This section contains the remote AAA Attributes use by Radius, TACACS and TACACS+ servers.
IBM Vendor ID: 211
Authorization Attributes
Standard Drafted
| TUNNEL_TYPE |
| 64 |
|
| TUNNEL_MEDIUM_TYPE |
| 65 |
|
| TUNNEL_CLIEN_TYPE |
| 66 |
|
| TUNNEL_SERVER_EP |
| 67 |
|
| TUNNEL_CONN_ID |
| 68 |
|
| TUNNEL_PASSWORD |
| 69 |
|
|
|
|
| |
|
|
|
| |
| values |
|
|
|
|
|
|
| |
| TUNNEL_TYPE |
| integer |
|
| 3 | L2TP |
|
|
|
|
|
|
|
| TUNNEL_MEDIUM_TYPE |
| integer |
|
| 1 | IP |
|
|
|
|
|
|
|
| TUNNEL_SERVER_EP |
| string |
|
|
| ip address |
|
|
IBM Vendor Specific
| NAS_TUNNEL_PASSWORD |
| 101 |
|
| CALLBACK_FLAGS |
| 210 |
|
| ENCRYPTION |
| 211 |
|
| HOSTNAME |
| 213 |
|
| DIALOUT |
| 214 |
|
| SUBNETMASK |
| 215 |
|
| PRIVILEGE |
| 216 |
|
Keywords are used for Radius servers that allow the entry of vendor
specific fields <keyword>=<value>.
| KWD_CALLBACK_FLAGS |
| CBF |
|
| KWD_ENCRYPTION |
| ENC |
|
| KWD_HOSTNAME |
| HSN |
|
| KWD_DIALOUT |
| DOF |
|
| KWD_SUBNETMASK |
| SNM |
|
| KWD_PRIVELGE |
| PRV |
|
|
|
|
| |
| Values |
|
|
|
|
|
|
| |
| PRIVILEGE: |
|
|
|
| ADMIN |
|
|
|
| OPER |
|
|
|
| MONITOR |
|
|
|
|
|
|
| |
| CALLBACKFLAGS |
|
|
|
| REQ |
| required callback |
|
| ROAM |
| roaming callback |
|
|
|
|
| |
| DIALOUT |
|
|
|
| TRUE |
| enable dialout for this user |
|
| FALSE |
| disable dialout for this user |
|
| ONLY |
| only allow dialout for this user (not dial in) |
|
Authentication
Authorization
PPP service=ppp protocol=ip
LOGIN service=shell cmd=null pri_lvl*0
Standard TACACS+ Attributes
service
protocol
cmd
addr
timeout
priv_lvl
callback-dialstring
IBM Specific Attributes
encryption_key 16 hex characters
dial_out TRUE FALSE ONLY
Accounting
task_id
start_time
stop_time
elasped_time
timezone
event
reason
bytes
bytes_in
bytes_out
paks
paks_in
paks_out
status
err_msg