | |
Notes |
This element is mandatory. | |
| Introduced | 16.0.R4 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
min number
| Synopsis | Minimum time between accounting message resend attempts | |
| Context | configure aaa radius server-policy named-item servers buffering acct-interim min number | |
| Tree | min | |
| Range | 1 to 3600 | |
| Units | seconds | |
Notes |
This element is mandatory. | |
| Introduced | 16.0.R4 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
acct-start
| Synopsis | Enable the acct-start context | |
| Context | configure aaa radius server-policy named-item servers buffering acct-start | |
| Tree | acct-start | |
| Introduced | 20.7.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
lifetime number
| Synopsis | Time accounting message can be in retransmission buffer | |
| Context | configure aaa radius server-policy named-item servers buffering acct-start lifetime number | |
| Tree | lifetime | |
| Range | 1 to 25 | |
| Units | hours | |
Notes |
This element is mandatory. | |
| Introduced | 20.7.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
max number
| Synopsis | Maximum time between accounting message resend attempts | |
| Context | configure aaa radius server-policy named-item servers buffering acct-start max number | |
| Tree | max | |
| Range | 1 to 3600 | |
| Units | seconds | |
Notes |
This element is mandatory. | |
| Introduced | 20.7.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
min number
| Synopsis | Minimum time between accounting message resend attempts | |
| Context | configure aaa radius server-policy named-item servers buffering acct-start min number | |
| Tree | min | |
| Range | 1 to 3600 | |
| Units | seconds | |
Notes |
This element is mandatory. | |
| Introduced | 20.7.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
acct-stop
| Synopsis | Enable the acct-stop context | |
| Context | configure aaa radius server-policy named-item servers buffering acct-stop | |
| Tree | acct-stop | |
Description | Commands in this context enable RADIUS accounting stop message buffering.
| |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
lifetime number
| Synopsis | Time accounting message can be in retransmission buffer | |
| Context | configure aaa radius server-policy named-item servers buffering acct-stop lifetime number | |
| Tree | lifetime | |
| Range | 1 to 25 | |
| Units | hours | |
Notes |
This element is mandatory. | |
| Introduced | 16.0.R4 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
max number
| Synopsis | Maximum time between accounting message resend attempts | |
| Context | configure aaa radius server-policy named-item servers buffering acct-stop max number | |
| Tree | max | |
| Range | 1 to 3600 | |
| Units | seconds | |
Notes |
This element is mandatory. | |
| Introduced | 16.0.R4 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
min number
| Synopsis | Minimum time between accounting message resend attempts | |
| Context | configure aaa radius server-policy named-item servers buffering acct-stop min number | |
| Tree | min | |
| Range | 1 to 3600 | |
| Units | seconds | |
Notes |
This element is mandatory. | |
| Introduced | 16.0.R4 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
health-check
| Synopsis | Enter the health-check context | |
| Context | configure aaa radius server-policy named-item servers health-check | |
| Tree | health-check | |
Description | Commands in this context configure health check command options for the RADIUS server. | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
down-timeout number
| Synopsis | Wait time before declaring RADIUS server out-of-service | |
| Context | configure aaa radius server-policy named-item servers health-check down-timeout number | |
| Tree | down-timeout | |
Description | This command configures the interval to wait for a RADIUS reply message from the RADIUS server before a RADIUS server is declared out-of-service. By default, the value of the down-timeout is the number of retries multiplied by the timeout interval. Each host will use the configured timeout and retry value under the AAA RADIUS server policy. The configure aaa radius server-policy servers timeout command refers to the waiting period before the next retry attempt. The configure aaa radius server-policy servers retry-count command refers to the number of times the host attempts to contact the RADIUS server. If a RADIUS server is declared out-of-service, the host pending retry attempts moves on to the next RADIUS server. | |
| Range | 1 to 340 | |
| Units | seconds | |
| Introduced | 16.0.R4 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
test-account
| Synopsis | Enter the test-account context | |
| Context | configure aaa radius server-policy named-item servers health-check test-account | |
| Tree | test-account | |
Description | Commands in this context set up a test account as a probing mechanism to check the connectivity of all configured RADIUS authentication servers within the RADIUS server policy. | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
admin-state keyword
| Synopsis | Administrative state of the health check | |
| Context | configure aaa radius server-policy named-item servers health-check test-account admin-state keyword | |
| Tree | admin-state | |
| Options | ||
| Default | disable | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
interval number
| Synopsis | Time for test account to check health of RADIUS servers | |
| Context | configure aaa radius server-policy named-item servers health-check test-account interval number | |
| Tree | interval | |
Description | This command configures the interval at which the test account sends its access requests to probe the RADIUS servers. | |
| Range | 1 to 60 | |
| Units | seconds | |
| Default | 3 | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
password encrypted-leaf
| Synopsis | Test account password for RADIUS server health check | |
| Context | configure aaa radius server-policy named-item servers health-check test-account password encrypted-leaf | |
| Tree | password | |
Description | This command configures the password that the test account uses to send access requests to probe the RADIUS servers. | |
| String length | 1 to 115 | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
user-name display-string
| Synopsis | Username to send access requests to probe RADIUS server | |
| Context | configure aaa radius server-policy named-item servers health-check test-account user-name display-string | |
| Tree | user-name | |
| String length | 1 to 64 | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
hold-down-time number
| Synopsis | Hold time before reusing a RADIUS server that was down | |
| Context | configure aaa radius server-policy named-item servers hold-down-time number | |
| Tree | hold-down-time | |
Description | This command configures the interval during which no new communication attempts are made to a RADIUS server that is marked down to prevent immediately overloading the server when it is starting up. The only exception is when all servers in the authentication policy are marked down; in that case, they will all be used again to prevent failures on new client connections. | |
| Range | 30 to 86400 | |
| Units | seconds | |
| Default | 30 | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
ipv6-source-address ipv6-address
| Synopsis | Source address for IPv6 RADIUS datagrams | |
| Context | configure aaa radius server-policy named-item servers ipv6-source-address ipv6-address | |
| Tree | ipv6-source-address | |
Description | This command configures the source address of an IPv6 RADIUS packet. When ipv6-source-address is unconfigured, the system IPv6 address (inband RADIUS server connection) or Boot Option File (BOF) IPv6 address (outband RADIUS server connection) must be configured in order for the RADIUS client to work with an IPv6 RADIUS server. This address is also used in the NAS-IPv6-Address attribute. | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
retry-count number
| Synopsis | Number of retries for contacting the RADIUS server | |
| Context | configure aaa radius server-policy named-item servers retry-count number | |
| Tree | retry-count | |
Description | This command configures the number of times the router attempts to contact the RADIUS server, if not successful the first time. | |
| Range | 1 to 256 | |
| Default | 3 | |
| Introduced | 16.0.R4 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
router-instance string
| Synopsis | RADIUS routing instance | |
| Context | configure aaa radius server-policy named-item servers router-instance string | |
| Tree | router-instance | |
Description | This command specifies the virtual router instance applicable for the set of configured RADIUS servers. This value cannot be changed once a RADIUS server is configured for this policy. | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
server [server-index] number
[server-index] number
server-name named-item
| Synopsis | RADIUS server name | |
| Context | configure aaa radius server-policy named-item servers server number server-name named-item | |
| Tree | server-name | |
| String length | 1 to 32 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
source-address ipv4-address
| Synopsis | Source address of RADIUS messages | |
| Context | configure aaa radius server-policy named-item servers source-address ipv4-address | |
| Tree | source-address | |
Description | This command configures the source address of the RADIUS packet. The system IP address must be configured in order for the RADIUS client to work. The system IP address must only be configured if the source-address is not specified. When the no source-address command is executed, the source address is determined at the moment the request is sent. This address is also used in the NAS-IP-Address attribute; over there it is set to the system IP address if no source-address was given. See "Configuring a System Interface" in the 7450 ESS, 7750 SR, 7950 XRS, and VSR Router Configuration Guide. | |
| Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
stickiness boolean
| Synopsis | Allow stickiness in a multi-server application | |
| Context | configure aaa radius server-policy named-item servers stickiness boolean | |
| Tree | stickiness | |
| Default | true | |
| Introduced | 16.0.R4 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
timeout number
wpp
portal-group [group-name] named-item
| Synopsis | Enter the portal-group list instance | |
| Context | configure aaa wpp portal-group named-item | |
| Tree | portal-group | |
Description | Commands in this context configure portal group command options for WPP. | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
[group-name] named-item
| Synopsis | Portal group name | |
| Context | configure aaa wpp portal-group named-item | |
| Tree | portal-group | |
| String length | 1 to 32 | |
Notes | This element is part of a list key. | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
admin-state keyword
| Synopsis | Administrative state of the portal group | |
| Context | configure aaa wpp portal-group named-item admin-state keyword | |
| Tree | admin-state | |
| Options | ||
| Default | disable | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
description description
| Synopsis | Text description | |
| Context | configure aaa wpp portal-group named-item description description | |
| Tree | description | |
| String length | 1 to 80 | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
portal [router-instance] string name named-item
[router-instance] string
name named-item
system-name string
| Synopsis | System name used in WPP protocol messages | |
| Context | configure aaa wpp system-name string | |
| Tree | system-name | |
| String length | 1 to 16 | |
| Introduced | 16.0.R6 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |