No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E-M2 V800R010C10SPC500 Feature Description - User Access 01

This is NE40E-M2 V800R010C10SPC500 Feature Description - User Access
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Description of RADIUS Attributes

Description of RADIUS Attributes

RADIUS Attributes Defined by RFC

User-Name (1)

No.

1

Attribute Name

User-Name

Attribute Value Type

String

Standard Defined

RFC 2865

Server Type

All

Value of Length field (in Bytes)

1~253

Description

Depending on the command line configuration, the user name can contain the domain name (such as user0001@isp) or does not contain the domain name (such as user0001).

The "radius-server domain-annex" command can be run in the domain view to add a prefix or annex to the domain name carried in the user name of RADIUS request packets.

The user name can be delivered through RADIUS Access-Accept packets for EAP users, IPoE users (excluding leased lines and leased line users), and users who use RADIUS proxy as the authentication mode. The other types of users will ignore the user name carried in the RADIUS Access-Accept packets. This function takes effect for IPoE users only when the "radius-attribute apply user-name match user-type ipoe" command is run in the RADIUS server group view. This function takes effect for PPPoE users only when the "radius-attribute apply user-name match user-type pppoe" command is run in the RADIUS server group view. RUI does not take effect for PPPoE users whose user names are delivered by the RADIUS server.

If the RADIUS server has delivered the user name through the RADIUS Access-Accept packets and the "radius-attribute apply user-name match user-type ipoe" command has been run in the RADIUS server group view, the user name delivered by the RADIUS server will be carried in the RADIUS Accounting-Request packets, irrespective of whether the "radius-server user-name" and "radius-server domain-annex" commands have been run.

Remark

The pure user name consists of 1 to 253 bytes; the domain name consists of 1 to 64 bytes. The total length of the user name, @, and the domain name ranges from 1 to 253 bytes. If the total length exceeds 253 bytes, the bytes following the 253rd byte are automatically deleted. For example, if the pure user name consists of 250 bytes and the domain name consists of 10 bytes, the length of the final user name is calculated as follows: 250 bytes (pure user name) + @ + 2 bytes (domain name) = 253 bytes.

User-Password (2)

No.

2

Attribute Name

User-Password

Attribute Value Type

String

Standard Defined

RFC 2865

Server Type

All

Value of Length field (in Bytes)

16*n (1<=n<=8)

Description

In Password Authentication Protocol (PAP) authentication, the user password is encrypted by the NAS and then sent to the RADIUS server.

Remark

The value is a multiple of 16 and contains a maximum of 128 characters.

The password used in PAP authentication must be a string of 16 to 128 characters. When the User-Password attribute is used to carry the service authentication password in the COA requests for activating EDSG services, the password must be a string of 1 to 128 characters in plaintext.

CHAP-Password (3)

No.

3

Attribute Name

CHAP-Password

Attribute Value Type

String

Standard Defined

RFC 2865

Server Type

All

Value of Length field (in Bytes)

17

Description

Only valid for the CHAP authentication.

Remark

The value contains 17 characters, that is, 1 character used for the CHAP ID and 16 characters used for the CHAP challenge.

NAS-IP-Address (4)

No.

4

Attribute Name

NAS-IP-Address

Attribute Value Type

Address

Standard Defined

RFC 2865

Server Type

All

Value of Length field (in Bytes)

4

Description

Device address, which can be either of the following:

IP address, not subordinate IP of an interface if the attribute is bound to the interface

IP address of the outbound interface for sending packets if the attribute is not bound to any interface

NAS-Port (5)

No.

5

Attribute Name

NAS-Port

Attribute Value Type

Integer

Standard Defined

RFC 2865

Server Type

All

Value of Length field (in Bytes)

4

Description

Physical port for user access.

Default formats are as follows: (0s are used for padding if the total length is less than 4 bytes)

ATM interface: slot number (4 bits)+sub-slot number (2 bits)+port number (2 bits)+PVC (8 bits + 16 bits)

Ethernet interface: slot number (8 bits)+sub-slot number (4 bits)+port number (8 bits)+VLAN ID (12 bits) (For QinQ VLAN tag termination, the inner VLAN ID is used)

The "radius-server format-attribute nas-port" command can be run to convert the NAS-Port attribute into one of the following attributes:

1. HW-Own-NAS-Port-New, the formats are as follows: (0s are used for padding if the total length is less than 4 bytes.)

ATM interface: slot number (4 bits)+sub-slot number (2 bits)+port number (2 bits)+PVC (8 bits + 16 bits)

Ethernet interface: slot number (12 bits)+port number (8 bits)+VLAN ID (12 bits) (For QinQ VLAN tag termination, the inner VLAN ID is used.)

2. HW-Own-NAS-Port-QinQ, the formats are as follows: (0s are used for padding if the total length is less than 4 bytes.)

ATM interface: slot number (4 bits)+sub-slot number (2 bits)+port number (2 bits)+PVC (8 bits + 16 bits)

Ethernet interface for X1/X2 models: sub-slot number (4 bits)+port number (4 bits)+QinQ VLAN ID (12 bits)+VLAN ID (12 bits)

Ethernet interface for other models: slot number (3 bits)+sub-slot number (1 bit)+port number (4 bits)+QinQ VLAN ID (12 bits)+VLAN ID (12 bits)

3. HW-Own-NAS-Port-CID, for LNS users, user CIDs are encapsulated; for other users, the default encapsulation format is used.

Service-Type (6)

No.

6

Attribute Name

Service-Type

Attribute Value Type

Integer

Standard Defined

RFC 2865

Server Type

All

Value of Length field (in Bytes)

4

Description

When a Web user is authenticated, the value is set to 1.

When a common user is authenticated, the value is set to 2, indicating the Framed type.

When an Outbound IPoE user is authenticated, the value is set to 5.

When an administration and maintenance user is authenticated, the value is set to 6, indicating the Administrator type.

When COA re-authenticating, the value is set to 17.

Framed-Protocol (7)

No.

7

Attribute Name

Framed-Protocol

Attribute Value Type

Integer

Standard Defined

RFC 2865

Server Type

All

Value of Length field (in Bytes)

4

Description

The value of Framed-Protocol is set to 1 for non-administrator users, indicating the PPP type. The value of Framed-Protocol is set to 6 for the administrator.

Framed-IP-Address (8)

No.

8

Attribute Name

Framed-IP-Address

Attribute Value Type

Address

Standard Defined

RFC 2865

Server Type

All

Value of Length field (in Bytes)

4

Description

IP address of the user. The RADIUS server assigns address to PPP users. For example, the server assigns 8.0.0.7 as the user's IP address which is notated 0x08000007 in hexadecimal. Therefore, the server sets the value of Framed-IP-Address to 0x08000007.

The following addresses are invalid:

0

0XFFFFFFFE or 0XFFFFFFFF

IP address in the 127.0.0.0/8 network segment

IP address in the 224-255/8 network segment

If the delivered IP address is invalid, the NAS assigns a valid IP address for the user.

Note:

Only the Framed-IP-Address attribute delivered by the RADIUS server is supported by DHCP users. The IP addresses delivered to Layer 2 DHCP users must belong to the address pool configured for the device. The IP addresses delivered to Layer 3 DHCP users does not need to belong to the address pool configured for the device.

If only the Framed-IP-Address attribute is delivered to PPPoE users, the subnet mask is fixed at 32 bits. The IP address delivered do not need to belong to the address pool configured for the device.

Framed-IP-Netmask (9)

No.

9

Attribute Name

Framed-IP-Netmask

Attribute Value Type

Address

Standard Defined

RFC 2865

Server Type

All

Value of Length field (in Bytes)

4

Description

Subnet mask delivered by the RADIUS server to PPP users. The Framed-IP-Netmask attribute be used together with the Framed-IP-Address attribute to generate a network segment with the next hop pointing to PPP users. If this attribute is delivered by the RADIUS server, it will be carried in IPCP negotiation packets used in PPP implementation. The value obtained during IPCP negotiation with the client will take effect.

This attribute delivered by the RADIUS server to DHCP users does not take effect.

Filter-Id (11)

No.

11

Attribute Name

Filter-Id

Attribute Value Type

Text

Standard Defined

RFC 2865

Server Type

All

Value of Length field (in Bytes)

1~253

Description

This attribute is used to carry a user group name. If a user group name contains @, only the character string before @ is carried in the attribute. If a packet carries multiple Filter-Id attributes, only the last Filter-Id attribute takes effect. It is recommended that a packet carries only one Filter-Id.

Remark

The valid length is 1 to 32 bytes.

Framed-MTU (12)

No.

12

Attribute Name

Framed-MTU

Attribute Value Type

Integer

Standard Defined

RFC 2865

Server Type

All

Value of Length field (in Bytes)

4

Description

It indicates the maximum transmission unit delivered by the RADIUS server.

Remark

The smallest value is 256, and the greatest value is 9600.

Login-IP-Host (14)

No.

14

Attribute Name

Login-IP-Host

Attribute Value Type

Address

Standard Defined

RFC 2865

Server Type

All

Value of Length field (in Bytes)

4

Description

It indicates the IP address of an administrator. If the value of this attribute is 0, 0xFFFFFFFF, or 0xFFFFFFFE in Access-Accept packets, the IP address is not checked. If the value of this attribute is any other value, the device checks whether the IP address of the attribute is consistent with the one delivered in this attribute.

Login-Service (15)

No.

15

Attribute Name

Login-Service

Attribute Value Type

Integer

Standard Defined

RFC 2865

Server Type

All

Value of Length field (in Bytes)

4

Description

The type of the service used by the login user. The service types matching with the value of the attributes are as follows:

0: telnet

5: X25-PAD

50: SSH

51: FTP

52: Terminal.

An attribute can deliver multiple service types.

Reply-Message (18)

No.

18

Attribute Name

Reply-Message

Attribute Value Type

Text

Standard Defined

RFC 2865

Server Type

All

Value of Length field (in Bytes)

1~253

Description

This attribute can be carried in RADIUS Access-Accept packets to indicate an authentication success or RADIUS Access-Reject packets to indicate an authentication failure.

The Reply-Message attribute is sent only to PPP and web authentication users. If web authentication is used, the web server must support this attribute.

The attribute in CoA NAK messages can be used to carry the CoA failure reason description.

Callback-Number (19)

No.

19

Attribute Name

Callback-Number

Attribute Value Type

String

Standard Defined

RFC 2865

Server Type

All

Value of Length field (in Bytes)

1~16

Description

The information delivered from the authentication server can be displayed to users, such as the mobile numbers.

Framed-route (22)

No.

22

Attribute Name

Framed-route

Attribute Value Type

Text

Standard Defined

RFC 2865

Server Type

All

Value of Length field (in Bytes)

1~253

Description

Routing information provided by the RADIUS server to users through the NAS. This attribute is in the following format of <IP address>[/<mask length>] [<next hop address> ] [<metric>], for example, 192.168.1.0/24 192.168.1.1 1. The mask is generated automatically based on the address type (Class A, Class B, or Class C).

In Authorization scenario, if the next hop address is not configured or not delivered, the user's IP address is used as the next hop address. If the next hop address is delivered, only the delivered value equal to the user's address is valid (AAA onload routes function). In AAA onload routes scenarios, the the next hop address should be delivered and only the "null0" is supported.

Only one metric is supported. If multiple metrics are delivered, the value of the first metric is used. The metric ranges from 0 to 255. If the value exceeds 255, users fail to go online. A maximum of 128 Framed-route attributes can be delivered to each user. If more than 128 Framed-Route attributes are delivered, users fail to go online.

Note: The attribute is only delivered to the PPPoE and IPoE. The attribute is discarded if the other access information receives it.

State (24)

No.

24

Attribute Name

State

Attribute Value Type

String

Standard Defined

RFC 2865

Server Type

All

Value of Length field (in Bytes)

1~253

Description

If the RADIUS Access-Challenge packet sent by the RADIUS server carries the State attribute, it must be carried in subsequent RADIUS Access-Request packets.

Class (25)

No.

25

Attribute Name

Class

Attribute Value Type

String

Standard Defined

RFC 2865

Server Type

All

Value of Length field (in Bytes)

1~253

Description

If the RADIUS Access-Accept packet sent by the RADIUS server to the NAS carries the Class attribute, the Class attribute must also be carried in the subsequent RADIUS Accounting-Request packets sent from the NAS to the RADIUS server. A RADIUS Access-Accept packet can carry zero to eight Class attributes.

Note:

The Class attribute is used in two application scenarios. In addition to the standard scenario described by RFC 2865, the Class attribute can be delivered with QoS parameters contained. The details are as follows:

1. If the "radius-server class-as-car" command is run in the RADIUS server group view, the Class attribute is parsed as CAR parameters:

For a standard RADIUS server, the Class attribute can carry CAR parameters after the radius-server class-as-car command is run. If the Class attribute carries CAR parameters, the total length of the CAR parameters is at least 32 bytes, and the CAR parameter string can consist of only digits ranging from 0 to 9. The first 32 bytes are divided into four 8-bytes (from left to right), which are used to indicate the upstream PIR, upstream CIR, downstream PIR, and downstream CIR, respectively, expressed in bit/s. For other types of RADIUS servers, the Class attribute cannot carry CAR parameters.

Irrespetive of whether the Class attribute is used to carry CAR parameters, the Class attribute is eventually transmitted back to the RADIUS server. When the Class attribute carries CAR parameters, a NAS detects whether the first 32 bytes are characters, and discards the subsequent bytes. Only one Class attribute takes effect. If multiple Class attributes are contained in a packet, the CAR parameters of the last valid Class attribute are used.

2. The Class attribute can also be used to send descriptions of user access VLANs or PVCs to a RADIUS server. If the "link-account resolve" command is run on a BAS interface, the command takes effect only for common Layer 2 users who are not authenticated but are charged by a RADIUS server.

The rules for delivering the Class attribute in a CoA message are as follows:

1. If the radius-server class-as-car [enable-pir] command is not run in the view of the RADIUS server group to which the authorization server belongs, the Class attribute can be modified using a CoA message. The Class attribute delivered in a CoA message replaces the existing Class attribute of a user.

2. If the radius-server class-as-car [enable-pir] command is run in the view of the RADIUS server group to which the authorization server belongs, the Class attribute delivered in a CoA message fails to take effect.

3. After the value-added-service edsg modify-synchronous class command is run, the Class attribute can be delivered together with EDSG service attributes in a CoA message. If this command is not run, the Class attribute is ignored if it is delivered in a CoA message used to activate or deactivate the EDSG service.

4. The Class attribute can be delivered in a CoA message used to deactivate the EDSG service. Accounting Stop packets of the deactivated service carry the old Class attribute.

5. The Class attribute can be delivered in a CoA message used to activate the EDSG service. Accounting Start packets of the activated service carry the new Class attribute.

6. The Class attribute can be delivered in a CoA message used to replace the EDSG service. Accounting Stop packets of the replaced service carry the old Class attribute. Accounting Start packets of the new service carry the new Class attribute.

7. If the radius-server coa-request hw-policy-name daa coexist-with-user command is configured, the Class attribute can be delivered in a CoA message used to activate the DAA service. If this command is not configured, the Class attribute delivered in a CoA message used to activate the DAA service is ignored.

8. The Class attribute cannot be delivered in a CoA message used to activate the BOD service. If the Class attribute is delivered in a CoA message used to activate the BOD service, the Class attribute is ignored.

9. After the Class attribute is changed using a CoA message, all accounting packets carry the newly delivered Class attribute, including accounting packets of the user, accounting packets of EDSG services, and accounting packets of DAA services.

Vendor-Specific (26)

No.

26

Attribute Name

Vendor-Specific

Attribute Value Type

String

Standard Defined

RFC 2865

Server Type

All

Value of Length field (in Bytes)

1~253

Description

The attribute specified by a vendor.

By default, multiple private attributes of the same vendor are consecutively encapsulated into one Vendor-Specific (26) attribute, and another Vendor-Specific attribute is used after the first Vendor-Specific attribute is full. To allow for flexible compatibility with different types of servers, the "undo radius-attribute vendor { HUAWEI | MICROSOFT | 3GPP2 | REDBACK | DSLFORUM | other }" continuous command can be run to allow one Vendor-Specific (26) attribute to be encapsulated with only one private attribute.

Session-Timeout (27)

No.

27

Attribute Name

Session-Timeout

Attribute Value Type

Integer

Standard Defined

RFC 2865

Server Type

All

Value of Length field (in Bytes)

4

Description

In Access-Accept packets, the attribute indicates the remaining online time of users, in seconds. If the value is 0, the device logs out the users by default.

In Challenge packets, the attribute indicates the re-authentication duration of EAP users.

In Accounting-Request packets, the attribute is the one carried in the Access-Reply packets delivered by the RADIUS server. This attribute is used by the accounting server to obtain the original remaining online time of users delivered by the authentication server.

The attribute carried in Access-Request packets used to apply for the EDSG service quota indicates the time quota that has been used.

In scenarios where the initial value of Session-Timeout is not 0 and the "quota-out { offline | online | redirect }" command has been run in the domain view, if the value of Session-Timeout decreases to 0, the device performs one of the following operations: (1) Log out the user; (2) Keep the user online; (3) Redirect the user to the portal server.

If the value of Session-Timeout in the Access-Accept packets is 0, run the authening quota-out-redirect-enable command in the authentication scheme view to redirect the user to a domain.

If the value of Session-Timeout in the Accounting-Response packets is 0, run the "quota-out redirect" command in the domain view to redirect the user to a domain.

Idle-Timeout (28)

No.

28

Attribute Name

Idle-Timeout

Attribute Value Type

Integer

Standard Defined

RFC 2865

Server Type

All

Value of Length field (in Bytes)

4

Description

Idle-cut time of a user, in seconds.

If the traffic rate of a user is less than a preset value during the Idle-Timeout period, the user is disconnected. For example, the idle-cut traffic rate is set to 1000 bytes per minute (60 KB per minute by default) by the "idle-cut rate" command in the AAA domain view and Idle-Timeout is set to 50 minutes. Once the traffic rate of a user is less than 1000 bytes per minute during the 50 minutes, the user is disconnected. If the traffic rate of the user is always lower than 1000 bytes per minute during the 50 minutes, the user is forcibly logged out. If the traffic rate of the user exceeds 1000 bytes per minute at any time during the 50 minutes, the Idle-Timeout starts over.

If Idle-Timeout is 0 or 0XFF, the user is not disconnected.

The RADIUS server delivers only the idle-cut time through the Idle-Timeout attribute. The idle-cut traffic rate is set using the "idle-cut time rate" command. By default, the idle-cut traffic rate is not configured.

In Accounting-Request packets, the attribute indicates the value carried in the Access-Reply packets sent from the RADIUS server.

Termination-Action (29)

No.

29

Attribute Name

Termination-Action

Attribute Value Type

Integer

Standard Defined

RFC 2865

Server Type

All

Value of Length field (in Bytes)

4

Description

The specified mode for terminating the NAS service, such as re-authentication or forcing a user to log out. The value 0 indicates to force the user to log out. The value 1 indicates to perform the re-authentication.

Note:

The attribute carried in an Access-Accept or Access-Challenge packet is valid only for 802.1X authentication users, not EAP termination users.

If the attribute carried in a CoA packet, the re-authentication function is valid only for IPoE, PPPoE and L2TP users (Leased Line users), and the forcing a user to log out function is valid for all kinds of users except administrators.

Called-Station-Id (30)

No.

30

Attribute Name

Called-Station-Id

Attribute Value Type

String

Standard Defined

RFC 2865

Server Type

All

Value of Length field (in Bytes)

1~64

Description

The attribute is valid only for LNS users. The value is a string carried by the L2TP AVP attribute dialed number (21). When the device is used as the LAC, AVP is empty.

For administrators, this attribute is invalid.

For other types of users:

1. If the "ssid" command is run on a BAS interface to configure a service set ID (SSID) for WLAN services, the format of this attribute is 00-00-00-00-00-00:SSID.

2. The "radius-server called-station-id include" command can be run in the RADIUS server group view to configure the content that is allowed to be carried in this attribute. ap-mac and ssid can be specified in the command. If the "ssid" command is not run on a BAS interface, the content specified by the "radius-server called-station-id include" command is carried. The "radius-server called-station-id include" command can take effect only after the "wlan option82 decode-mode" command is run on the BAS interface.

Calling-Station-Id (31)

No.

31

Attribute Name

Calling-Station-Id

Attribute Value Type

String

Standard Defined

RFC 2865

Server Type

All

Value of Length field (in Bytes)

1~253

Description

The attribute is used by the NAS to carry user information.

For management users, Layer 2 leased line users, Layer 3 leased line users, and network-side PPP users, the attribute is not encapsulated.

For an LAC, if the function to parse the logical line ID (LLID) information is enabled using the radius-server calling-station-id include llid user-type { ppp | lns }* command, the Calling-Station-Id attribute is obtained from the RADIUS server and encapsulated into the calling-number attribute to be sent to the LNS.

For L2TP LNS-side users, the value configured"calling-number-avp" command configured in the LAC-side L2TP group is used.

For non-L2TP LNS-side users, the attribute carries users' MAC addresses by default, in the format of 01:0A:0E:11:34:B5.

To configure the generation mode of Calling-Station-Id, run the "radius-server calling-station-id include [ delimiter delimiter ] { { option82 | access-line-id } [ delimiter delimiter ] | mac [ mac-format type1 ] [ delimiter delimiter ] | interface [ delimiter delimiter ] | domain [ delimiter delimiter ] | sysname [ delimiter delimiter ] } *" or "radius-server calling-station-id include refer-option61" command.

In the format of initial delimiter + configuration item + delimiter + configuration item + delimiter, the value of a delimiter can be any of the following characters: n, b, @, #, \, &, *, -, and $, where 'n' represents null and 'b' represents a blank space.

The sysname value is obtained in ascending order of the following priorities:

nas-name configured on the RBP

nas-name configured on the interface

sysname configured for the system

The format of the interface information can be any of the following:

Three-dimensional format:

eth slot/picnum/portnum:pevlan.cevlan

trunk slot/0/Trunkid:pevlan.cevlan

atm slot/picnum/portnum:pevlan.cevlan

Four-dimensional format (configured using the "access four-dimensional mode enable" command), with ap-id being added for Ethernet and trunk interfaces:

eth ap-id (5 bits)/slot/picnum/portnum:pevlan.cevlan

trunk ap-id (5 bits)/slot/0/Trunkid:pevlan.cevlan

The MAC address format is xx:xx:xx:xx:xx:xx and can be changed to xx-xx-xx-xx-xx-xx by setting type1 in the preceding command.

When Calling-Station-Id is converted to HW-Own-Calling-Station-Id-Old using the attribute conversion command, the format is as follows:

The format of the attribute encapsulated in RADIUS packets is 010A0E1134B5.

For 802.1X relay users, the attribute format is 00-25-56-32-1e-b6.

If the "radius-server calling-station-id include option82" command has been run, the Calling-Station-Id field value varies with the "option82-relay-mode" command configuration in the BAS interface view. Specifically, the Calling-Station-Id field will contain:

All Option 82 information if the "option82-relay-mode include allvalue" command is configured.

Only the circuit ID if the "option82-relay-mode include agent-circuit-id" command is configured.

Only the remote ID if the "option82-relay-mode include agent-remote-id" command is configured.

Both the circuit ID and remote ID if the "option82-relay-mode include agent-circuit-id agent-remote-id" command is configured.

After the "option82-relay-mode" command is run with any of the preceding four parameters configured, the "option82-relay-mode subopt" command can be run to configure a format (either a character string or hexadecimal notation) for the circuit ID or remote ID to be transmitted.

The value of the Calling-Station-Id attribute to be sent to the RADIUS server depends on whether the Option 61 field is carried in packets sent by access users. The "radius-server calling-station-id include refer-option61" command can be run in the RADIUS server group view to configure a device to encapsulate the user MAC address in the Calling-Station-Id attribute to be sent to the RADIUS server if user packets carry the Option 61 field. If this command is not run, the device encapsulates the user name without a domain name in the Calling-Station-Id attribute to be sent to the RADIUS server.

You can also configure a RedBack-compatible format for the Calling-Station-Id attribute.

To do so, run the "radius-server format-attribute calling-station-id vendor 2352" command in the RADIUS server group view.

Three-dimensional format:

For PPPoE and IPoE users: systemname#slot/port#PVlan:CVlan

When the virtual access four-dimensional interface format is configured using the "access four-dimensional mode enable" command, the Ethernet interface format has an additional ap-id.

For PPPoE and IPoE users: systemname#ap-id(5 bits)/slot/port#PVlan:CVlan

NOTE:

The "radius-server format-attribute include sub-slot" command can be run to convert Slot/Port to Slot/Sub-Slot/Port.

If the "radius-server calling-station-id include vlan-description" command has been run, the format of the Calling-Station-Id attribute to be sent to the RADIUS server varies as follows:

When the three-dimensional interface format is used, the Calling-Station-Id attribute format is sysname#slot/subslot/port#Pevlan.CeVlan#vlan-description.

When the virtual access four-dimensional interface format is configured using the "access four-dimensional mode enable" command, the Ethernet interface format has an additional ap-id.

sysname# ap-id(5 bits)/slot/subslot/port#Pevlan.CeVlan#vlan-description

In this format:

The sysname has a maximum of 30 characters allowed. If the sysname is longer than 30 characters, only the first 30 characters are used.

Using the logical device name and logical interface name configured on the BAS interface as the sysname and slot/subslot/port is recommended.

If packets carry only one VLAN tag, the PeVlan, instead of the CeVlan, is displayed in the format.

The vlan-description is the description of the VLAN configured for the access interface. It has a maximum of 128 characters allowed.

NOTE:

For the device name and port and IP information, use their logical values configured on the BAS interfaces if they are present. If their logical values are not configured, use their actual values.

If encapsulation using the specified format fails, the device encapsulates only the user MAC address to the Calling-Station-Id attribute.

For LNS users, the calling-number attribute carried in L2TP packets sent from the LAC is preferentially encapsulated into the Calling-Station-Id attribute. If no calling-number attribute is carried in L2TP packets sent from the LAC, the LNS does not carry the Calling-Station-Id attribute in packets to be sent to the RADIUS server by default. If the radius-server calling-station-id lns-default version1 command is run in the RADIUS server group view, the Calling-Station-Id attribute carried in packets sent by the LNS is in the following format: sysname#slot/subslot/port#0#0.

NAS-Identifier (32)

No.

32

Attribute Name

NAS-Identifier

Attribute Value Type

String

Standard Defined

RFC 2865

Server Type

All

Value of Length field (in Bytes)

1~30

Description

Name of the NAS or the sysname (host name).

When NAS-Identifier is converted to HW-Own-NAS-Identify-SIM using the attribute conversion command, the value of HW-Own-NAS-Identify-SIM is the BAS interface name if a BAS interface is configured. If a BAS interface is not configured, the value of HW-Own-NAS-Identify-SIM is the device name.

Proxy-State (33)

No.

33

Attribute Name

Proxy-State

Attribute Value Type

String

Standard Defined

RFC 2865

Server Type

All

Value of Length field (in Bytes)

1~253

Description

The attribute is carried in CoA and DM Request and Response packets. The Proxy-State attribute in Response and Request packets must be the same.

Acct-Status-Type (40)

No.

40

Attribute Name

Acct-Status-Type

Attribute Value Type

Integer

Standard Defined

RFC 2866

Server Type

All

Value of Length field (in Bytes)

4

Description

Type of the Accounting-Request packet, which can be any of the following:

Start (Value=1)

Stop (Value=2)

Interim-Update (Value=3)

Accounting-On(Value=7)

Accounting-Off(Value=8)

Tunnel-Start (Value=9)

Tunnel-Stop (Value=10)

Tunnel-Link-Start (Value=12)

Tunnel-Link-Stop (Value=13)

Acct-Delay-Time (41)

No.

41

Attribute Name

Acct-Delay-Time

Attribute Value Type

Integer

Standard Defined

RFC 2866

Server Type

All

Value of Length field (in Bytes)

4

Description

Time spent to send an Accounting Request packet, excluding the network transmission duration, in seconds.

Time when an Accounting Request packet arrives at the RADIUS server – Acct-Delay-Time = Time when the NAS created the packet.

Acct-Delay-Time is composed of two periods of time: the difference between the time spent by the RADIUS module to retrieve data from AAA and the latest data refresh time, and the delayed time spent by the RADIUS module to deliver the accounting request packet, for example, the time spent on re-transmission.

Acct-Input-Octets (42)

No.

42

Attribute Name

Acct-Input-Octets

Attribute Value Type

Integer

Standard Defined

RFC 2866

Server Type

All

Value of Length field (in Bytes)

4

Description

Number of upstream bytes. The unit can be byte, KB, MB, or GB. By default, the unit for the standard RADIUS server is byte and the unit for the RADIUS+ server is KB.

The "radius-server traffic-unit" command can be run in the RADIUS server group view to specify the unit of the attribute.

Acct-Output-Octets (43)

No.

43

Attribute Name

Acct-Output-Octets

Attribute Value Type

Integer

Standard Defined

RFC 2866

Server Type

All

Value of Length field (in Bytes)

4

Description

Number of downstream bytes. The unit can be byte, KB, MB, or GB. By default, the unit for the standard RADIUS server is byte and the unit for the RADIUS+ server is KB.

The "radius-server traffic-unit" command can be run in the RADIUS server group view to specify the unit of the attribute.

Acct-Session-Id (44)

No.

44

Attribute Name

Acct-Session-Id

Attribute Value Type

Text

Standard Defined

RFC 2866

Server Type

All

Value of Length field (in Bytes)

1~44

Description

The formats of Acct-Session-Id are as follows:

version 1:

On an X1/X2 model: host name(7 bytes)+slot ID(1 byte)+card ID(2 bytes)+port number(2 bytes)+ {VPI(4 bytes)+VCI(5 bytes, outer-VLAN(4 bytes)+inner-VLAN(5 bytes)}+CPUTICK(6 bytes in hexadecimal notation)+user connection index (6 bits in hexadecimal notation).

If the three-dimensional interface format is used on an X3/X8/X16 model: host name (7 bits)+slot ID (2 bits)+card ID (1 bit)+port number (2 bits)+{VPI (4 bits)+VCI (5 bits), outer VLAN ID (4 bits)+inner VLAN ID (5 bits)}+CPU tick (6 bits in hexadecimal notation)+user connection index (6 bits in hexadecimal notation).

If the four-dimensional format of virtual access interfaces is used (the "access four-dimensional mode enable" command needs to be run): host name (7 bits)+ap-id (5 bits)+slot ID (2 bits)+card ID (1 bit)+port number (2 bits)+{VPI (4 bits)+VCI (5 bits), outer VLAN ID (4 bits)+inner VLAN ID (5 bits)}+CPU tick (6 bits in hexadecimal notation)+user connection index (6 bits in hexadecimal notation).

Version 2:

{VPI (4 bits), outer VLAN ID (4 bits)}+CPU tick (6 bits in hexadecimal notation)+user connection index (6 bits in hexadecimal notation)

Version 3:

CPU tick (in hexadecimal notation, least significant 2 bits)+user connection index (6 bits in hexadecimal notation)

Version 4:

Host name (7 bits)+serial number (2 bits)+user connection index (6 bits in hexadecimal notation). 15 bytes in total

version 5:

If the three-dimensional interface format is used: host name (7 bits)+space (1 bit)+interface name abbreviation (3 bits to 5 bits)+slot ID+/ (1 bit)+card ID+/ (1 bit)+port number+. (1 bit)+CPU tick (4 least significant bits in hexadecimal notation)+: (1 bit)+outer VLAN ID+. (1 bit)+inner VLAN ID+: (1 bit)+user connection index (6 bits in hexadecimal notation)

If the four-dimensional format of virtual access interfaces is used: host name (7 bits)+space (1 bit)+interface name abbreviation (3 bits to 5 bits)+ap-id (5 bits)+slot ID+/ (1 bit)+card ID+/ (1 bit)+port number+. (1 bit)+CPU tick (4 least significant bits in hexadecimal notation)+: (1 bit)+outer VLAN ID+. (1 bit)+inner VLAN ID+: (1 bit)+user connection index (6 bits in hexadecimal notation)

NOTE:

The interface name can be eth, atm, or ethtr.

The slot ID, card ID, port number, outer VLAN ID, and inner VLAN ID do not have length limitation.

Format in the EDSG service:

If the three-dimensional interface format is used: host name (1 bit to 7 bits)+slot ID (2 bits)+card ID (1 bit)+port number (2 bits)+SSG+service ID (6 bits)+CPU tick (6 bits in hexadecimal notation)+user connection index (6 bits in hexadecimal notation)

If the four-dimensional format of virtual access interfaces is used: host name (1 bit to 7 bits)+ap-id (5 bits)+slot ID (2 bits)+card ID (1 bit)+port number (2 bits)+SSG+service ID (6 bits)+CPU tick (6 bits in hexadecimal notation)+user connection index (6 bits in hexadecimal notation)

Remark

When Acct-Session-Id is in version 1 format, the value contains 27 to 33 bytes with variable-length host name. When Acct-Session-Id is in version 2 format, the value contains 16 bytes. When Acct-Session-Id is in version 3 format, the value contains 8 bytes.

When Acct-Session-Id is used in the EDSG service, the value contains 26 to 32 bytes.

Acct-Authentic (45)

No.

45

Attribute Name

Acct-Authentic

Attribute Value Type

Integer

Standard Defined

RFC 2866

Server Type

All

Value of Length field (in Bytes)

4

Description

The attribute indicates the authentication type:

1: RADIUS authentication

2: local authentication

3: remote authentication

Acct-Session-Time (46)

No.

46

Attribute Name

Acct-Session-Time

Attribute Value Type

Integer

Standard Defined

RFC 2866

Server Type

All

Value of Length field (in Bytes)

4

Description

Online time of a user, in seconds.

Acct-Input-Packets (47)

No.

47

Attribute Name

Acct-Input-Packets

Attribute Value Type

Integer

Standard Defined

RFC 2866

Server Type

All

Value of Length field (in Bytes)

4

Description

Number of upstream packets.

Acct-Output-Packets (48)

No.

48

Attribute Name

Acct-Output-Packets

Attribute Value Type

Integer

Standard Defined

RFC 2866

Server Type

All

Value of Length field (in Bytes)

4

Description

Number of downstream packets.

Acct-Terminate-Cause (49)

No.

49

Attribute Name

Acct-Terminate-Cause

Attribute Value Type

Integer

Standard Defined

RFC 2866

Server Type

All

Value of Length field (in Bytes)

4

Description

Reason for session interruption, which can be any of the following:

1: User Request. The user goes offline intentionally.

2: Lost Carrier. For example, the ARP handshake fails, the echo handshake fails, the internal heartbeat times out, or the EAP handshake fails.

3: Lost Service. The session that the LNS initiates is torn down.

4: Idle Timeout.

5: Session Timeout. The user is disconnected due to a time or traffic quota.

6: Admin Reset. The administrator instructs to log a user out, and the RADIUS server delivers the logout instruction. (For example, the administrator runs a command to delete a static VLAN.)

7: Admin Reboot. The administrator requires the user to go offline.

8: Port Error. The port fails.

9: NAS Error. For example, an internal error occurs, memory allocation fails, messages fail to be sent, or the timer fails to be started.

10: NAS Request. The NAS requires the user to go offline.

11: NAS Reboot. The value is not supported currently.

12: Port Unneeded. For example, the port is Down.

13: Port Preempted. The value is not supported currently.

14: Port Suspended. The port is suspended.

15: Service Unavailable. For example, a session is torn down because VPN services are deployed for PPP leased lines.

16: Callback. The value is not supported currently.

17: User Error. Authentication fails or times out.

18: Host Request. The client receives a Decline packet from the server.

Remark

See the chapter "Reasons for User Offline".

Acct-Multi-Session-Id (50)

No.

50

Attribute Name

Acct-Multi-Session-Id

Attribute Value Type

String

Standard Defined

RFC 2866

Server Type

All

Value of Length field (in Bytes)

1~44

Description

If tunnel users are configured in the system, the attribute indicates the accounting ID of an L2TP tunnel user. The format of Acct-Multi-Session-Id is the same as that of Acct-Session-Id. For other scenarios, this attribute is not used.

If RADIUS accounting is applied to a user's value-added services, accounting packets carry the user's Acct-Session-Id as Multi-Session-Id.

Remark

For detailed formats, see the chapter "Acct-Session-Id (44)"

Acct-Input-Gigawords (52)

No.

52

Attribute Name

Acct-Input-Gigawords

Attribute Value Type

Integer

Standard Defined

RFC 2869

Server Type

All

Value of Length field (in Bytes)

4

Description

Number of upstream bytes. The value is a multiple of 4 GB, KB, MB, or bytes (2^32), which can be configured using the "radius-server traffic-unit" command. The value is the most significant 32 bits of Acct-Input-Octets.

Acct-Output-Gigawords (53)

No.

53

Attribute Name

Acct-Output-Gigawords

Attribute Value Type

Integer

Standard Defined

RFC 2869

Server Type

All

Value of Length field (in Bytes)

4

Description

Number of downstream bytes. The value is a multiple of 4 GB, KB, MB, or bytes (2^32), which can be configured using the "radius-server traffic-unit" command. The value is the most significant 32 bits of Acct-Output-Octets.

Event-Timestamp (55)

No.

55

Attribute Name

Event-Timestamp

Attribute Value Type

Integer

Standard Defined

RFC 2869

Server Type

All

Value of Length field (in Bytes)

4

Description

Time when an Accounting-Request packet was generated. The timestamp sent in the attribute is in the absolute time format (number of seconds since January 1, 1970 00:00:00 UTC)

CHAP-Challenge (60)

No.

60

Attribute Name

CHAP-Challenge

Attribute Value Type

String

Standard Defined

RFC 2865

Server Type

All

Value of Length field (in Bytes)

16

Description

Indicates the value of Challenge. Only valid for the CHAP authentication.

NAS-Port-Type (61)

No.

61

Attribute Name

NAS-Port-Type

Attribute Value Type

Integer

Standard Defined

RFC 2865

Server Type

All

Value of Length field (in Bytes)

4

Description

NAS port type, which can be set by the "nas-port-type" command in the BAS interface view. By default, the value is Ethernet (15). For LNS users, the value is Virtual (5).

Port-Limit (62)

No.

62

Attribute Name

Port-Limit

Attribute Value Type

Integer

Standard Defined

RFC 2865

Server Type

All

Value of Length field (in Bytes)

4

Description

Number of port users. This attribute is used to limit the number of users who share the same account.

Tunnel-Type (64)

No.

64

Attribute Name

Tunnel-Type

Attribute Value Type

Integer

Standard Defined

RFC 2868

Server Type

All

Value of Length field (in Bytes)

4

Description

Tunnel protocol type, only the following values are supported:

3: L2TP

10: GRE

If other values than the preceding ones are delivered by the RADIUS server, user login fails.

Tunnel-Medium-Type (65)

No.

65

Attribute Name

Tunnel-Medium-Type

Attribute Value Type

Integer

Standard Defined

RFC 2868

Server Type

All

Value of Length field (in Bytes)

4

Description

Type of the tunnel bearer medium. Currently, the value can only be 1, indicating that the type of the tunnel bearer medium is IPv4.

If the RADIUS server delivers other values, users fail to go online.

If the tag value is 0, all tag values can be matched.

Tunnel-Client-Endpoint (66)

No.

66

Attribute Name

Tunnel-Client-Endpoint

Attribute Value Type

string

Standard Defined

RFC 2868

Server Type

All

Value of Length field (in Bytes)

1~253

Description

IP address of the local end of the tunnel. The IP address is in the dotted decimal notation. Currently, one tag can deliver only one IP address.

When the device functions as the LNS in L2TP user authentication, the RADIUS server applies different policies to the Access-Request packets sent from different LACs. Therefore, this attribute must be carried in the user authentication requests sent over the tunnel from the LNS.

Tags are supported.

Tunnel-Server-Endpoint (67)

No.

67

Attribute Name

Tunnel-Server-Endpoint

Attribute Value Type

string

Standard Defined

RFC 2868

Server Type

All

Value of Length field (in Bytes)

1~129

Description

IP address of the tunnel server. The IP address is in the dotted decimal notation. A tag can deliver a maximum of eight IP addresses, with the IP addresses separated by spaces. The multiple IP addresses work in primary/secondary mode.

When the device functions as the LNS in L2TP user authentication, the RADIUS server applies different policies to the Access-Request packets sent from different LACs. Therefore, this attribute must be carried in the user authentication requests sent over the tunnel from the LNS.

Tags are supported.

Acct-Tunnel-Connection (68)

No.

68

Attribute Name

Acct-Tunnel-Connection

Attribute Value Type

string

Standard Defined

RFC 2867

Server Type

All

Value of Length field (in Bytes)

1~19

Description

Accounting ID of the tunnel server. The format is <TunnelID>-<SessionID>, for example, 12-1245.

The attribute takes effect only after "tunnel-acct-2867" command is configured in the domain view.

Tunnel-Password (69)

No.

69

Attribute Name

Tunnel-Password

Attribute Value Type

string

Standard Defined

RFC 2868

Server Type

All

Value of Length field (in Bytes)

1~253

Description

Authentication password of the tunnel.

In the RADIUS server group view, you can set the password to the plaintext or ciphertext mode using the "radius-attribute tunnel-password { cipher | simple }" command.By default, ciphertext mode is used.

Tags are supported.

Remark

If the RADIUS server delivers the attribute in ciphertext, the first two bits are SALT, and the remaining bits construct the encrypted password. The password contains a maximum of 250 characters if a tag is carried or 251 characters if no tag is carried.

If the RADIUS server delivers the attribute in plaintext, all characters excluding the tags construct the password. The password contains a maximum of 252 characters if a tag is carried or 253 characters if no tag is carried.

The plaintext password configured in the L2TP group view can contain 255 bytes and the ciphertext password configured can contain 392 characters.

Connect-Info (77)

No.

77

Attribute Name

Connect-Info

Attribute Value Type

String

Standard Defined

RFC 2869

Server Type

All

Value of Length field (in Bytes)

1~253

Description

When the device functions as the LNS, the RADIUS Connect-Info attribute is used to report the L2TP Tx Connect Speed (avp24) and Rx Connect Speed (avp38). The attribute is in the format of Tx/Rx. If Rx=Tx, the attribute carries only one value. For example, if tx=3000 and rx=5000, the attribute carries 3000/5000; if tx=3000 and rx=3000, the attribute carries 3000. The rate is expressed in bps.

Message-Authenticator (80)

No.

80

Attribute Name

Message-Authenticator

Attribute Value Type

String

Standard Defined

RFC 3579

Server Type

Standard, Plus11

Value of Length field (in Bytes)

16

Description

Encryption information about EAP packets in EAPoR authentication.

Huawei RADIUS+10 protocol conflicts with this attribute. When the server type is RADIUS+10, the Huawei-specific attribute is used.

Tunnel-Assignment-ID (82)

No.

82

Attribute Name

Tunnel-Assignment-ID

Attribute Value Type

String

Standard Defined

RFC 2868

Server Type

All

Value of Length field (in Bytes)

1~253

Description

Tunnel ID.

If a tunnel with this ID already exists, this tunnel is used.

If no tunnel has this ID, a new tunnel is created using this ID.

For the tunnel selection algorithm, refer to RFC 2868.

Remark

The password contains a maximum of 252 characters if a tag is carried or 253 characters if no tag is carried.

Tunnel-Preference (83)

No.

83

Attribute Name

Tunnel-Preference

Attribute Value Type

Integer

Standard Defined

RFC 2868

Server Type

All

Value of Length field (in Bytes)

4

Description

Tunnel preference. The smaller the value, the higher the priority. The tunnel with the preference of 0 has the highest priority. If no Tunnel-Preference is delivered, the tunnel has the lowest priority. Load balancing is performed between tunnels with the same preference. If the preferences of all the tunnels are different, the tunnels work in master/backup mode. If the preferences of some tunnels are the same while the preferences of others are different, the tunnels with the same preference work in load balancing mode while the tunnels with different preferences work in master/backup mode.

Note:

If the RADIUS server delivers multiple tag groups, each group must contain the Tunnel-Preference attribute.

Acct-Interim-Interval (85)

No.

85

Attribute Name

Acct-Interim-Interval

Attribute Value Type

Integer

Standard Defined

RFC 2869

Server Type

All

Value of Length field (in Bytes)

4

Description

Real-time accounting interval, in seconds. Setting the Acct-Interim-Interval attribute to a value greater than or equal to 60s is recommended. The value ranges from 0 to 3932100. The value 0 indicates that real-time accounting is not required. When the value is greater than 3932100, user login fails.

Acct-Tunnel-Packets-Lost (86)

No.

86

Attribute Name

Acct-Tunnel-Packets-Lost

Attribute Value Type

Integer

Standard Defined

RFC 2867

Server Type

All

Value of Length field (in Bytes)

4

Description

Number of packets lost on a given link. This attribute must be contained in an accounting packet that carries the Acct-Status-Type attribute whose value is set to Tunnel-Link-Stop.

Remark

Set to 0 in the current version.

NAS-Port-Id (87)

No.

87

Attribute Name

NAS-Port-Id

Attribute Value Type

String

Standard Defined

RFC 2869

Server Type

All

Value of Length field (in Bytes)

1~253

Description

Slot ID, subslot ID, port number, and VLAN ID of the user access interface. For trunk interfaces, the subslot ID is 2, and the port number is the trunk ID.

The NAS-Port-Id attribute can also carry the DHCPv6 Option 18 field, in the same format of DHCPv4 Option 82.

Remark

For detailed formats, see the chapter "NAS-Port-Id (87)"

Framed-Pool (88)

No.

88

Attribute Name

Framed-Pool

Attribute Value Type

String

Standard Defined

RFC 2869

Server Type

All

Value of Length field (in Bytes)

1~253

Description

Address pool delivered to PPP and DHCP users. The attribute is valid only when the server allocates IP addresses to PPP or DHCP users from the local address pool. Therefore, the designated address pool must be contained in the local address pools configured. The address pool name can contain a maximum of 32 characters.

If the delivered attribute contains @ or #, the characters before @ or # are used as the name of the address pool.

Chargeable-User-Identity (89)

No.

89

Attribute Name

Chargeable-User-Identity

Attribute Value Type

String

Standard Defined

RFC 4372

Server Type

All

Value of Length field (in Bytes)

1~127

Description

The attribute is used to identify a user.

Tunnel-Client-Auth-ID (90)

No.

90

Attribute Name

Tunnel-Client-Auth-ID

Attribute Value Type

String

Standard Defined

RFC 2868

Server Type

All

Value of Length field (in Bytes)

1~253

Description

Name of the local end of a tunnel delivered in tunnel authentication.

For L2TP users, the Tunnel-Client-Auth-ID(90) and Tunnel-Server-Auth-ID(91) attributes are carried in RADIUS accounting packets.

Remark

The value contains a maximum of 252 characters if a tag is carried or 253 characters if no tag is carried.

Tunnel-Server-Auth-ID (91)

No.

91

Attribute Name

Tunnel-Server-Auth-ID

Attribute Value Type

String

Standard Defined

RFC 2868

Server Type

All

Value of Length field (in Bytes)

1~253

Description

Name of the remote end of a tunnel delivered in tunnel authentication.

Remark

The value contains a maximum of 252 characters if a tag is carried or 253 characters if no tag is carried.

NAS-IPv6-Address (95)

No.

95

Attribute Name

NAS-IPv6-Address

Attribute Value Type

String

Standard Defined

RFC 3162

Server Type

All

Value of Length field (in Bytes)

16

Description

IPv6 address of the NAS.

If the RADIUS server group is bound to an interface, the IPv6 address of the interface is used. If the RADIUS server group is not bound to any interface, the IPv6 address of the interface that sends packets is used.

Note:

If the address of the RADIUS server is an IPv6 address, NAS-Ipv6-Address is encapsulated. If the address of the RADIUS server is an IPv4 address, NAS-IP-Address is encapsulated.

Framed-Interface-Id (96)

No.

96

Attribute Name

Framed-Interface-Id

Attribute Value Type

String

Standard Defined

RFC 3162

Server Type

All

Value of Length field (in Bytes)

8

Description

Interface ID assigned to a user. Currently, this attribute is valid only for PPPv6 users.

Framed-Ipv6-Prefix (97)

No.

97

Attribute Name

Framed-Ipv6-Prefix

Attribute Value Type

String

Standard Defined

RFC 3162

Server Type

All

Value of Length field (in Bytes)

2~18

Description

IPv6 prefix assigned to a user in NDRA mode. Currently, the attribute is valid only for ND users, and PPPv6 users whose addresses are allocated in stateless mode.

Framed-Ipv6-Route (99)

No.

99

Attribute Name

Framed-Ipv6-Route

Attribute Value Type

String

Standard Defined

RFC 3162

Server Type

All

Value of Length field (in Bytes)

1~200

Description

IPv6 routing information provided by the RADIUS server to users through the NAS. This attribute is in the following format of <IP address>[/<mask length>] [<next hop address> ] [<metric>], for example, 2000:0:0:106::/64 2000::106:a00:20ff:fe99:a998 1.

The mask is generated automatically based on the address type (Class A, Class B, or Class C).

In Authorization scenario, if the next hop address is not configured or not delivered, the user's IP address is used as the next hop address. If the next hop address is delivered, only the delivered value equal to the user's address is valid (AAA onload routes function). In AAA onload routes scenarios, the next hop address should be delivered and only the "null0" is supported.

Only one metric is supported. If multiple metrics are delivered, the value of the first metric is used. The metric ranges from 0 to 255. If the value exceeds 255, users fail to go online. A maximum of 128 Framed-route attributes can be delivered to each user. If more than 128 Framed-Route attributes are delivered, the device parses only the first 128 Framed-Route attributes delivered and user access is not affected.

The attribute can be carried only in accounting request packets for common users, and not carried in service accounting packets.

Accounting request packets can carry multiple framed routes. Considering RADIUS packet limit, a maximum of 128 framed routes can be carried. The attribute is encapsulated at the end of a packet to prevent impact on other attributes. If the maximum length is reached, excess characters are discarded.

Note: The attribute is only delivered to the PPPoE and IPoE. The attribute is discarded if the other access information receives it.

Framed-Ipv6-Pool (100)

No.

100

Attribute Name

Framed-Ipv6-Pool

Attribute Value Type

String

Standard Defined

RFC 3162

Server Type

All

Value of Length field (in Bytes)

1~253

Description

Pool name of an IPv6 user. RFC3162 supports the delivery of one pool. The router supports the delivery of 16 pools, including different types of IPv6 pools.

After the "radius-attribute apply framed-ipv6-pool match pool-type" command is run in the RADIUS server group view, the IPv6 address pool delivered by the Framed-Ipv6-Pool attribute matches address pool types and replaces only the IPv6 address pools of the same type configured in the AAA domain.

Error-Cause (101)

No.

101

Attribute Name

Error-Cause

Attribute Value Type

Integer

Standard Defined

RFC 3576

Server Type

All

Value of Length field (in Bytes)

4

Description

Logout cause as defined in RFC3576.

201 Residual Session Context Removed

In the Disconnect-Request packet, this error code is returned if obtaining basic user information based on the user CID fails.

202 Invalid EAP Packet (Ignored)

Not supported.

401 Unsupported Attribute

This error code is returned if the attribute parsed by the RADIUS server is not supported.

402 Missing Attribute

This error code is returned if the accounting ID does not exist.

403 NAS Identification Mismatch

This error code is returned if the host name in a DM or COA request message does not exist or does not match.

404 Invalid Request

This error code is returned if the RADIUS module fails to decapsulate or match user attributes when parsing a DM and COA message.

405 Unsupported Service

This error code is returned if COA responding fails.

406 Unsupported Extension

Not supported.

501 Administratively Prohibited

Not supported.

502 Request not Routable (Proxy)

Not supported.

503 Session Context not Found

This error code is returned if the user that is searched for according to a session ID does not exist.

504 Session Context not Removable

This error code is returned if DM responding fails.

505 Other Proxy Processing Error

Not supported.

506 Resources Unavailable

Not supported.

507 Request Initiated

Not supported.

Delegated-Ipv6-Prefix (123)

No.

123

Attribute Name

Delegated-Ipv6-Prefix

Attribute Value Type

String

Standard Defined

RFC 4818

Server Type

All

Value of Length field (in Bytes)

2~18

Description

IPv6 PD prefixes assigned to routed CPEs.

 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|     Type      |    Length     |  Reserved     | Prefix-Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                             Prefix
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                             Prefix
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                             Prefix
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                             Prefix                             |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Private RADIUS attribute defined by the Huawei RADIUS 1.1 protocol. The attribute number is 26, vendor ID is 2011, and sub-attribute ranges from 1 to 255. For details, see the following:

HW-Input-Committed-Burst-Size (1)

No.

1

Attribute Name

HW-Input-Committed-Burst-Size

Attribute Value Type

Integer

Standard Defined

Huawei RADIUS+1.1

Server Type

Standard, Plus11

Value of Length field (in Bytes)

4

Description

Upstream CBS, in bits.

HW-Input-Committed-Information-Rate (2)

No.

2

Attribute Name

HW-Input-Committed-Information-Rate

Attribute Value Type

Integer

Standard Defined

Huawei RADIUS+1.1

Server Type

Standard, Plus11

Value of Length field (in Bytes)

4

Description

Upstream CIR, in bit/s.

If the "user-qos cir-zero { unlimited | cir-value }" command is run and the CIR and PIR delivered by a RADIUS server are both 0s, user traffic is processed based on the QoS parameter configured in this command. By default, unlimited is used.

HW-Input-Peak-Information-Rate (3)

No.

3

Attribute Name

HW-Input-Peak-Information-Rate

Attribute Value Type

Integer

Standard Defined

Huawei RADIUS+1.1

Server Type

Standard, Plus11

Value of Length field (in Bytes)

4

Description

Upstream PIR, in bit/s.

When a dual-rate token bucket is used, delivery of this attribute requires the delivery of the HW-Input-Committed-Information-Rate(2) attribute.

If the "user-qos cir-zero { unlimited | cir-value }" command is run and the CIR and PIR delivered by a RADIUS server are both 0s, user traffic is processed based on the QoS parameter configured in this command. By default, unlimited is used.

HW-Output-Committed-Burst-Size (4)

No.

4

Attribute Name

HW-Output-Committed-Burst-Size

Attribute Value Type

Integer

Standard Defined

Huawei RADIUS+1.1

Server Type

Standard, Plus11

Value of Length field (in Bytes)

4

Description

Downstream CBS, in bits.

Delivery of this attribute requires the delivery of the HW-Output-Committed-Information-Rate (5) attribute.

HW-Output-Committed-Information-Rate (5)

No.

5

Attribute Name

HW-Output-Committed-Information-Rate

Attribute Value Type

Integer

Standard Defined

Huawei RADIUS+1.1

Server Type

Standard, Plus11

Value of Length field (in Bytes)

4

Description

Downstream CIR, in bit/s.

If the "user-qos cir-zero { unlimited | cir-value }" command is run and the CIR and PIR delivered by a RADIUS server are both 0s, user traffic is processed based on the QoS parameter configured in this command. By default, unlimited is used.

HW-Output-Peak-Information-Rate (6)

No.

6

Attribute Name

HW-Output-Peak-Information-Rate

Attribute Value Type

Integer

Standard Defined

Huawei RADIUS+1.1

Server Type

Standard, Plus11

Value of Length field (in Bytes)

4

Description

Downstream PIR, in bit/s.

When a dual-rate token bucket is used, delivery of this attribute requires the delivery of the HW-Output-Committed-Information-Rate (5) attribute.

If the "user-qos cir-zero { unlimited | cir-value }" command is run and the CIR and PIR delivered by a RADIUS server are both 0s, user traffic is processed based on the QoS parameter configured in this command. By default, unlimited is used.

HW-Input-Kilobytes-Before-Tariff-Switch (7)

No.

7

Attribute Name

HW-Input-Kilobytes-Before-Tariff-Switch

Attribute Value Type

Integer

Standard Defined

Huawei RADIUS+1.1

Server Type

Plus11

Value of Length field (in Bytes)

4

Description

Number of bytes sent by a user before tariff switching, in KB.

If no tariff switching occurs during a real-time accounting period, the value of the attribute refers to the total number of bytes received by the NAS from the user port during a real-time accounting period.

If tariff switching occurs once during a real-time accounting period, the value of the attribute refers to the total number of bytes received by the NAS from the user port before the tariff switching time.

Tariff switching can only be performed once during a real-time accounting period.

HW-Output-Kilobytes-Before-Tariff-Switch (8)

No.

8

Attribute Name

HW-Output-Kilobytes-Before-Tariff-Switch

Attribute Value Type

Integer

Standard Defined

Huawei RADIUS+1.1

Server Type

Plus11

Value of Length field (in Bytes)

4

Description

Number of bytes received by a user before tariff switching, in KB.

If no tariff switching occurs during a real-time accounting period, the value of the attribute refers to the total number of bytes sent by the NAS to the user port during a real-time accounting period.

If tariff switching occurs once during a real-time accounting period, the value of the attribute refers to the total number of bytes sent by the NAS to the user port before the tariff switching time.

Tariff switching can only be performed once during a real-time accounting period.

HW-Input-Packets-Before-Tariff-Switch (9)

No.

9

Attribute Name

HW-Input-Packets-Before-Tariff-Switch

Attribute Value Type

Integer

Standard Defined

Huawei RADIUS+1.1

Server Type

Plus11

Value of Length field (in Bytes)

4

Description

Number of packets sent by a user before tariff switching.

If no tariff switching occurs during a real-time accounting period, the value of the attribute refers to the total number of packets received by the NAS from the user port during a real-time accounting period. If tariff switching occurs once during a real-time accounting period, the value of the attribute refers to the total number of packets received by the NAS from the user port before the tariff switching time.

Tariff switching can only be performed once during a real-time accounting period.

HW-Output-Packets-Before-Tariff-Switch (10)

No.

10

Attribute Name

HW-Output-Packets-Before-Tariff-Switch

Attribute Value Type

Integer

Standard Defined

Huawei RADIUS+1.1

Server Type

Plus11

Value of Length field (in Bytes)

4

Description

Number of packets received by a user before tariff switching.

If no tariff switching occurs during a real-time accounting period, the value of the attribute refers to the total number of packets sent by the NAS to the user port during a real-time accounting period.

If tariff switching occurs once during a real-time accounting period, the value of the attribute refers to the total number of packets sent by the NAS to the user port before the tariff switching time.

Tariff switching can only be performed once during a real-time accounting period.

HW-Input-Kilobytes-After-Tariff-Switch (11)

No.

11

Attribute Name

HW-Input-Kilobytes-After-Tariff-Switch

Attribute Value Type

Integer

Standard Defined

Huawei RADIUS+1.1

Server Type

Plus11

Value of Length field (in Bytes)

4

Description

Number of bytes sent by a user after tariff switching, in KB. The value of this attribute refers to the total number of bytes received by the NAS from the user port during a real-time accounting period.

HW-Output-Kilobytes-After-Tariff-Switch (12)

No.

12

Attribute Name

HW-Output-Kilobytes-After-Tariff-Switch

Attribute Value Type

Integer

Standard Defined

Huawei RADIUS+1.1

Server Type

Plus11

Value of Length field (in Bytes)

4

Description

Number of bytes received by a user after tariff switching, in KB. The value of this attribute refers to the total number of bytes sent by the NAS to the user port during a real-time accounting period.

HW-Input-Packets-After-Tariff-Switch (13)

No.

13

Attribute Name

HW-Input-Packets-After-Tariff-Switch

Attribute Value Type

Integer

Standard Defined

Huawei RADIUS+1.1

Server Type

Plus11

Value of Length field (in Bytes)

4

Description

Number of packets sent by a user after tariff switching. The value of this attribute refers to the total number of packets received by the NAS from the user port during a real-time accounting period.

HW-Output-Packets-After-Tariff-Switch (14)

No.

14

Attribute Name

HW-Output-Packets-After-Tariff-Switch

Attribute Value Type

Integer

Standard Defined

Huawei RADIUS+1.1

Server Type

Plus11

Value of Length field (in Bytes)

4

Description

Number of packets received by a user after tariff switching. The value of this attribute refers to the total number of packets sent by the NAS to the user port during a real-time accounting period.

HW-Remanent-Volume (15)

No.

15

Attribute Name

HW-Remanent-Volume

Attribute Value Type

Integer

Standard Defined

Huawei RADIUS+1.1

Server Type

Standard, Plus11

Value of Length field (in Bytes)

4

Description

In Access-Accept packet, the attribute indicates the remaining traffic volume available to a user, in KB. The value 0 indicates that the user is logged out immediately. The value 0XFFFFFFFF indicates that there is no traffic limit.

This attribute carried in Access-Request packets used to apply for the EDSG service quota indicates the traffic quota that has been used.

Note:

If the initialized value of HW-Remanent-Volume is not 0 and the "quota-out { offline | online | redirect }" command is configured in the domain view, then the device makes the user offline, keep the user online or direct the user to Portal server.

If this attribute in Access-Accept packet is set to 0, then you can configure the "authening quota-out-redirect-enable" command in the authentication scheme view to make the device take redirecting action.

If this attribute in Accouting-Response packet is set to 0, then you can configure the "quota-out redirect" command in the domain view to make the device take redirecting action.

HW-Tariff-Switch-Interval (16)

No.

16

Attribute Name

HW-Tariff-Switch-Interval

Attribute Value Type

Integer

Standard Defined

Huawei RADIUS+1.1

Server Type

Plus11

Value of Length field (in Bytes)

4

Description

Interval between the latest tariff switching time and the current time, in seconds. The next tariff switching time may be within or beyond the next real-time accounting period. The NAS sends an accounting update packet to the RADIUS server upon tariff switching.

HW-Subscriber-QoS-Profile (17)

No.

17

Attribute Name

HW-Subscriber-QoS-Profile

Attribute Value Type

String

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

1~63

Description

Home QoS profile. The bandwidth limit for a home and scheduling preference of home services are specified in the profile.

If the name of the QoS profile delivered by the RADIUS server is case-sensitive, the "radius-attribute case-sensitive qos-profile-name" command can be run to allow the device to identify the case-sensitive QoS profile name.

The "radius-attribute qos-profile no-exist-policy { offline | online }" command can be run to configure a policy used when the QoS profile delivered by the RADIUS server does not exist. By default, if the QoS profile delivered by the RADIUS server does not exist, the user goes offline. If online is configured, user bandwidth cannot exceed the interface's bandwidth. If a QoS profile has been configured in the domain or interface view, bandwidth will be limited based on the QoS profile configured.

Currently, the attribute value can only be Terminate-Request (value=2), indicating user logoff.

HW-Command (20)

No.

20

Attribute Name

HW-Command

Attribute Value Type

Integer

Standard Defined

Huawei RADIUS+1.1

Server Type

Plus11

Value of Length field (in Bytes)

4

Description

Currently, the attribute value can only be Terminate-Request (value=2), indicating user logoff.

HW-Priority (22)

No.

22

Attribute Name

HW-Priority

Attribute Value Type

Integer

Standard Defined

Huawei RADIUS+1.1

Server Type

Standard, Plus11

Value of Length field (in Bytes)

4

Description

Service priority of a user. The value can be 15 or any value ranging from 0 to 13.

Remark

The valid value range is 0 to 13 and 15.

HW-Connect-ID (26)

No.

26

Attribute Name

HW-Connect-ID

Attribute Value Type

Integer

Standard Defined

Huawei RADIUS+1.1

Server Type

Standard, Plus11

Value of Length field (in Bytes)

4

Description

Connection index of a user.

HW-Portal-URL (27)

No.

27

Attribute Name

HW-Portal-URL

Attribute Value Type

String

Standard Defined

Huawei RADIUS+1.1

Server Type

Standard, Plus11

Value of Length field (in Bytes)

1~200

Description

URL to which user is redirected after being authenticated. This function is supported by IPoE, PPP, and LNS users.

HW-FTP-Directory (28)

No.

28

Attribute Name

HW-FTP-Directory

Attribute Value Type

String

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

1~64

Description

Initial directory of an FTP user.

HW-Exec-Privilege (29)

No.

29

Attribute Name

HW-Exec-Privilege

Attribute Value Type

Integer

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

4

Description

Authorized level of administrative users, such as Telnet users. The value ranges from 0 to 15, and the value which is greater than 15 indicates that the user does not have the right to login.

HW-QOS-Profile-Name (31)

No.

31

Attribute Name

HW-QOS-Profile-Name

Attribute Value Type

String

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

1~63

Description

QoS profile delivered by the RADIUS server.

In home user access, HW-QOS-Profile-Name is used to configure the bandwidth for each service in the home. In common user access, HW-QOS-Profile-Name is used to configure the total bandwidth and scheduling preference of service traffic.

If the name of the QoS profile delivered by the RADIUS server is case-sensitive, the "radius-attribute case-sensitive qos-profile-name" command can be run to allow the device to identify the case-sensitive QoS profile name.

The "radius-attribute qos-profile no-exist-policy { offline | online }" command can be run to configure a policy used when the QoS profile delivered by the RADIUS server does not exist. By default, if the QoS profile delivered by the RADIUS server does not exist, the no-exist-policy is 'offline'. If 'online' is specified in the command, user bandwidth cannot exceed the interface's bandwidth. If the "qos-profile" command has been configured in the domain or interface view, bandwidth will be limited based on the QoS profile configured.

HW-SIP-Server (32)

No.

32

Attribute Name

HW-SIP-Server

Attribute Value Type

String

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

1~247

Description

SIP server address or name delivered to DHCP users. The address is in dotted decimal notation, and the name is in the format of a URL, such as 'abc.com'.

HW-User-Password (33)

No.

33

Attribute Name

HW-User-Password

Attribute Value Type

String

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

1~128

Description

Re-authentication password contained in HW-Command-Mode delivered through CoA packets. PAP and CHAP modes are supported.

HW-Command-Mode (34)

No.

34

Attribute Name

HW-Command-Mode

Attribute Value Type

String

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

1~247

Description

Command mode, which is differentiated by the first character.

Subtype 1: uses A as the first character, followed by a user name. (Alternatively, no user name is attached, and the user name is delivered by the User-Name attribute.) This subtype is used for triggering CoA re-authentication. The HW-User-Password attribute can be used together to deliver the re-authentication password.

Subtype 2: uses Q as the first character, followed by a type parameter, indicating user information query. If the type parameter is S, the user information (IP address and accounting ID) is queried; if the type parameter is UC, the upstream bandwidth of the user is queried; if the type parameter is DC, the downstream bandwidth of the user is queried; if the type parameter is UF, the upstream traffic of the user is queried; if the type parameter is DF, the downstream traffic of the user is queried.

Subtype 3: uses 0x01 as the first character, followed by a user name. (Alternatively, no user name is attached, and the user name is delivered by the User-Name attribute.) This subtype is used by the Account Login request to trigger web re-authentication. The HW-User-Password attribute can be used together to deliver the re-authentication password.

Subtype 4: uses 0x02 as the first byte, followed by a user name. This subtype indicates a user Account Logoff request, which triggers web users to return to the pre-authentication domain.

Subtype 5: uses 0x04 as the first byte, followed by a type parameter, indicating user session query. If the type parameter is a space, the service information of a session is queried; if the type parameter is an ampersand (&), information about a session is queried; if the type parameter is a service name, information about the specified service is queried.

Subtype 6: uses 0x0B as the first byte, followed by a service name. This subtype indicates a service active request.

Subtype 7: uses 0x0C as the first byte, followed by a service name. This subtype indicates a service deactive request.

Combinations of UC, DC, UF, and DF can be delivered. For example, if QUCDC is delivered, upstream and downstream bandwidths can be queried. If subtype 5 is used, spaces and ampersands (&) can be delivered in combination.

HW-Renewal-Time (35)

No.

35

Attribute Name

HW-Renewal-Time

Attribute Value Type

Integer

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

4

Description

Interval at which addresses of DHCP users are renewed.

Remark

The value ranges from 30 to 259200, in seconds.

HW-Rebinding-Time (36)

No.

36

Attribute Name

HW-Rebinding-Time

Attribute Value Type

Integer

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

4

Description

Rebinding time of addresses of DHCP users.

Remark

The value ranges from 30 to 259200, in seconds.

HW-Igmp-Enable (37)

No.

37

Attribute Name

HW-Igmp-Enable

Attribute Value Type

Integer

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

4

Description

Whether IGMP is enabled for users.

Remark

0: disabled; 1: enabled

HW-NAS-Startup-Time-Stamp (59)

No.

59

Attribute Name

HW-NAS-Startup-Time-Stamp

Attribute Value Type

Integer

Standard Defined

Huawei RADIUS+1.1

Server Type

Standard, Plus11

Value of Length field (in Bytes)

4

Description

Time when the device was started.

Remark

The value is in seconds since January 1, 1970 00:00:00.

HW-IP-Host-Address (60)

No.

60

Attribute Name

HW-IP-Host-Address

Attribute Value Type

String

Standard Defined

Huawei RADIUS+1.1

Server Type

Standard, Plus11

Value of Length field (in Bytes)

1~33

Description

User IP address and MAC address carried in the authentication request packet and accounting request packet, in the format of "A.B.C.D hh:hh:hh:hh:hh:hh". The IP and MAC addresses must be separated by a space. During user authentication, if the user IP address is invalid, A.B.C.D is set to 255.255.255.255.

Remark

It is a string in the format of user IP address+space+MAC address.

HW-Up-Priority (61)

No.

61

Attribute Name

HW-Up-Priority

Attribute Value Type

Integer

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

4

Description

Priority of upstream services.

If the HW-Priority (26-22) attribute has been delivered, HW-Priority takes effect.

HW-Down-Priority (62)

No.

62

Attribute Name

HW-Down-Priority

Attribute Value Type

Integer

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

4

Description

Priority of downstream services.

If the HW-Priority (26-22) attribute has been delivered, HW-Priority takes effect.

HW-Tunnel-VPN-Instance (63)

No.

63

Attribute Name

HW-Tunnel-VPN-Instance

Attribute Value Type

String

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

1~253

Description

Name of the VPN instance on the local end of a tunnel.

HW-Tunnel-VPN-Instance must be delivered together with the standard Tunnel-Client-Endpoint (66) attribute.

HW-User-Date (65)

No.

65

Attribute Name

HW-User-Date

Attribute Value Type

String

Standard Defined

Huawei RADIUS+1.1

Server Type

Standard

Value of Length field (in Bytes)

1~31

Description

Date when a user account was opened.

HW-User-Class (66)

No.

66

Attribute Name

HW-User-Class

Attribute Value Type

String

Standard Defined

Huawei RADIUS+1.1

Server Type

Standard

Value of Length field (in Bytes)

1~31

Description

User level.

HW-Subnet-Mask (72)

No.

72

Attribute Name

HW-Subnet-Mask

Attribute Value Type

Address

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

4

Description

Subnet mask.

This attribute is applicable only to IPoE users.

HW-Gateway-Address (73)

No.

73

Attribute Name

HW-Gateway-Address

Attribute Value Type

Address

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

4

Description

Gateway IP address.

This attribute is applicable only to IPoE users.

HW-Lease-Time (74)

No.

74

Attribute Name

HW-Lease-Time

Attribute Value Type

Integer

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

4

Description

Lease time.

The value ranges from 60 to 259200, in seconds. The value can only be 0 in CoA packets.

HW-Ascend-Client-Primary-WINS (75)

No.

75

Attribute Name

HW-Ascend-Client-Primary-WINS

Attribute Value Type

Address

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

4

Description

Primary WINS address.

HW-Ascend-Client-Second-WIN (76)

No.

76

Attribute Name

HW-Ascend-Client-Second-WIN

Attribute Value Type

Address

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

4

Description

Secondary WINS address.

HW-Input-Peak-Burst-Size (77)

No.

77

Attribute Name

HW-Input-Peak-Burst-Size

Attribute Value Type

Integer

Standard Defined

Huawei RADIUS+1.1

Server Type

Standard, Plus11

Value of Length field (in Bytes)

4

Description

Upstream PBS.

HW-Output-Peak-Burst-Size (78)

No.

78

Attribute Name

HW-Output-Peak-Burst-Size

Attribute Value Type

Integer

Standard Defined

Huawei RADIUS+1.1

Server Type

Standard, Plus11

Value of Length field (in Bytes)

4

Description

Downstream PBS.

HW-Tunnel-Session-Limit (80)

No.

80

Attribute Name

HW-Tunnel-Session-Limit

Attribute Value Type

Integer

Standard Defined

Huawei RADIUS+1.1

Server Type

Standard

Value of Length field (in Bytes)

4

Description

Number of sessions over a tunnel.

HW-Data-Filter (82)

No.

82

Attribute Name

HW-Data-Filter

Attribute Value Type

String

Standard Defined

Huawei RADIUS+1.1

Server Type

Standard

Value of Length field (in Bytes)

1~247

Description

Dynamically delivered ACL rule.

The HW-Data-Filter attribute delivers classifier-behavior pairs to achieve delivery of dynamical ACLs. These ACLs have a higher priority than those configured locally.

 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|    Type(26)   |    Length     |         Vendor ID(0000)       |
|               | 6+VendorLength|                               |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|         Vendor ID(2011)       |Vendor Type(82)| Vendor Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|           String
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Vendor Length: 1–249 bytes, including the two bytes occupied by Vendor Type and Vendor Length. The String length is therefore two bytes subtracted from Vendor Length and is up to 247 bytes.

String: attribute content string. The HW-Data-Filter attribute supports delivery of classifier and behavior strings as well as CoA action strings, with each type of string being a combination of fields delimited by semicolons and containing only displayable characters entered using a keyboard.

The HW-Data-Filter attribute can be delivered repeatedly, and one attribute can contain multiple attribute strings that are separated using a number sign (#). For example, when one HW-Data-Filter attribute contains two classifier strings, the HW-Data-Filter attribute can be delivered with the classifier1 string#classifier2 string padded to the String field of this attribute. When one attribute string contains both classifier and behavior strings, the HW-Data-Filter attribute can be delivered with the classifier string#behavior string padded to the String field of this attribute.

In one RADIUS packet, the total number of sub-attributes of all HW-Data-Filter attributes cannot exceed 2047.

Both classifier and behavior strings are categorized as local or remote. These types can be flexibly combined, meaning that a local or a remote classifier string can be combined with both local and remote behavior strings.

Remark

For more information, see the chapter "More Information About HW-Data-Filter (82)".

HW-Access-Service (83)

No.

83

Attribute Name

HW-Access-Service

Attribute Value Type

String

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

1~32

Description

Access service template. The template is locally configured on the device, and CAR parameters in different periods can be configured in the template.

HW-Accounting-Level (84)

No.

84

Attribute Name

HW-Accounting-Level

Attribute Value Type

Integer

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

4

Description

Accounting level, ranging from 1 to 16, used to identify accounting services based on the destination address.

Remark

Value range is 1~16.

HW-Portal-Mode (85)

No.

85

Attribute Name

HW-Portal-Mode

Attribute Value Type

Integer

Standard Defined

Huawei RADIUS+1.1

Server Type

Standard, Plus11

Value of Length field (in Bytes)

4

Description

Portal modes.

0: PADM;

1: redirection;

2: non-portal

HW-Policy-Route (87)

No.

87

Attribute Name

HW-Policy-Route

Attribute Value Type

Address

Standard Defined

Huawei RADIUS+1.1

Server Type

Standard

Value of Length field (in Bytes)

4

Description

Next hop address in the policy-based routing.

HW-Framed-Pool (88)

No.

88

Attribute Name

HW-Framed-Pool

Attribute Value Type

String

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

1~253

Description

Same as the standard No. 88 attribute.

HW-L2TP-Terminate-Cause (89)

No.

89

Attribute Name

HW-L2TP-Terminate-Cause

Attribute Value Type

String

Standard Defined

Huawei RADIUS+1.1

Server Type

Standard

Value of Length field (in Bytes)

6~70

Description

L2TP user logout cause.

The value is in the format of logout code (2 bytes)+control protocol number (2 bytes)+direction (1 byte)+whether it is valid (1 byte)+L2TP AVP46 information (0–64 bytes).

HW-Multicast-Profile-Name (93)

No.

93

Attribute Name

HW-Multicast-Profile-Name

Attribute Value Type

String

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

1~32

Description

Name of a multicast profile. The contents of the profile can be configured on the device.

HW-VPN-Instance (94)

No.

94

Attribute Name

HW-VPN-Instance

Attribute Value Type

String

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

1~31

Description

Name of a VPN instance to which a user belongs.

HW-Policy-Name (95)

No.

95

Attribute Name

HW-Policy-Name

Attribute Value Type

String

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

1~253

Description

Name of a value-added service policy. Multiple HW-Policy-Name attributes can be encapsulated in a packet to deliver multiple value-added services. A packet can carry a maximum of eight value-added service templates.

One HW-Policy-Name attribute can be used to deliver multiple value-added service policy names, which are separated using a vertical bar '|'.

HW-Tunnel-Group-Name (96)

No.

96

Attribute Name

HW-Tunnel-Group-Name

Attribute Value Type

String

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

1~32

Description

Name of an L2TP or GRE group.

HW-Client-Primary-DNS (135)

No.

135

Attribute Name

HW-Client-Primary-DNS

Attribute Value Type

Address

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

4

Description

Primary DNS server's IP address delivered after a user is authenticated.

HW-Client-Secondary-DNS (136)

No.

136

Attribute Name

HW-Client-Secondary-DNS

Attribute Value Type

Address

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

4

Description

Secondary DNS server's IP address delivered after a user is authenticated.

HW-Domain-Name (138)

No.

138

Attribute Name

HW-Domain-Name

Attribute Value Type

String

Standard Defined

Huawei RADIUS+1.1

Server Type

Standard, Plus11

Value of Length field (in Bytes)

1~64

Description

Domain name used in user authentication. The domain name may be the name of a roaming or mandatory domain. The domain name may not be the domain name in the user name.

HW-HTTP-Redirect-URL (140)

No.

140

Attribute Name

HW-HTTP-Redirect-URL

Attribute Value Type

String

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

1~200

Description

URL of a page where a user will be redirected if the user fails to be authenticated. The user can still go online. When the user initiates a Hypertext Transfer Protocol (HTTP) access request, the user is redirected to the specified URL.

This attribute is processed only when the "authening authen-redirect online authen-domain redirect-domain" command is configured in the authentication-scheme view.

HW-Qos-Profile-Type (142)

No.

142

Attribute Name

HW-Qos-Profile-Type

Attribute Value Type

Integer

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

4

Description

Type of the QoS profile delivered by the RADIUS server, valid only for LNS users. The value can be any of the following:

0: The original QoS profile is used. If the attribute is not delivered, it has the same meaning.

1: The delivered QoS profile is used as the inbound L2TP QoS profile.

2: The delivered QoS profile is used as the outbound L2TP QoS profile.

3: The delivered QoS profile is used as both the inbound and outbound L2TP QoS profile.

If a QoS profile is delivered for the LNS, the original CAR parameters no longer take effect.

HW-Max-List-Num (143)

No.

143

Attribute Name

HW-Max-List-Num

Attribute Value Type

Integer

Standard Defined

Huawei RADIUS+1.1

Server Type

Standard

Value of Length field (in Bytes)

4

Description

Maximum number of multicast programs that a user can order.

HW-Acct-ipv6-Input-Octets (144)

No.

144

Attribute Name

HW-Acct-ipv6-Input-Octets

Attribute Value Type

Integer

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

4

Description

Volume of IPv6 upstream traffic, in bytes, KB, MB, or GB. By default, the unit of the attribute is byte in the standard RADIUS protocol, and KB in the RADIUS+ protocol.

The "radius-server traffic-unit" command can be run in the RADIUS server group view to specify the unit of the attribute.

HW-Acct-ipv6-Output-Octets (145)

No.

145

Attribute Name

HW-Acct-ipv6-Output-Octets

Attribute Value Type

Integer

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

4

Description

Volume of IPv6 downstream traffic, in bytes, KB, MB, or GB. By default, the unit of the attribute is byte in the standard RADIUS protocol, and KB in the RADIUS+ protocol.

The "radius-server traffic-unit" command can be run in the RADIUS server group view to specify the unit of the attribute.

HW-Acct-ipv6-Input-Packets (146)

No.

146

Attribute Name

HW-Acct-ipv6-Input-Packets

Attribute Value Type

Integer

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

4

Description

Number of IPv6 upstream packets.

HW-Acct-ipv6-Output-Packets (147)

No.

147

Attribute Name

HW-Acct-ipv6-Output-Packets

Attribute Value Type

Integer

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

4

Description

Number of IPv6 downstream packets.

HW-Acct-ipv6-Input-Gigawords (148)

No.

148

Attribute Name

HW-Acct-ipv6-Input-Gigawords

Attribute Value Type

Integer

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

4

Description

Number of IPv6 upstream bytes. The value is a multiple of 4 GB, KB, MB, or bytes (2^32), which can be configured using a command. The value is the most significant 32 bits of HW-Acct-ipv6-Input-Octets.

HW-Acct-ipv6-Output-Gigawords (149)

No.

149

Attribute Name

HW-Acct-ipv6-Output-Gigawords

Attribute Value Type

Integer

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

4

Description

Number of IPv6 downstream bytes. The value is a multiple of 4 GB, KB, MB, or bytes (2^32), which can be configured using a command. The value is the most significant 32 bits of HW-Acct-ipv6-Output-Octets.

HW-DHCPv6-Option37 (150)

No.

150

Attribute Name

HW-DHCPv6-Option37

Attribute Value Type

String

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

16

Description

The attribute identifies user location information. A switch and PON device encapsulate the device MAC address to the Option 37 field of DHCPv6 packets. The BRAS parses the field and uses a private RADIUS attribute to report it to the RADIUS server. In Layer 3 access, a router functions as a network-side DHCP relay agent can use Option 37 to encapsulate the client's MAC address for the BRAS to obtain the user MAC address.

HW-DHCPv6-Option38 (151)

No.

151

Attribute Name

HW-DHCPv6-Option38

Attribute Value Type

String

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

1~127

Description

Content of DHCPv6 Option 38.

HW-User-Mac (153)

No.

153

Attribute Name

HW-User-Mac

Attribute Value Type

String

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

1~253

Description

The attribute carries a user MAC address or Option 61 information. Access-Request and Accounting-Request packets can carry the attribute with a user MAC address.

If the Option 61 information about DHCPv4 users carried in HW-User-Mac is a string of characters, it is sent to the RADIUS server directly; if the Option 61 information is in binary notation, it is converted to a string of characters before it is sent to the RADIUS server.

The "radius-attribute usermac-as-option61" command can be run in the RADIUS server group view to control whether this attribute carries MAC address or Option61 information. If the "radius-attribute usermac-as-option61" command is not run, this attribute carries the user MAC address by default. If the "radius-attribute usermac-as-option61" command is run, this attribute carries Option61 information. If the "option-61 hardware-type" command is not run in the BAS view and the user packet does not carry Option61 information, this attribute is not encapsulated in RADIUS packets.

HW-DNS-Server-IPv6-Address (154)

No.

154

Attribute Name

HW-DNS-Server-IPv6-Address

Attribute Value Type

String

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

16

Description

IPv6 address of the DNS server.

HW-DHCPv4-Option121 (155)

No.

155

Attribute Name

HW-DHCPv4-Option121

Attribute Value Type

String

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

1~245

Description

Routing information of IPoE users. A maximum of 24 route prefixes are supported.

Routes are separated by the delimiter (;).

Routes can be delivered multiple times. Each time a maximum of eight routes containing up to 245 bytes can be delivered. A maximum of 24 routes can be delivered.

The format is 1.1.1.1/16 1.1.1.2;2.2.2.2/16 2.2.2.1.

The mask is optional. There is only one space between the destination address/mask and the next hop address. The delimiter following the last route is optional.

If the attribute fails to be parsed, the user cannot go online.

HW-DHCPV4-Option43 (156)

No.

156

Attribute Name

HW-DHCPV4-Option43

Attribute Value Type

String

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

1~200

Description

The attribute carries the Option 43 information in the DHCP reply packet sent to the DHCPv4 user, and is delivered in the Access-Accept packet.

If this attribute is delivered carrying the URI of PPPoE users, it has a lower priority than hw-portal-url. This means that this attribute will not be encapsulated into the PADM's tag as long as the RADIUS server has delivered hw-portal-url.

HW-Framed-Pool-Group (157)

No.

157

Attribute Name

HW-Framed-Pool-Group

Attribute Value Type

String

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

1~253

Description

The attribute carries the name of the address pool group and is delivered in the Access-Accept packet. The BRAS resolves the address pool list based on the address pool group name and chooses address pools from the list to allocate addresses to users.

The attribute carries the name of the address pool group and is delivered in the Access-Accept packet. The BRAS resolves the address pool list based on the address pool group name and chooses address pools from the list to allocate addresses to users.

Remark

The name of an address pool group configured on the device can have a maximum of 32 bytes while that of an address pool delivered can have a maximum of 253 bytes.

HW-Framed-IPv6-Address (158)

No.

158

Attribute Name

HW-Framed-IPv6-Address

Attribute Value Type

Address

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

16

Description

Carries an address assigned by a DHCPv6 server using identity association for non-temporary addresses (IA_NA).

HW-Acct-Update-Address (159)

No.

159

Attribute Name

HW-Acct-Update-Address

Attribute Value Type

Integer

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

4

Description

The attribute is carried in accounting update packets. If the accounting server needs to update user IP addresses based on received packets, the value of this attribute is set to 1. The default value of this attribute is 0.

HW-NAT-Policy-Name (160)

No.

160

Attribute Name

HW-NAT-Policy-Name

Attribute Value Type

String

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

1~31

Description

NAT policy template delivered in the user authentication response packet. This template is saved locally.

HW-Nat-IP-Address (161)

No.

161

Attribute Name

HW-Nat-IP-Address

Attribute Value Type

Address

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

4

Description

Public network IP address after network address translation (NAT).

HW-NAT-Start-Port (162)

No.

162

Attribute Name

HW-NAT-Start-Port

Attribute Value Type

Integer

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

4

Description

Start port of the public network IP address after NAT in a centralized BRAS scenario.

HW-NAT-End-Port (163)

No.

163

Attribute Name

HW-NAT-End-Port

Attribute Value Type

Integer

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

4

Description

End port of the public network IP address after NAT in a centralized BRAS scenario.

HW-NAT-Port-Forwarding (164)

No.

164

Attribute Name

HW-NAT-Port-Forwarding

Attribute Value Type

String

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

1~48

Description

Port-Forwarding delivered and reported by the RADIUS server in a centralized BRAS scenario.

1. This attribute consists of User IP, Protocol, User Port, PortFwd IP, and PortFwd Port, which are separated by semicolons (;), for example, 192.168.1.1;TCP;32768;50.50.50.1;50000.

2. The values in this attribute are arranged in the following order: User IP, Protocol, PortFwd IP, User Port, and PortFwd Port.

User IP, Protocol, User Port, and Port-Fwd-Port must be delivered in Access packets to the BRAS. Currently, PortFwd IP is not resolved. Accounting-Request packets must carry all fields. If PortFwd Port and PortFwd IP fail to be allocated, users can go online, but the port forwarding function does not take effect.

HW-Nat-Port-Range-Update (165)

No.

165

Attribute Name

HW-Nat-Port-Range-Update

Attribute Value Type

Integer

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

4

Description

RADIUS source tracing in a CGN scenario. The attribute is supported by NAT444 users and DSLITE users.

The attribute is carried by RADIUS accounting packets and reported to the RADIUS server when ports on the CGN service board change. The value can be:

0: Ports are added.

1: Ports are deleted.

3: The public network information is changed.

HW-DS-Lite-Tunnel-Name (166)

No.

166

Attribute Name

HW-DS-Lite-Tunnel-Name

Attribute Value Type

String

Standard Defined

Huawei RADIUS+1.1

Server Type

Standard

Value of Length field (in Bytes)

1~63

Description

IPv6 tunnel name in a CGN scenario.

Remark

The length must be shorter than or equal to 63 bytes.

HW-PCP-Server-Name (167)

No.

167

Attribute Name

HW-PCP-Server-Name

Attribute Value Type

Text

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

1~64

Description

PCP Server Name.

Remark

The length must be shorter than or equal to 64 bytes.

HW-Public-IP-Addr-State (168)

No.

168

Attribute Name

HW-Public-IP-Addr-State

Attribute Value Type

Integer

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

4

Description

Status of the public IP address pool in a NAT444 scenario. When upper and lower thresholds for a public IP address pool are configured in the AAA domain view, the attribute is carried in the Access-Request packets for the RADIUS server to determine whether the user is a public network user or a NAT444 user.

Safe (0): No NAT444 instance is bound to the AAA domain, all NAT444 instances bound to the AAA domain are inactive, or the usage of the public IP address pool is smaller than the lower threshold.

Warning (1): Active NAT444 instances are bound to the AAA domain, but the usage of the public IP address pool is greater than or equal to the lower threshold and less than or equal to the upper threshold.

Danger (2): Active NAT444 instances are bound to the AAA domain, but the usage of the public IP address pool is greater than the upper threshold.

HW-Auth-Type (180)

No.

180

Attribute Name

HW-Auth-Type

Attribute Value Type

Integer

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

4

Description

Authentication type, which can be any of the following:

1: PPP authentication.

2: web authentication.

3: dot1x authentication.

4: fast authentication.

5: bind authentication.

6: WLAN authentication.

7: management user authentication.

8: tunnel authentication.

9: MIP authentication.

10: non-authentication.

11: MAC authentication.

HW-Acct-terminate-subcause (181)

No.

181

Attribute Name

HW-Acct-terminate-subcause

Attribute Value Type

Integer

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

4

Description

Sub-code for a session disconnection. For details, see the "display radius offline-sub-reason" command output.

HW-Down-QOS-Profile-Name (182)

No.

182

Attribute Name

HW-Down-QOS-Profile-Name

Attribute Value Type

String

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

1~63

Description

QoS profile delivered by the RADIUS server.

In home user access, this attribute is used to configure the bandwidth for each service in the home. In common user access, this attribute is used to configure the total downstream bandwidth and scheduling preference of downstream service traffic.

HW-Port-Mirror (183)

No.

183

Attribute Name

HW-Port-Mirror

Attribute Value Type

Integer

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

4

Description

Upstream and downstream interface mirroring enabling flag delivered by the RADIUS server, which is used to control whether interface mirroring is enabled in the upstream and downstream directions. The value ranges from 0 or 3.

(1) The value 0 indicates that interface mirroring is not enabled in both the upstream and downstream directions.

(2) The value 1 indicates that interface mirroring is enabled in only the upstream direction.

(3) The value 2 indicates that interface mirroring is enabled in only the downstream direction.

(4) The value 3 indicates that interface mirroring is enabled in both the upstream and downstream directions.

HW-Account-Info (184)

No.

184

Attribute Name

HW-Account-Info

Attribute Value Type

String

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

1~247

Description

Account information. The first character is used to identify different meanings.

Subtype 1: uses A as the first character, followed by a service name. This subtype is used in user authentication response packets to deliver EDSG services that automatically take effect (directly activated after delivery) and to return the delivered EDSG service name in the CoA user information query.

Subtype 2: uses N as the first character, followed by a service name or other information. The format is N[<service-state>]<service-name>;[<time-connected>];[<username>];[<pkt-in>];[<pkt-out>];[<bytes_in>];[<bytes_out>], where <service-state> is active:1 or inactive:0. This attribute is used in user authentication response packets to deliver EDSG services that do not automatically take effect (not automatically activated after delivery) and to return the delivered EDSG service name and detailed service information in the CoA user information or service information query.

Subtype 3: uses S as the first character, followed by a user IP address or by a user IP address plus a port number (for example, S10.10.5.11:85). This attribute is used as a user identifier in a CoA message and has the same function as the Acct-Session-Id attribute in a CoA message.

HW-Service-Info (185)

No.

185

Attribute Name

HW-Service-Info

Attribute Value Type

String

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

1~247

Description

Service information. The first character is used to identify different meanings. Currently, it can only use N as the first character, followed by a service name. This attribute is used in authentication request, quota application, and accounting request packets in EDSG services to carry the service name.

HW-Dhcp-Option (187)

No.

187

Attribute Name

HW-Dhcp-Option

Attribute Value Type

String

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

1~247

Description

DHCP options delivered by the RADIUS server after a user is being authenticated.

Remark

For more information, see the chapter "More Information About HW-Dhcp-Option (187)".

HW-Avpair (188)

No.

188

Attribute Name

HW-Avpair

Attribute Value Type

String

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

1~247

Description

Attribute-value pair, which is the framework attribute of extensible sub-attributes. The format is a character string of <attribute-name>=<value>.

Remark

For more information, see the chapter "More Information About HW-Avpair (188)".

HW-Delegated-IPv6-Prefix-Pool (191)

No.

191

Attribute Name

HW-Delegated-IPv6-Prefix-Pool

Attribute Value Type

String

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

1~253

Description

Address pool from which PD prefixes are allocated.

HW-IPv6-Prefix-Lease (192)

No.

192

Attribute Name

HW-IPv6-Prefix-Lease

Attribute Value Type

String

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

10

Description

IPv6 prefix lease.

Format:

0                   1                   2                   3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|     Type      |    Length     |        T1       |      T2     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Preferred-lifetime
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| valid-lifetime
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
HW-IPv6-Address-Lease (193)

No.

193

Attribute Name

HW-IPv6-Address-Lease

Attribute Value Type

String

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

10

Description

IPv6 address lease.

Format:

0                   1                   2                   3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|     Type      |    Length     |        T1       |      T2     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Preferred-lifetime
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| valid-lifetime
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
HW-IPv6-Policy-Route (194)

No.

194

Attribute Name

HW-IPv6-Policy-Route

Attribute Value Type

String

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

16

Description

IPv6 policy-based routing.

Each board supports a maximum of 64 IPv6 PBR policies. Exceeding IPv6 PBR policies do not take effect and will cause alarms, but will not affect user login.

HW-MNG-IPv6 (196)

No.

196

Attribute Name

HW-MNG-IPv6

Attribute Value Type

Integer

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

4

Description

Whether IPv6 address management is used for users is determined by the RADIUS server based on the authentication result (whether IPv6 addresses are assigned) and CPE information (that specifies IPv6 address management). If the HW-MNG-IPv6 attribute is delivered to the BRAS, the BRAS will encapsulate it into the PPPoE PADM Tag0x0112 MOTM.

The value can only be 0 or 1. 0: IPv6 address management is not supported. 1: IPv6 address management is supported. If any other value is delivered, user login fails.

HW-USR-GRP-NAME (251)

No.

251

Attribute Name

HW-USR-GRP-NAME

Attribute Value Type

String

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

1~32

Description

User group name which is applicable for the user.

Do not configure the user level by using the HW-Exec-Privilege (29). Otherwise, the user level configuration takes effect, but the user group configuration cannot take effect.

Remark

The value is a string of 1 to 32 characters containing letters, digits, and underscores (_).

HW-USER-SRVC_TYPE (252)

No.

252

Attribute Name

HW-USER-SRVC_TYPE

Attribute Value Type

Integer

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

4

Description

User access type, which can be PPP, terminal, Telnet, FTP, and SSH.

HW-Web-URL (253)

No.

253

Attribute Name

HW-Web-URL

Attribute Value Type

String

Standard Defined

Huawei RADIUS+1.1

Server Type

All

Value of Length field (in Bytes)

1~200

Description

URL to which a web authentication user is redirected. This attribute is applicable to web authentication scenarios for IPoE users or captive portal scenarios for all types of users in arrears. This attribute takes effect only when the user-group attribute is also delivered.

HW-Version (254)

No.

254

Attribute Name

HW-Version

Attribute Value Type

String

Standard Defined

Huawei RADIUS+1.1

Server Type

Standard

Value of Length field (in Bytes)

1~253

Description

Version of a device.

This attribute carries different information for different devices. For example, on NE devices, this attribute carries Huawei NE by default.

Note:

The "radius-attribute include attributename" command can be used to determine whether packets in a RADIUS group are processed and how to process the HW-Version and HW-Product-ID attributes. After the HW-Version attribute or HW-Product-ID attribute is specified, the content displayed in the "display version" command output is encapsulated as the HW-Version or HW-Product-ID attribute content in the authentication and accounting packets except for the ME Series devices.

In ME Series devices, the HW-Product-ID attribute are encapsulated in a simplified format. For example, for MultiserviceEngine 60-X3, the encapsulated content is "ME60-X3". For example,

[HW-Version(Huawei-254) ] [13] [V600R005C00]

[HW-Product-ID(Huawei-255) ] [6 ] [ME60-X3]

If the HW-Version and HW-Product-ID attributes are not specified, the device model information in the old format is carried only in authentication packets. For example,

[HW-Version(Huawei-254) ] [13] [Huawei ME60]

[HW-Product-ID(Huawei-255) ] [6 ] [ME60]

HW-Product-ID (255)

No.

255

Attribute Name

HW-Product-ID

Attribute Value Type

String

Standard Defined

Huawei RADIUS+1.1

Server Type

Standard

Value of Length field (in Bytes)

1~8

Description

Product ID of a device.

This attribute carries different information for different devices. For example, on NE devices, this attribute carries NE by default. For details, see the HW-Version (254) attribute description.

The displayed format can be controlled by a command. For details, see the HW-Version (254) attribute description.

Private RADIUS attribute defined by Microsoft. The attribute number is 26, vendor ID is 311, and sub-attribute ranges from 1 to 255. For details, see the following:

MS-CHAP-Response (1)

No.

1

Attribute Name

MS-CHAP-Response

Attribute Value Type

string

Standard Defined

-

Server Type

All

Value of Length field (in Bytes)

1~50

Description

Response to the MS-CHAP authentication challenge.

MS-CHAP-Error (2)

No.

2

Attribute Name

MS-CHAP-Error

Attribute Value Type

String

Standard Defined

-

Server Type

All

Value of Length field (in Bytes)

1~80

Description

Error information that is carried in an MS-CHAP Access-Reject packet.

MS-CHAP-CPW-2 (4)

No.

4

Attribute Name

MS-CHAP-CPW-2

Attribute Value Type

String

Standard Defined

-

Server Type

All

Value of Length field (in Bytes)

1~84

Description

Changed MS-CHAP V2 password

MS-CHAP-NT-Enc-PW (6)

No.

6

Attribute Name

MS-CHAP-NT-Enc-PW

Attribute Value Type

String

Standard Defined

-

Server Type

All

Value of Length field (in Bytes)

1~516

Description

New MS-CHAP password, which is obtained by encrypting the old MS-CHAP password.

Remark

If the length of this attribute exceeds 516 bytes, this attribute must be encapsulated in fragments.

MS-CHAP-Challenge (11)

No.

11

Attribute Name

MS-CHAP-Challenge

Attribute Value Type

String

Standard Defined

-

Server Type

All

Value of Length field (in Bytes)

1~32

Description

MS-CHAP challenge.

Remark

Ms-chap: 8 bytes

Ms-chap2 authentication: 16 bytes

Ms-chap2 password change: 32 bytes

MS-MPPE-Send-Key (16)

No.

16

Attribute Name

MS-MPPE-Send-Key

Attribute Value Type

String

Standard Defined

-

Server Type

All

Value of Length field (in Bytes)

1~32

Description

A RADIUS server delivers an Microsoft Point-to-Point Encryption (MPPE) key to a NAS. The NAS then transparently transmits the key to an AP after decrypting and encrypting the key.

This attribute can be used in WLAN scenarios.

MS-MPPE-Recv-Key (17)

No.

17

Attribute Name

MS-MPPE-Recv-Key

Attribute Value Type

String

Standard Defined

-

Server Type

All

Value of Length field (in Bytes)

1~32

Description

A RADIUS server delivers an Microsoft Point-to-Point Encryption (MPPE) key to a NAS. The NAS then transparently transmits the key to an AP after decrypting and encrypting the key.

This attribute can be used in WLAN scenarios.

MS-CHAP2-Response (25)

No.

25

Attribute Name

MS-CHAP2-Response

Attribute Value Type

String

Standard Defined

-

Server Type

All

Value of Length field (in Bytes)

1~50

Description

Response to the MS-CHAP2 authentication challenge.

MS-CHAP2-Success (26)

No.

26

Attribute Name

MS-CHAP2-Success

Attribute Value Type

String

Standard Defined

-

Server Type

All

Value of Length field (in Bytes)

1~42

Description

Authentication success code.

MS-CHAP2-CPW (27)

No.

27

Attribute Name

MS-CHAP2-CPW

Attribute Value Type

String

Standard Defined

-

Server Type

All

Value of Length field (in Bytes)

1~68

Description

Changed MS-CHAP2 password.

MS-Primary-DNS-Server (28)

No.

28

Attribute Name

MS-Primary-DNS-Server

Attribute Value Type

Address

Standard Defined

-

Server Type

All

Value of Length field (in Bytes)

4

Description

Address of the primary DNS server of a specified user after user authentication is successful.

MS-Secondary-DNS-Server (29)

No.

29

Attribute Name

MS-Secondary-DNS-Server

Attribute Value Type

Address

Standard Defined

-

Server Type

All

Value of Length field (in Bytes)

4

Description

Address of the secondary DNS server of a specified user after user authentication is successful.

RADIUS attribute defined by the DSL forum. The attribute number is 26, vendor ID is 3561, and sub-attribute number ranges from 1 to 255. For details, see the following:

Agent-Circuit-Id (1)

No.

1

Attribute Name

Agent-Circuit-Id

Attribute Value Type

String

Standard Defined

-

Server Type

All

Value of Length field (in Bytes)

1~63

Description

ID of the line from an online user to the access device.

When the "radius-attribute agent-circuit-id format {cn | tr-101}" command is configured, if the DHCP module parses option82 successfully according to the "option-82 parse-mode" command configured in the interface, then the Agent-Circuit-Id attribute is carried in the RADIUS Access packets and the attribute's format is set according to the "radius-attribute agent-circuit-id format {cn | tr-101}" command.

Agent-Remote-Id (2)

No.

2

Attribute Name

Agent-Remote-Id

Attribute Value Type

String

Standard Defined

-

Server Type

All

Value of Length field (in Bytes)

1~63

Description

Unique identifier for the association between an online user and the line

Actual-Data-Rate-Upstream (129)

No.

129

Attribute Name

Actual-Data-Rate-Upstream

Attribute Value Type

Integer

Standard Defined

-

Server Type

All

Value of Length field (in Bytes)

4

Description

Actual upstream rate of the line corresponding to the online user

Actual-Data-Rate-Downstream (130)

No.

130

Attribute Name

Actual-Data-Rate-Downstream

Attribute Value Type

Integer

Standard Defined

-

Server Type

All

Value of Length field (in Bytes)

4

Description

Actual downstream rate of the line corresponding to the online user

Minimum-Data-Rate-Upstream (131)

No.

131

Attribute Name

Minimum-Data-Rate-Upstream

Attribute Value Type

Integer

Standard Defined

-

Server Type

All

Value of Length field (in Bytes)

4

Description

Minimum upstream rate configured for the online user

Minimum-Data-Rate-Downstream (132)

No.

132

Attribute Name

Minimum-Data-Rate-Downstream

Attribute Value Type

Integer

Standard Defined

-

Server Type

All

Value of Length field (in Bytes)

4

Description

Minimum downstream rate configured for the online user

Attainable-Data-Rate-Upstream (133)

No.

133

Attribute Name

Attainable-Data-Rate-Upstream

Attribute Value Type

Integer

Standard Defined

-

Server Type

All

Value of Length field (in Bytes)

4

Description

Attainable upstream rate for the online user

Attainable-Data-Rate-Downstream (134)

No.

134

Attribute Name

Attainable-Data-Rate-Downstream

Attribute Value Type

Integer

Standard Defined

-

Server Type

All

Value of Length field (in Bytes)

4

Description

Attainable downstream rate for the online user

Maximum-Data-Rate-Upstream (135)

No.

135

Attribute Name

Maximum-Data-Rate-Upstream

Attribute Value Type

Integer

Standard Defined

-

Server Type

All

Value of Length field (in Bytes)

4

Description

Maximum upstream rate configured for the online user

Maximum-Data-Rate-Downstream (136)

No.

136

Attribute Name

Maximum-Data-Rate-Downstream

Attribute Value Type

Integer

Standard Defined

-

Server Type

All

Value of Length field (in Bytes)

4

Description

Maximum downstream rate configured for the online user

Minimum-Data-Rate-Upstream-Low-Power (137)

No.

137

Attribute Name

Minimum-Data-Rate-Upstream-Low-Power

Attribute Value Type

Integer

Standard Defined

-

Server Type

All

Value of Length field (in Bytes)

4

Description

Minimum upstream rate for the online user at low voltage

Minimum-Data-Rate-Downstream-Low-Power (138)

No.

138

Attribute Name

Minimum-Data-Rate-Downstream-Low-Power

Attribute Value Type

Integer

Standard Defined

-

Server Type

All

Value of Length field (in Bytes)

4

Description

Minimum downstream rate for the online user at low voltage

Maximum-Interleaving-Delay-Upstream (139)

No.

139

Attribute Name

Maximum-Interleaving-Delay-Upstream

Attribute Value Type

Integer

Standard Defined

-

Server Type

All

Value of Length field (in Bytes)

4

Description

Maximum delay for the upstream traffic per channel

Actual-Interleaving-Delay-Upstream (140)

No.

140

Attribute Name

Actual-Interleaving-Delay-Upstream

Attribute Value Type

Integer

Standard Defined

-

Server Type

All

Value of Length field (in Bytes)

4

Description

Actual delay for the upstream traffic per channel

Maximum-Interleaving-Delay-Downstream (141)

No.

141

Attribute Name

Maximum-Interleaving-Delay-Downstream

Attribute Value Type

Integer

Standard Defined

-

Server Type

All

Value of Length field (in Bytes)

4

Description

Maximum delay for the downstream traffic per channel

Actual-Interleaving-Delay-Downstream (142)

No.

142

Attribute Name

Actual-Interleaving-Delay-Downstream

Attribute Value Type

Integer

Standard Defined

-

Server Type

All

Value of Length field (in Bytes)

4

Description

Actual delay for the downstream traffic per channel

Access-Loop-Encapsulation (144)

No.

144

Attribute Name

Access-Loop-Encapsulation

Attribute Value Type

Integer

Standard Defined

-

Server Type

All

Value of Length field (in Bytes)

4

Description

Line encapsulation type for the access user

Private RADIUS attribute defined by Redback. The attribute number is 26, vendor ID is 2352, and sub-attribute ranges from 1 to 255. For details, see the following:

Forward-Policy (92)

No.

92

Attribute Name

Forward-Policy

Attribute Value Type

String

Standard Defined

-

Server Type

All

Value of Length field (in Bytes)

1~253

Description

The attribute has the same function as the Filter-Id (11) attribute defined in RFC 2865.

This attribute is delivered only to Access-Accept packets and COA messages.

BB-Caller-ID (97)

No.

97

Attribute Name

BB-Caller-ID

Attribute Value Type

String

Standard Defined

-

Server Type

All

Value of Length field (in Bytes)

1~253

Description

When "vlanpvc-to-username version10" command or "vlanpvc-to-username version20" command is configured, the attribute (the original option82) is sent to a RADIUS server.

This attribute is sent only in Access-Request and Accounting-Request packets to a RADIUS server.

By default, this attribute is not sent to a RADIUS server. To allow this attribute to be sent, run the "radius-attribute include BB-Caller-ID" command in the RADIUS server group view.

NPM-Service-Id (106)

No.

106

Attribute Name

NPM-Service-Id

Attribute Value Type

String

Standard Defined

-

Server Type

All

Value of Length field (in Bytes)

1~127

Description

Indicates service name.

Anywhere from zero to two NPM-Service-Id attributes can be delivered to Access-Accept packets or sent to a RADIUS server in Accounting-Request packets.

HTTP-Redirect-Profile-Name (107)

No.

107

Attribute Name

HTTP-Redirect-Profile-Name

Attribute Value Type

String

Standard Defined

-

Server Type

All

Value of Length field (in Bytes)

1~64

Description

Configured user URL profile name. This attribute has a similar function to the HW-HTTP-Redirect-URL (140) attribute.

HTTP-Redirect-URL (165)

No.

165

Attribute Name

HTTP-Redirect-URL

Attribute Value Type

String

Standard Defined

-

Server Type

All

Value of Length field (in Bytes)

1~200

Description

Redirection URL. The attribute has the same function as the HW-HTTP-Redirect-URL (140) attribute.

Zero or one HTTP-Redirect-URL attribute can be delivered to one Access-Accept packet.

Private RADIUS attribute defined by Ascend (the attribute may conflict with the standard RADIUS attribute). The attribute number is 26, Vendor ID is 3561, and sub-attribute number ranges from 1 to 255. For details, see the following:

Ascend-Client-Primary-Dns (135)

No.

135

Attribute Name

Ascend-Client-Primary-Dns

Attribute Value Type

Integer

Standard Defined

-

Server Type

All

Value of Length field (in Bytes)

4

Description

IP address of the primary DNS server delivered after user authentication is successful.

The attribute can be delivered in the IPv4 address format.

Ascend-Client-Secondary-Dns (136)

No.

136

Attribute Name

Ascend-Client-Secondary-Dns

Attribute Value Type

Integer

Standard Defined

-

Server Type

All

Value of Length field (in Bytes)

4

Description

IP address of the secondary DNS delivered after user authentication is successful.

The attribute can be delivered in the IPv4 address format.

Private RADIUS attribute defined by the Huawei RADIUS 1.0 protocol (the attribute may conflict with the standard RADIUS attribute and is used only for interconnection with IPHotel). The attribute number is 26, vendor ID is 2011, and sub-attribute ranges from 1 to 255. For details, see the following:

Remanent-Volume (80)

No.

80

Attribute Name

Remanent-Volume

Attribute Value Type

Integer

Standard Defined

-

Server Type

Plus10

Value of Length field (in Bytes)

4

Description

Remaining traffic (in KB) available to a user. Value 0 indicates that the user is logged out immediately. Value 0XFFFFFFFF indicates that there is no traffic limit.

The preceding meaning of the attribute applies only to the scenario where the RADIUS server type is plus10. When the RADIUS server type is not plus10, the attribute meaning is the same as that defined in the RFC standard.

Tariff-Switch-Interval (81)

No.

81

Attribute Name

Tariff-Switch-Interval

Attribute Value Type

Integer

Standard Defined

-

Server Type

Plus10

Value of Length field (in Bytes)

4

Description

Interval between the latest tariff switching time and the current time, in seconds. The next tariff switching time may be within or beyond the next real-time accounting period. Upon tariff switching, a NAS sends an accounting update packet to the RADIUS server.

The preceding meaning of the attribute applies only to the scenario where the RADIUS server type is plus10. When the RADIUS server type is not plus10, the attribute meaning is the same as that defined in the RFC standard.

In-Kb-Before-T-Switch (111)

No.

111

Attribute Name

In-Kb-Before-T-Switch

Attribute Value Type

Integer

Standard Defined

-

Server Type

Plus10

Value of Length field (in Bytes)

4

Description

Number of bytes (in KB) sent by a user before tariff switching.

If no tariff switching occurs within the real-time accounting period, this attribute refers to the total number of bytes that a NAS receives from a user port from the start of the session to the end of the real-time accounting period.

If one tariff switching occurs within the real-time accounting period, this attribute refers to the total number of bytes that a NAS receives from a user port from the start of the session to the time when tariff switching occurs.

No more than one tariff switching can occur in one real-time accounting period.

Out-Kb-Before-T-Switch (112)

No.

112

Attribute Name

Out-Kb-Before-T-Switch

Attribute Value Type

Integer

Standard Defined

-

Server Type

Plus10

Value of Length field (in Bytes)

4

Description

Number of bytes (in KB) received by a user before tariff switching.

If no tariff switching occurs within the real-time accounting period, this attribute refers to the total number of bytes that a NAS sends to a user port from the start of the session to the end of the real-time accounting period.

If one tariff switching occurs within the real-time accounting period, this attribute refers to the total number of bytes that a NAS sends to a user port from the start of the session to the time when tariff switching occurs.

No more than one tariff switching can occur in one real-time accounting period.

In-Pkts-Before-T-Switch (113)

No.

113

Attribute Name

In-Pkts-Before-T-Switch

Attribute Value Type

Integer

Standard Defined

-

Server Type

Plus10

Value of Length field (in Bytes)

4

Description

Number of bytes (in KB) received by a user before tariff switching.

If no tariff switching occurs within the real-time accounting period, this attribute refers to the total number of bytes that a NAS sends to a user port from the start of the session to the end of the real-time accounting period.

If one tariff switching occurs within the real-time accounting period, this attribute refers to the total number of bytes that a NAS sends to a user port from the start of the session to the time when tariff switching occurs.

No more than one tariff switching can occur in one real-time accounting period.

Out-Pkts-Before-T-Switch (114)

No.

114

Attribute Name

Out-Pkts-Before-T-Switch

Attribute Value Type

Integer

Standard Defined

-

Server Type

Plus10

Value of Length field (in Bytes)

4

Description

Number of packets received by a user before tariff switching.

If no tariff switching occurs within the real-time accounting period, this attribute refers to the total number of packets that a NAS sends to a user port from the start of the session to the end of the real-time accounting period.

If one tariff switching occurs within the real-time accounting period, this attribute refers to the total number of packets that a NAS sends to a user port from the start of the session to the time when tariff switching occurs.

No more than one tariff switching can occur in one real-time accounting period.

In-Kb-After-T-Switch (115)

No.

115

Attribute Name

In-Kb-After-T-Switch

Attribute Value Type

Integer

Standard Defined

-

Server Type

Plus10

Value of Length field (in Bytes)

4

Description

Number of bytes (in KB) sent by a user after tariff switching. This attribute refers to the total number of bytes that a NAS receives from a user port from the start of the session to the end of the real-time accounting period.

Out-Kb-After-T-Switch (116)

No.

116

Attribute Name

Out-Kb-After-T-Switch

Attribute Value Type

Integer

Standard Defined

-

Server Type

Plus10

Value of Length field (in Bytes)

4

Description

Number of bytes (in KB) received by a user after tariff switching. This attribute refers to the total number of bytes that a NAS sends to a user port from the start of the session to the end of the real-time accounting period.

In-Pkts-After-T-Switch (117)

No.

117

Attribute Name

In-Pkts-After-T-Switch

Attribute Value Type

Integer

Standard Defined

-

Server Type

Plus10

Value of Length field (in Bytes)

4

Description

Number of packets sent by a user after tariff switching. This attribute refers to the total number of packets that a NAS receives from a user port from the start of the session to the end of the real-time accounting period.

Out-Pkts-After-T-Switch (118)

No.

118

Attribute Name

Out-Pkts-After-T-Switch

Attribute Value Type

Integer

Standard Defined

-

Server Type

Plus10

Value of Length field (in Bytes)

4

Description

Number of packets received by a user after tariff switching. This attribute refers to the total number of packets that a NAS sends to a user port from the start of the session to the end of the real-time accounting period.

Input-Peak-Rate (121)

No.

121

Attribute Name

Input-Peak-Rate

Attribute Value Type

Integer

Standard Defined

-

Server Type

Plus10

Value of Length field (in Bytes)

4

Description

Upstream burst rate (PIR), in bit/s.

Input-Average-Rate (122)

No.

122

Attribute Name

Input-Average-Rate

Attribute Value Type

Integer

Standard Defined

-

Server Type

Plus10

Value of Length field (in Bytes)

4

Description

Upstream average rate (CIR), in bit/s.

Output-Peak-Rate (124)

No.

124

Attribute Name

Output-Peak-Rate

Attribute Value Type

Integer

Standard Defined

-

Server Type

Plus10

Value of Length field (in Bytes)

4

Description

Downstream burst rate (PIR), in bit/s.

Output-Average-Rate (125)

No.

125

Attribute Name

Output-Average-Rate

Attribute Value Type

Integer

Standard Defined

-

Server Type

Plus10

Value of Length field (in Bytes)

4

Description

Downstream average rate (CIR), in bit/s.

OnLine-User-Id (127)

No.

127

Attribute Name

OnLine-User-Id

Attribute Value Type

Integer

Standard Defined

-

Server Type

Plus10

Value of Length field (in Bytes)

4

Description

Connection index of a user.

Connect-port (128)

No.

128

Attribute Name

Connect-port

Attribute Value Type

String

Standard Defined

-

Server Type

Plus10

Value of Length field (in Bytes)

1~48

Description

Feature of a physical port for user access.

Specific formats:

1. When "vlanpvc-to-username" command in the AAA domain view is configured as version 10 (the default value is version 20), the formats of this attribute are as follows:

ATM interface: <host-name>+'-'+<slot-number> (2 bytes)+<sub-slot-number> (1 byte)+<port-number> (1 bytes)+<PVC> (3-byte VPI + 4-byte VCI)+'@vlan' (0s are used for padding, and excess bits are discarded.)

Ethernet interface:

On an X1/X2 model: <host-name>+'-'+<slot-number> (2 bytes)+<sub-slot-number> (1 byte)+<port-number> (1 byte)+<VLAN-ID> (7 bytes)+'@vlan' (0s are used for padding, and excess bits are discarded)

On an X3/X8/X16 model: The format of this attribute for an Ethernet interface in the four dimensional format in a non-virtual access scenario is as follows: <host-name>+'-'+<slot-number> (2 bytes)+<sub-slot-number> (1 byte)+<port-number> (1 byte)+<VLAN-ID> (7 bytes)+'@vlan' (0s are used for padding, and excess bits are discarded.)

On an X3/X8/X16 model: The format of this attribute for an Ethernet interface in the four dimensional format in a virtual access scenario is as follows (the access four-dimensional mode enable command is run): <host-name>+'-'+<ap-id> (5 bytes)+<slot-number> (2 bytes)+<sub-slot-number> (1 byte)+<port-number> (1 byte)+<VLAN-ID> (7 bytes)+'@vlan' (0s are used for padding, and excess bits are discarded.)

2. When "vlanpvc-to-username" command in an AAA domain view is configured as other types (the default value is version 20), the formats of this attribute are as follows:

ATM interface: <host-name>+'-'+<slot-number> (2 bytes)+<sub-slot-number> (1 byte)+<port-number> (2 bytes)+<PVC> (4-byte VPI + 5-byte VCI)+'@vlan' (0s are used for padding, and excess bits are discarded.)

Ethernet interface on an X1/X2 model:

QinQ interface: <host-name>+'-'+<slot-number> (1 byte)+<sub-slot-number> (2 bytes)+<port-number> (1 byte)+<VLAN-ID> (4-byte outer VLAN ID + 0 + 4-byte inner VLAN ID)+'@vlan' (0s are used for padding, and excess bits are discarded.)

Non-QinQ interface: <host-name>+'-'+<slot-number> (1 byte)+<sub-slot-number> (2 bytes)+<port-number> (1 byte)+<VLAN-ID> (9 bytes)+'@vlan' (0s are used for padding, and excess bits are discarded.)

Ethernet interface on an X3/X8/X16 model:

QinQ interface in the four dimensional format in a non-virtual access scenario: <host-name>+'-'+<slot-number> (2 bytes)+<sub-slot-number> (1 byte)+<port-number> (1 byte)+<VLAN-ID> (4-byte outer VLAN ID + 0 + 4-byte inner VLAN ID)+'@vlan' (0s are used for padding, and excess bits are discarded.)

Non-QinQ interface in the four dimensional format in a non-virtual access scenario: <host-name>+'-'+<slot-number> (2 bytes)+<sub-slot-number> (1 byte)+<port-number> (1 byte)+<VLAN-ID> (9 bytes)+'@vlan' (0s are used for padding, and excess bits are discarded.)

QinQ interface in the four dimensional format in a virtual access scenario: <host-name>+'-'+<ap-id> (5 bytes)+<slot-number> (2 bytes)+<sub-slot-number> (1 byte)+<port-number> (1 byte)+<VLAN-ID> (4-byte outer VLAN ID + 0 + 4-byte inner VLAN ID)+'@vlan' (0s are used for padding, and excess bits are discarded.)

Non-QinQ interface in the four dimensional format in a virtual access scenario: <host-name>+'-'+<ap-id> (5 bytes)+<slot-number> (2 bytes)+<sub-slot-number> (1 byte)+<port-number> (1 byte)+<VLAN-ID> (9 bytes)+'@vlan' (0s are used for padding, and excess bits are discarded.)

3. When the Connect-port attribute is converted to the Connect-Port-New attribute using an attribute conversion command,

the formats of the new attribute are the same as those of the old attribute except that the port number is extended from 1 byte to 2 bytes.

Download
Updated: 2019-01-02

Document ID: EDOC1100058415

Views: 16588

Downloads: 13

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next