This appendix lists the RADIUS attributes that the Cisco 10000 series router supports in Cisco IOS Release 12.2(4)BZ1 and later releases. The following conventions are used in the tables that follow:
•Supported and tested—The attribute has been tested and the Cisco 10000 series router supports it.
•Not Supported—The Cisco 10000 series router does not support the attribute.
•Not Applicable—The attribute does not apply to the Cisco 10000 series router.
Note For more information, see the "RADIUS Attributes" appendix in the Cisco IOS Security Configuration Guide, Release 12.2.
RADIUS IETF Attributes
Table A-1 RADIUS IETF Attributes
Number
IETF Attribute
Status
1
User-Name
Supported and tested
2
User-Password
Supported and tested
3
CHAP-Password
Supported and tested
4
NAS-IP Address
Supported and tested
5
NAS-Port
Supported and tested
6
Service-Type
Supported and tested
7
Framed-Protocol
Supported and tested
8
Framed-IP-Address
Supported and tested
9
Framed-IP-Netmask
Supported and tested
10
Framed-Routing
Router receives this attribute and properly handles a value of 0:None. Unclear if the system properly handles a value of 3:send and listen.
11
Filter-ID
Supported and tested
12
Framed-MTU
Supported and tested
13
Framed-Compression
Cisco 10000 series router ignores this attribute.
14
Login-IP-Host
Not Applicable
15
Login-Service
Not Applicable
16
Login-TCP-Port
Not Applicable
18
Reply-Message
Supported and tested
19
Callback-Number
Not Applicable
20
Callback-ID
Not Applicable
22
Framed-Route
Supported and tested
23
Framed-IPX-Network
Not Applicable
24
State
Supported but not tested
25
Class
Supported and tested
26
Vendor-Specific
Supported and tested for Cisco VSA
27
Session-Timeout
Supported and tested
28
Idle-Timeout
Supported and tested
29
Termination-Action
Typically not used in DSL environment
30
Called-Station-ID
Typically not used in DSL environment
31
Calling-Station-ID
Supported and tested
32
NAS-Identifier
Supported and tested
33
Proxy-Stat
Not Applicable
34
Login-LAT-Service
Not Applicable
35
Login-LAT-Node
Not Applicable
36
Login-LAT-Group
Not Applicable
37
Framed-AppleTalk-Link
Not Applicable
38
Framed-AppleTalk-Network
Not Applicable
39
Framed-AppleTalk-Zone
Not Applicable
40
Acct-Status-Type
Supported and tested
41
Acct-Delay-Time
Supported and tested
42
Acct-Input-Octets
Supported and tested
43
Acct-Output-Octets
Supported and tested
44
Acct-Session-Id
Supported and tested
45
Acct-Authentic
Supported and tested
46
Acct-Session-Time
Supported and tested
47
Acct-Input-Packets
Supported and tested
48
Acct-Output-Packets
Supported and tested
49
Acct-Terminate-Cause
Supported and tested
50
Acct-Multi-Session-Id
Multilink is not supported.
51
Acct-Link-Count
Multilink is not supported.
52
Acct-Input-Gigawords
Supported and tested
53
Acct-Output-Gigawords
Supported and tested
60
CHAP-Challenge
Supported in Cisco IOS but not tested on the Cisco 10000 series router.
61
NAS-Port-Type
Supported and tested
62
Port-Limit
Not Applicable
63
Login-LAT-Port
Not Applicable
64
Tunnel-Type
Supported on the Cisco 10000 series router but the router only supports L2TP tunnels.
65
Tunnel-Medium-Type
Supported on the Cisco 10000 series router but IP is the only medium the router currently supports.
66
Tunnel-Client-Endpoint
Supported and tested in accounting.
67
Tunnel-Server-Endpoint
Supported and tested in accounting.
68
Acct-Tunnel-Connection
Supported and tested in Cisco IOS Release 12.2(15)BX.
69
Tunnel-Password
Supported and tested in Cisco IOS Release 12.2(15)BX.
70
ARAP-Password
Not Supported
71
ARAP-Features
Not Supported
72
ARAP-Zone-Access
Not Supported
73
ARAP-Security
Not Supported
74
ARAP-Security-Data
Not Supported
75
Password-Retry
Not Supported
76
Prompt
Typically not used in DSL environment
77
Connect-Info
Supported and tested in Cisco IOS Release 12.2(15)BX.
78
Configuration-Token
Not Supported
79
EAP-Message
Not Supported
81
Tunnel-Private-Group-ID
Not Supported
82
Tunnel-Assignment-ID
Supported and tested in Cisco IOS Release 12.2(15)BX.
83
Tunnel-Preference
Supported and tested in Cisco IOS Release 12.2(15)BX.
84
ARAP-Challenge-Response
Not Supported
85
Acct-Interim-Interval
Supported in Cisco IOS but not tested on the Cisco 10000 series router.
86
Acct-Tunnel-Packets-Lost
Not Supported
87
NAS-Port-ID
Supported and tested
88
Framed-Pool
Not Supported
90
Tunnel-Client-Auth-Id
Not Supported
91
Tunnel-Server-Auth-ID
Not Supported
200
IETF-Token-Immediate
Not Applicable
Vendor-Proprietary RADIUS Attributes
Table A-2 Vendor-Proprietary RADIUS Attributes
Number
Vendor-Proprietary Attribute
Status
17
Change-Password
Typically not used in DSL environment
21
Password-Expiration
Typically not used in DSL environment
68
Tunnel-ID
Supported and tested in accounting
108
My-Endpoint-Disc-Alias
Not Applicable
109
My-Name-Alias
Not Applicable
110
Remote-FW
Not Applicable
111
Multicast-GLeave-Delay
Not Applicable
112
CBCP-Enable
Not Applicable
113
CBCP-Mode
Not Applicable
114
CBCP-Delay
Not Applicable
115
CBCP-Trunk-Group
Not Applicable
116
Appletalk-Route
Not Applicable
117
Appletalk-Peer-Mode
Not Applicable
118
Route-Appletalk
Not Applicable
119
FCP-Parameter
Not Applicable
120
Modem-PortNo
Not Applicable
121
Modem-SlotNo
Not Applicable
122
Modem-ShelfNo
Not Applicable
123
Call-Attempt-Limit
Not Applicable
124
Call-Block-Duration
Not Applicable
125
Maximum-Call-Duration
Not Applicable
126
Router-Preference
Not Applicable
127
Tunneling-Protocol
Not Applicable
128
Shared-Profile-Enable
Not Applicable
129
Primary-Home-Agent
Not Applicable
130
Secondary-Home-Agent
Not Applicable
131
Dialout-Allowed
Not Applicable
133
BACP-Enable
Not Applicable
134
DHCP-Maximum-Leases
Not Applicable
135
Primary-DNS-Server
Supported and tested
136
Secondary-DNS-Server
Supported and tested
137
Client-Assign-DNS
Not Applicable
138
User-Acct-Type
Not Applicable
139
User-Acct-Host
Not Applicable
140
User-Acct-Port
Not Applicable
141
User-Acct-Key
Not Applicable
142
User-Acct-Base
Not Applicable
143
User-Acct-Time
Not Applicable
144
Assign-IP-Client
Not Applicable
145
Assign-IP-Server
Not Applicable
146
Assign-IP-Global-Pool
Not Applicable
147
DHCP-Reply
Not Applicable
148
DHCP-Pool-Number
Not Applicable
149
Expect-Callback
Not Applicable
150
Event-Type
Not Applicable
151
Session-Svr-Key
Supported and tested. Enables the router to match a user session with a client request to disconnect the session.
152
Multicast-Rate-Limit
Not Applicable
153
IF-Netmask
Not Applicable
154
Remote-Addr
Not Applicable
155
Multicast-Client
Not Applicable
156
FR-Circuit-Name
Not Applicable
157
FR-LinkUp
Not Applicable
158
FR-Nailed-Grp
Not Applicable
159
FR-Type
Not Applicable
160
FR-Link-Mgt
Not Applicable
161
FR-N391
Not Applicable
162
FR-DCE-N392
Not Applicable
163
FR-DTE-N392
Not Applicable
164
FR-DCE-N393
Not Applicable
165
FR-DTE-N393
Not Applicable
166
FR-T391
Not Applicable
167
FR-T392
Not Applicable
168
Bridge-Address
Not Applicable
169
TS-Idle-Limit
Not Applicable
170
TS-Idle-Mode
Not Applicable
171
DBA-Monitor
Not Applicable
172
Base-Channel-Count
Not Applicable
173
Minimum-Channels
Not Applicable
174
IPX-Route
Not Applicable
175
FT1-Caller
Not Applicable
176
Backup
Not Applicable
177
Call-Type
Not Applicable
178
Group
Not Applicable
179
FR-DLCI
Not Applicable
180
FR-Profile-Name
Not Applicable
181
Ara-PW
Not Applicable
182
IPX-Node-Addr
Not Applicable
183
Home-Agent-IP-Addr
Not Applicable
184
Home-Agent-Password
Not Applicable
185
Home-Network-Name
Not Applicable
186
Home-Agent-UDP-Port
Not Applicable
187
Multilink-ID
Multilink is not supported.
188
Num-In-Multilink
Multilink is not supported.
189
First-Dest
Not Applicable
190
Pre-Input-Octets
Not Supported
191
Pre-Output-Octets
Not Supported
192
Pre-Input-Packets
Not Supported
193
Pre-Output-Packets
Not Supported
194
Maximum-Time
Typically not used in DSL environment
195
Disconnect-Cause
Supported and tested
196
Connect-Progress
Supported and tested
197
Data-Rate
Typically not used in DSL environment
198
PreSession-Time
Typically not used in DSL environment
199
Token-Idle
Not Applicable
201
Require-Auth
Not Applicable
202
Number-Sessions
Not Applicable
203
Authen-Alias
Not Applicable
204
Token-Expiry
Not Applicable
205
Menu-Selector
Not Applicable
206
Menu-Item
Not Applicable
207
PW-Warntime
Not Supported
208
PW-Lifetime
Typically not used in DSL environment
209
IP-Direct
Not Applicable
210
PPP-VJ-Slot-Comp
Not Supported
211
PPP-VJ-1172
Not Supported
212
PPP-Async-Map
Not Applicable
213
Third-Prompt
Not Applicable
214
Send-Secret
Typically not used in DSL environment
215
Receive-Secret
Not Supported
216
IPX-Peer-Mode
Not Applicable
217
IP-Pool-Definition
Supported in Cisco IOS but not tested on the Cisco 10000 series router.
218
Assign-IP-Pool
Supported in Cisco IOS but not tested on the Cisco 10000 series router.
219
FR-Direct
Not Applicable
220
FR-Direct-Profile
Not Applicable
221
FR-Direct-DLCI
Not Applicable
222
Handle-IPX
Not Applicable
223
Netware-Timeout
Not Applicable
224
IPX-Alias
Not Applicable
225
Metric
Not Applicable
226
PRI-Number-Type
Not Applicable
227
Dial-Number
Not Applicable
228
Route-IP
Supported in Cisco IOS but not tested on the Cisco 10000 series router.
229
Route-IPX
Not Applicable
230
Bridge
Not Applicable
231
Send-Auth
Not Applicable
232
Send-Passwd
Not Applicable
233
Link-Compression
Not Supported
234
Target-Util
Not Supported
235
Maximum-Channels
Not Supported
236
Inc-Channel-Count
Not Supported
237
Dec-Channel-Count
Not Supported
238
Seconds-of-History
Not Supported
239
History-Weigh-type
Not Supported
240
Add-Seconds
Not Supported
241
Remove-Seconds
Not Supported
242
Data-Filter
Supported and tested
243
Call-Filter
Not Supported
244
Idle-Limit
Not Supported
245
Preempt-Limit
Not Applicable
246
Callback
Not Applicable
247
Data-Svc
Not Applicable
248
Force-56
Not Applicable
249
Billing Number
Not Applicable
250
Call-By-Call
Not Applicable
251
Transit-Number
Not Applicable
252
Host-Info
Not Applicable
253
PPP-Address
Not Applicable
254
MPP-Idle-Percent
Not Applicable
255
Xmit-Rate
Typically not used in DSL environment.
Vendor-Specific RADIUS IETF Attributes
Table A-3 Vendor-Specific RADIUS IETF Attributes
Number
Vendor-Specific Company Code
Sub-Type Number
Attribute
Status
MS-CHAP Attributes
26
311
1
MSCHAP-Response
Not Supported
26
311
11
MSCHAP-Challenge
Not Supported
VPDN Attributes
26
9
1
12tp-busy-disconnect
Supported in Cisco IOS but not tested on the Cisco 10000 series router.
26
9
1
12tp-cm-local-window-size
Supported in Cisco IOS but not tested on the Cisco 10000 series router.
26
9
1
12tp-drop-out-of-order
Not Supported
26
9
1
12tp-hello-interval
Supported in Cisco IOS but not tested on the Cisco 10000 series router.
26
9
1
12tp-hidden-avp
Supported in Cisco IOS but not tested on the Cisco 10000 series router.
26
9
1
12tp-nosession-timeout
Supported in Cisco IOS but not tested on the Cisco 10000 series router.
26
9
1
12tp-tos-reflect
Supported in Cisco IOS but not tested on the Cisco 10000 series router.
26
9
1
12tp-tunnel-authen
Supported in Cisco IOS but not tested on the Cisco 10000 series router.
26
9
1
12tp-tunnel-password
Supported in Cisco IOS but not tested on the Cisco 10000 series router.
26
9
1
12tp-udp-checksum
Not Supported
Store and Forward Fax Attributes
26
9
3
Fax-Account-Id-Origin
Not Applicable
26
9
4
Fax-Msg-Id=
Not Applicable
26
9
5
Fax-Pages
Not Applicable
26
9
6
Fax-Coverpage-Flag
Not Applicable
26
9
7
Fax-Modem-Time
Not Applicable
26
9
8
Fax-Connect-Speed
Not Applicable
26
9
9
Fax-Recipient-Count
Not Applicable
26
9
10
Fax-Process-Abort-Flag
Not Applicable
26
9
11
Fax-Dsn-Address
Not Applicable
26
9
12
Fax-Dsn-Flag
Not Applicable
26
9
13
Fax-Mdn-Address
Not Applicable
26
9
14
Fax-Mdn-Flag
Not Applicable
26
9
15
Fax-Auth-Status
Not Applicable
26
9
16
Email-Server-Address
Not Applicable
26
9
17
Email-Server-Ack-Flag
Not Applicable
26
9
18
Gateway-Id
Not Applicable
26
9
19
Call-Type
Not Applicable
26
9
20
Port-Used
Not Applicable
26
9
21
Abort-Cause
Not Applicable
H323 Attributes
26
9
23
h323-remote-address
Not Applicable
26
9
24
h323-conf-id
Not Applicable
26
9
25
h323-setup-time
Not Applicable
26
9
26
h323-call-origin
Not Applicable
26
9
27
h323-call-type
Not Applicable
26
9
28
h323-connect-time
Not Applicable
26
9
29
h323-disconnect-time
Not Applicable
26
9
30
h323-disconnect-cause
Not Applicable
26
9
31
h323-voice-quality
Not Applicable
26
9
33
h323-gw-id
Not Applicable
Large Scale Dialout Attributes
26
9
1
callback-dialstring
Not Applicable
26
9
1
data-service
Not Applicable
26
9
1
dial-number
Not Applicable
26
9
1
force-56
Not Applicable
26
9
1
map-class
Not Applicable
26
9
1
send-auth
Not Applicable
Miscellaneous Attributes
26
9
2
Cisco-NAS-Port
Supported and tested
26
9
1
min-links
Multilink is not supported.
26
9
1
proxyacl#<n>
Not Supported
26
9
1
spi
Not Applicable
26
9
37
Cisco-Policy-Up
Supported and tested in Cisco IOS Release 12.2(15)BZ.
26
9
38
Cisco-Policy-Down
Supported and tested in Cisco IOS Release 12.2(15)BZ.
26
9
1
atm:Peak-Cell-Rate=
Supported and tested in Cisco IOS Release 12.2(15)BX.
26
9
1
atm:Sustainable-Cell-Rate=
Supported and tested in Cisco IOS Release 12.2(15)BX.
26
9
1
ip:vrf-id=
Supported and tested in Cisco IOS Release 12.2(16)BX1.
26
9
1
ip:ip-unnumbered=
Supported and tested in Cisco IOS Release 12.2(16)BX1.
Feedback
Supported and tested—The attribute has been tested and the Cisco 10000 series router supports it.
