Software User's Guide Version 3.4

Appendix D. Remote AAA Attributes

This section identifies the remote AAA Attributes used by Radius, TACACS and TACACS+ servers.

Radius

IBM Vendor ID: 211

Authorization Attributes

Standard Drafted

TUNNEL_TYPE
64
TUNNEL_MEDIUM_TYPE
65
TUNNEL_CLIEN_TYPE
66
TUNNEL_SERVER_EP
67
TUNNEL_CONN_ID
68
TUNNEL_PASSWORD
69

values

TUNNEL_TYPE
integer
1 PPTP

2 L2F

3 L2TP

TUNNEL_MEDIUM_TYPE
integer
1 IP

TUNNEL_SERVER_EP
string

ip address

IBM Vendor Specific

NAS_TUNNEL_PASSWORD
101
INBYTES_AH
110
INBYTES_ESP
111
OUTBYTES_AH
112
OUTBYTES_ESP
113
INPKTS_BAD
114
OUTPKTS_BAD
115
INPKTS_BAD_AH
116
INPKTS_BAD_ESP
117
OUTPKTS_BAD_AH
118
OUTPKTS_BAD_ESP
119
INPKTS_AH
120
AH INPKTS_ESP
121
OUTPKTS_AH
122
AH OUTPKTS_ESP
123
INPKTS_BAD_AH_RPLY
124
INPKTS_BAD_ESP_RPLY
125
INBYTES_WRAP
128
OUTBYTES_WRAP
129
INB_AH_WRAP
130
INB_ESP_WRAP
131
OUB_AH_WRAP
132
OUB_ESP_WRAP
133
POLICY_NAME
135
P1_ID
136
TRANSFORMS
137
REFR_CNT
138
COMPR
139
ESP_ALGO
140
AH_ALGO
141
ESPAUTH_ALGO
142
P1_NAME
143
VC-ACTIVE
177
VC-IDLETIME
179
VC-SUSPENDTIME
180
CALLBACK_FLAGS
210
ENCRYPTION
211
HOSTNAME
213
SUBNETMASK
215
PRIVILEGE
216

Keywords

Keywords are used for Radius servers that allow the entry of vendor specific fields <keyword>=<value>.

KWD_VC_ACTIVE
VCN
KWD_VC_IDLETIME
VCI
KWD_VC_SUSPENDTIME
VCS
KWD_CALLBACK_FLAGS
CBF
KWD_ENCRYPTION
ENC
KWD_HOSTNAME
HSN
KWD_SUBNETMASK
SNM
KWD_PRIVILEGE
PRV

Values

CALLBACK_FLAGS

REQ
required callback
ROAM
roaming callback

PRIVILEGE:

ADMIN

OPER

MONITOR

Example of RADIUS Configuration File

The following is an example of a RADIUS configuration file:

VENDOR IBM 211
ATTRIBUTE User-Name 1 string
ATTRIBUTE User-Password 2 string
ATTRIBUTE CHAP-Password 3 string
ATTRIBUTE NAS-IP-Address 4 ipaddr
ATTRIBUTE NAS-Port 5 integer
ATTRIBUTE Service-Type 6 integer
ATTRIBUTE Framed-Protocol 7 integer
ATTRIBUTE Framed-IP-Address 8 ipaddr
ATTRIBUTE Framed-IP-Netmask 9 ipaddr
ATTRIBUTE Framed-Routing 10 integer
ATTRIBUTE Filter-Id 11 string
ATTRIBUTE Framed-MTU 12 integer
ATTRIBUTE Framed-Compression 13 integer
ATTRIBUTE Login-IP-Host 14 ipaddr
ATTRIBUTE Login-Service 15 integer
ATTRIBUTE Login-TCP-Port 16 integer #
ATTRIBUTE Old-Password 17 string
ATTRIBUTE Reply-Message 18 string
ATTRIBUTE Callback-Number 19 string
ATTRIBUTE Callback-Id 20 string #
ATTRIBUTE Unassigned 21 string
ATTRIBUTE Framed-Route 22 string
ATTRIBUTE Framed-IPX-Network 23 integer
ATTRIBUTE State 24 string
ATTRIBUTE Class 25 string
ATTRIBUTE Vendor-Specific 26 string
ATTRIBUTE Session-Timeout 27 integer
ATTRIBUTE Idle-Timeout 28 integer
ATTRIBUTE Termination-Action 29 integer
ATTRIBUTE Called-Station-Id 30 string
ATTRIBUTE Calling-Station-Id 31 string
ATTRIBUTE NAS-Identifier 32 string
ATTRIBUTE Proxy-State 33 string
ATTRIBUTE Login-LAT-Service 34 string
ATTRIBUTE Login-LAT-Node 35 string
ATTRIBUTE Login-LAT-Group 36 string
ATTRIBUTE Framed-Appletalk-Link 37 integer
ATTRIBUTE Framed-Appletalk-Net 38 integer
ATTRIBUTE Framed-Appletalk-Zone 39 string
ATTRIBUTE Acct-Status-Type 40 integer
ATTRIBUTE Acct-Delay-Time 41 integer
ATTRIBUTE Acct-Input-Octets 42 integer
ATTRIBUTE Acct-Output-Octets 43 integer
ATTRIBUTE Acct-Session-Id 44 string
ATTRIBUTE Acct-Authentic 45 integer
ATTRIBUTE Acct-Session-Time 46 integer
ATTRIBUTE Acct-Input-Packets 47 integer
ATTRIBUTE Acct-Output-Packets 48 integer
ATTRIBUTE Acct-Terminate-Cause 49 integer
ATTRIBUTE Acct-Multi-Session-Id 50 string
ATTRIBUTE Acct-Link-Count 51 integer
ATTRIBUTE CHAP-Challenge 60 string
ATTRIBUTE NAS-Port-Type 61 integer
ATTRIBUTE Port-Limit 62 integer
ATTRIBUTE Login-LAT-Port 63 string
--------------------- START IBM -----------------------
ATTRIBUTE Tunnel-Type 64 integer
ATTRIBUTE Tunnel-Medium 65 integer
ATTRIBUTE Tunnel-Client-EP 66 string
ATTRIBUTE Tunnel-Server-EP 67 string
ATTRIBUTE Tunnel-Conn-ID 68 string
ATTRIBUTE Tunnel-Password 69 string
ATTRIBUTE Tunnel-NAS-Password 101 string
ATTRIBUTE VC-ACTIVE 177 integer
ATTRIBUTE VC-IDLETIME 179 integer
ATTRIBUTE VC-SUSPENDTIME 180 integer
ATTRIBUTE IBM-Callback-Flags 210 string
ATTRIBUTE IBM-Encryption 211 string
ATTRIBUTE IBM-DialOut 214 string
ATTRIBUTE IBM-Hostname 213 string
ATTRIBUTE IBM-Subnetmask 215 string
ATTRIBUTE IBM-Privilege 216 string
ATTRIBUTE IBM-ipsec-inb-ah 110 integer
ATTRIBUTE IBM-ipsec-inb-esp 111 integer
ATTRIBUTE IBM-ipsec-ob-ah 112 integer
ATTRIBUTE IBM-ipsec-ob-esp 113 integer
ATTRIBUTE IBM-ipsec-ip-bad 114 integer
ATTRIBUTE IBM-ipsec-op-bad 115 integer
ATTRIBUTE IBM-ipsec-ip-bad-ah 116 integer
ATTRIBUTE IBM-ipsec-ip-bad-esp 117 integer
ATTRIBUTE IBM-ipsec-op-bad-ah 118 integer
ATTRIBUTE IBM-ipsec-op-bad-esp 119 integer
ATTRIBUTE IBM-ipsec-ip-ah 120 integer
ATTRIBUTE IBM-ipsec-ip-esp 121 integer
ATTRIBUTE IBM-ipsec-op-ah 122 integer
ATTRIBUTE IBM-ipsec-op-esp 123 integer
ATTRIBUTE IBM-ipsec-ip-bad-ah-r 124 integer
ATTRIBUTE IBM-ipsec-ip-bad-esp-r 125 integer
ATTRIBUTE IBM-ipsec-inb-wrap 128 integer
ATTRIBUTE IBM-ipsec-ob-wrap 129 integer
ATTRIBUTE IBM-ipsec-ib-ah-wrap 130 integer
ATTRIBUTE IBM-ipsec-ib-esp-wrap 131 integer
ATTRIBUTE IBM-ipsec-ob-ah-wrap 132 integer
ATTRIBUTE IBM-ipsec-ob-esp-wrap 133 integer
ATTRIBUTE IBM-ipsec-policy-name 135 string
ATTRIBUTE IBM-ipsec-p1-id 136 string
ATTRIBUTE IBM-ipsec-p1-name 143 string
ATTRIBUTE IBM-ipsec-esp-algo 140 string
ATTRIBUTE IBM-ipsec-ah-algo 141 string
ATTRIBUTE IBM-ipsec-esp-algo 142 string

VALUE Tunnel-Type L2TP 3
VALUE Tunnel-Type L2F 2
VALUE Tunnel-Type PPTP 1
VALUE Tunnel-Medium IP 1
VALUE VC-ACTIVE YES 1
VALUE VC-ACTIVE NO 0
VALUE IBM-Callback-Flags Required REQ
VALUE IBM-Callback-Flags Roaming OAM
VALUE IBM-Dialout Enable TRUE
VALUE IBM-Dialout Disable FALSE
VALUE IBM-Dialout ONLY ONLY
VALUE IBM-Privilege Administrator ADMIN
VALUE IBM-Privilege Operator OPER
VALUE IBM-Privilege Monitor MONITOR

TACACS+

Authentication

Authorization
PPP service=ppp protocol=ip
LOGIN service=shell cmd=null pri_lvl*0

Standard TACACS+ Attributes
service
protocol
cmd
addr
timeout
priv_lvl 0 (monitor privilege), 1 (operator privilege), 15 (administrator privilege)
callback-dialstring

IBM Specific Attributes
encryption_key 16 hex characters
dial_out TRUE FALSE ONLY

Accounting
task_id
start_time
stop_time
elasped_time
timezone
event
reason
bytes
bytes_in
bytes_out
paks
paks_in
paks_out
status
err_msg

[ Top of Page | Previous Page | Next Page | Table of Contents | Index ]

TUNNEL_TYPE		64
TUNNEL_MEDIUM_TYPE		65
TUNNEL_CLIEN_TYPE		66
TUNNEL_SERVER_EP		67
TUNNEL_CONN_ID		68
TUNNEL_PASSWORD		69


values

TUNNEL_TYPE		integer
1	PPTP
2	L2F
3	L2TP

TUNNEL_MEDIUM_TYPE		integer
1	IP

TUNNEL_SERVER_EP		string
	ip address

NAS_TUNNEL_PASSWORD		101
INBYTES_AH		110
INBYTES_ESP		111
OUTBYTES_AH		112
OUTBYTES_ESP		113
INPKTS_BAD		114
OUTPKTS_BAD		115
INPKTS_BAD_AH		116
INPKTS_BAD_ESP		117
OUTPKTS_BAD_AH		118
OUTPKTS_BAD_ESP		119
INPKTS_AH		120
AH INPKTS_ESP		121
OUTPKTS_AH		122
AH OUTPKTS_ESP		123
INPKTS_BAD_AH_RPLY		124
INPKTS_BAD_ESP_RPLY		125
INBYTES_WRAP		128
OUTBYTES_WRAP		129
INB_AH_WRAP		130
INB_ESP_WRAP		131
OUB_AH_WRAP		132
OUB_ESP_WRAP		133
POLICY_NAME		135
P1_ID		136
TRANSFORMS		137
REFR_CNT		138
COMPR		139
ESP_ALGO		140
AH_ALGO		141
ESPAUTH_ALGO		142
P1_NAME		143
VC-ACTIVE		177
VC-IDLETIME		179
VC-SUSPENDTIME		180
CALLBACK_FLAGS		210
ENCRYPTION		211
HOSTNAME		213
SUBNETMASK		215
PRIVILEGE		216

KWD_VC_ACTIVE		VCN
KWD_VC_IDLETIME		VCI
KWD_VC_SUSPENDTIME		VCS
KWD_CALLBACK_FLAGS		CBF
KWD_ENCRYPTION		ENC
KWD_HOSTNAME		HSN
KWD_SUBNETMASK		SNM
KWD_PRIVILEGE		PRV

Values

CALLBACK_FLAGS
REQ		required callback
ROAM		roaming callback


PRIVILEGE:
ADMIN
OPER
MONITOR

VENDOR IBM 211
ATTRIBUTE	User-Name	1	string
ATTRIBUTE	User-Password	2	string
ATTRIBUTE	CHAP-Password	3	string
ATTRIBUTE	NAS-IP-Address	4	ipaddr
ATTRIBUTE	NAS-Port	5	integer
ATTRIBUTE	Service-Type	6	integer
ATTRIBUTE	Framed-Protocol	7	integer
ATTRIBUTE	Framed-IP-Address	8	ipaddr
ATTRIBUTE	Framed-IP-Netmask	9	ipaddr
ATTRIBUTE	Framed-Routing	10	integer
ATTRIBUTE	Filter-Id	11	string
ATTRIBUTE	Framed-MTU	12	integer
ATTRIBUTE	Framed-Compression	13	integer
ATTRIBUTE	Login-IP-Host	14	ipaddr
ATTRIBUTE	Login-Service	15	integer
ATTRIBUTE	Login-TCP-Port	16	integer #
ATTRIBUTE	Old-Password	17	string
ATTRIBUTE	Reply-Message	18	string
ATTRIBUTE	Callback-Number	19	string
ATTRIBUTE	Callback-Id	20	string #
ATTRIBUTE	Unassigned	21	string
ATTRIBUTE	Framed-Route	22	string
ATTRIBUTE	Framed-IPX-Network	23	integer
ATTRIBUTE	State	24	string
ATTRIBUTE	Class	25	string
ATTRIBUTE	Vendor-Specific	26	string
ATTRIBUTE	Session-Timeout	27	integer
ATTRIBUTE	Idle-Timeout	28	integer
ATTRIBUTE	Termination-Action	29	integer
ATTRIBUTE	Called-Station-Id	30	string
ATTRIBUTE	Calling-Station-Id	31	string
ATTRIBUTE	NAS-Identifier	32	string
ATTRIBUTE	Proxy-State	33	string
ATTRIBUTE	Login-LAT-Service	34	string
ATTRIBUTE	Login-LAT-Node	35	string
ATTRIBUTE	Login-LAT-Group	36	string
ATTRIBUTE	Framed-Appletalk-Link	37	integer
ATTRIBUTE	Framed-Appletalk-Net	38	integer
ATTRIBUTE	Framed-Appletalk-Zone	39	string
ATTRIBUTE	Acct-Status-Type	40	integer
ATTRIBUTE	Acct-Delay-Time	41	integer
ATTRIBUTE	Acct-Input-Octets	42	integer
ATTRIBUTE	Acct-Output-Octets	43	integer
ATTRIBUTE	Acct-Session-Id	44	string
ATTRIBUTE	Acct-Authentic	45	integer
ATTRIBUTE	Acct-Session-Time	46	integer
ATTRIBUTE	Acct-Input-Packets	47	integer
ATTRIBUTE	Acct-Output-Packets	48	integer
ATTRIBUTE	Acct-Terminate-Cause	49	integer
ATTRIBUTE	Acct-Multi-Session-Id	50	string
ATTRIBUTE	Acct-Link-Count	51	integer
ATTRIBUTE	CHAP-Challenge	60	string
ATTRIBUTE	NAS-Port-Type	61	integer
ATTRIBUTE	Port-Limit	62	integer
ATTRIBUTE	Login-LAT-Port	63	string
--------------------- START IBM -----------------------
ATTRIBUTE	Tunnel-Type	64	integer
ATTRIBUTE	Tunnel-Medium	65	integer
ATTRIBUTE	Tunnel-Client-EP	66	string
ATTRIBUTE	Tunnel-Server-EP	67	string
ATTRIBUTE	Tunnel-Conn-ID	68	string
ATTRIBUTE	Tunnel-Password	69	string
ATTRIBUTE	Tunnel-NAS-Password	101	string
ATTRIBUTE	VC-ACTIVE	177	integer
ATTRIBUTE	VC-IDLETIME	179	integer
ATTRIBUTE	VC-SUSPENDTIME	180	integer
ATTRIBUTE	IBM-Callback-Flags	210	string
ATTRIBUTE	IBM-Encryption	211	string
ATTRIBUTE	IBM-DialOut	214	string
ATTRIBUTE	IBM-Hostname	213	string
ATTRIBUTE	IBM-Subnetmask	215	string
ATTRIBUTE	IBM-Privilege	216	string
ATTRIBUTE	IBM-ipsec-inb-ah	110	integer
ATTRIBUTE	IBM-ipsec-inb-esp	111	integer
ATTRIBUTE	IBM-ipsec-ob-ah	112	integer
ATTRIBUTE	IBM-ipsec-ob-esp	113	integer
ATTRIBUTE	IBM-ipsec-ip-bad	114	integer
ATTRIBUTE	IBM-ipsec-op-bad	115	integer
ATTRIBUTE	IBM-ipsec-ip-bad-ah	116	integer
ATTRIBUTE	IBM-ipsec-ip-bad-esp	117	integer
ATTRIBUTE	IBM-ipsec-op-bad-ah	118	integer
ATTRIBUTE	IBM-ipsec-op-bad-esp	119	integer
ATTRIBUTE	IBM-ipsec-ip-ah	120	integer
ATTRIBUTE	IBM-ipsec-ip-esp	121	integer
ATTRIBUTE	IBM-ipsec-op-ah	122	integer
ATTRIBUTE	IBM-ipsec-op-esp	123	integer
ATTRIBUTE	IBM-ipsec-ip-bad-ah-r	124	integer
ATTRIBUTE	IBM-ipsec-ip-bad-esp-r	125	integer
ATTRIBUTE	IBM-ipsec-inb-wrap	128	integer
ATTRIBUTE	IBM-ipsec-ob-wrap	129	integer
ATTRIBUTE	IBM-ipsec-ib-ah-wrap	130	integer
ATTRIBUTE	IBM-ipsec-ib-esp-wrap	131	integer
ATTRIBUTE	IBM-ipsec-ob-ah-wrap	132	integer
ATTRIBUTE	IBM-ipsec-ob-esp-wrap	133	integer
ATTRIBUTE	IBM-ipsec-policy-name	135	string
ATTRIBUTE	IBM-ipsec-p1-id	136	string
ATTRIBUTE	IBM-ipsec-p1-name	143	string
ATTRIBUTE	IBM-ipsec-esp-algo	140	string
ATTRIBUTE	IBM-ipsec-ah-algo	141	string
ATTRIBUTE	IBM-ipsec-esp-algo	142	string

VALUE	Tunnel-Type	L2TP	3
VALUE	Tunnel-Type	L2F	2
VALUE	Tunnel-Type	PPTP	1
VALUE	Tunnel-Medium	IP	1
VALUE	VC-ACTIVE	YES	1
VALUE	VC-ACTIVE	NO	0
VALUE	IBM-Callback-Flags	Required	REQ
VALUE	IBM-Callback-Flags	Roaming	OAM
VALUE	IBM-Dialout	Enable	TRUE
VALUE	IBM-Dialout	Disable	FALSE
VALUE	IBM-Dialout	ONLY	ONLY
VALUE	IBM-Privilege	Administrator	ADMIN
VALUE	IBM-Privilege	Operator	OPER
VALUE	IBM-Privilege	Monitor	MONITOR