- Configuring RADIUS
- RADIUS for Multiple UDP Ports
- AAA DNIS Map for Authorization
- AAA Server Groups
- Framed-Route in RADIUS Accounting
- RFC-2867 RADIUS Tunnel Accounting
- RADIUS Logical Line ID
- RADIUS Route Download
- RADIUS Server Load Balancing
- RADIUS Server Reorder on Failure
- RADIUS Separate Retransmit Counter for Accounting
- RADIUS VC Logging
- RADIUS Centralized Filter Management
- RADIUS EAP Support
- RADIUS Interim Update at Call Connect
- RADIUS Tunnel Preference for Load Balancing and Fail-Over
- Finding Feature Information
- Prerequisites for Framed-Route in RADIUS Accounting
- Information About Framed-Route in RADIUS Accounting
- How to Monitor Framed-Route in RADIUS Accounting
- Configuration Examples for Framed-Route in RADIUS Accounting
- Additional References
- Feature Information for Framed-Route in RADIUS Accounting
Framed-Route in RADIUS Accounting
The Framed-Route in RADIUS Accounting feature provides for the presence of Framed-Route (RADIUS attribute 22) information in RADIUS Accounting-Request accounting records. The Framed-Route information is returned to the RADIUS server in the Accounting-Request packets. The Framed-Route information can be used to verify that a per-user route or routes have been applied for a particular static IP customer on the network access server (NAS).
- Finding Feature Information
- Prerequisites for Framed-Route in RADIUS Accounting
- Information About Framed-Route in RADIUS Accounting
- How to Monitor Framed-Route in RADIUS Accounting
- Configuration Examples for Framed-Route in RADIUS Accounting
- Additional References
- Feature Information for Framed-Route in RADIUS Accounting
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Prerequisites for Framed-Route in RADIUS Accounting
Be familiar with configuring authentication, authorization, and accounting (AAA), RADIUS servers, and RADIUS attribute screening.
Information About Framed-Route in RADIUS Accounting
Framed-Route Attribute 22
Framed-Route, attribute 22 as defined in Internet Engineering Task Force (IETF) standard RFC 2865, provides for routing information to be configured for the user on the NAS. The Framed-Route attribute information is usually sent from the RADIUS server to the NAS in Access-Accept packets. The attribute can appear multiple times.
Framed-Route in RADIUS Accounting Packets
The Framed-Route attribute information in RADIUS accounting packets shows per-user routes that have been applied for a particular static IP customer on the NAS. The Framed-Route attribute information is currently sent in Access-Accept packets. The Framed-Route attribute information is also sent in Accounting-Request packets if it was provided in the Access-Accept packets and was applied successfully. Zero or more instances of the Framed-Route attribute may be present in the Accounting-Request packets.
Note |
If there is more than one Framed-Route attribute in an Access-Accept packet, there can also be more than one Framed-Route attribute in the Accounting-Request packet. |
The Framed-Route information is returned in Stop and Interim accounting records and in Start accounting records when accounting Delay-Start is configured.
No configuration is required to have the Frame-Route attribute information returned in the RADIUS accounting packets.
How to Monitor Framed-Route in RADIUS Accounting
Use the debug radius command to monitor whether Framed-Route (attribute 22) information is being sent in RADIUS Accounting-Request packets.
Configuration Examples for Framed-Route in RADIUS Accounting
debug radius Command Output Example
In the following example, the debug radius command is used to verify that Framed-Route (attribute 22) information is being sent in the Accounting-Request packets (see the line 00:06:23: RADIUS: Framed-Route [22] 26 "10.80.0.1 255.255.255.255 10.60.0.1 100").
Router# debug radius 00:06:23: RADIUS: Send to unknown id 0 10.1.0.2:1645, Access-Request, len 126 00:06:23: RADIUS: authenticator 40 28 A8 BC 76 D4 AA 88 - 5A E9 C5 55 0E 50 84 37 00:06:23: RADIUS: Framed-Protocol [7] 6 PPP [1] 00:06:23: RADIUS: User-Name [1] 14 "nari@trw1001" 00:06:23: RADIUS: CHAP-Password [3] 19 * 00:06:23: RADIUS: NAS-Port [5] 6 1 00:06:23: RADIUS: Vendor, Cisco [26] 33 00:06:23: RADIUS: Cisco AVpair [1] 27 "interface=Virtual-Access1" 00:06:23: RADIUS: NAS-Port-Type [61] 6 Virtual [5] 00:06:23: RADIUS: Service-Type [6] 6 Framed [2] 00:06:23: RADIUS: NAS-IP-Address [4] 6 12.1.0.1 00:06:23: RADIUS: Acct-Session-Id [44] 10 "00000002" 00:06:23: RADIUS: Received from id 0 10.1.0.2:1645, Access-Accept, len 103 00:06:23: RADIUS: authenticator 5D 2D 9F 25 11 15 45 B2 - 54 BB 7F EB CE 79 20 3B 00:06:23: RADIUS: Vendor, Cisco [26] 33 00:06:23: RADIUS: Cisco AVpair [1] 27 "interface=Virtual-Access1" 00:06:23: RADIUS: Service-Type [6] 6 Framed [2] 00:06:23: RADIUS: Framed-Protocol [7] 6 PPP [1] 00:06:23: RADIUS: Framed-IP-Netmask [9] 6 255.255.255.255 00:06:23: RADIUS: Framed-IP-Address [8] 6 10.60.0.1 00:06:23: RADIUS: Framed-Route [22] 26 "10.80.0.1 255.255.255.255 10.60.0.1 100" <======= 00:06:23: RADIUS: Received from id 2 00:06:24: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up 00:06:25: AAA/AUTHOR: Processing PerUser AV route 00:06:25: Vi1 AAA/PERUSER/ROUTE: route string: IP route 10.80.0.1 255.255.255.255 10.60.0.1 100 00:06:25: RADIUS/ENCODE(00000002): Unsupported AAA attribute timezone 00:06:25: RADIUS(00000002): sending 00:06:25: RADIUS: Send to unknown id 1 10.1.0.2:1646, Accounting-Request, len 278 00:06:25: RADIUS: authenticator E0 CC 99 EB 49 18 B9 78 - 4A 09 60 0F 4E 92 24 C6 00:06:25: RADIUS: Acct-Session-Id [44] 10 "00000002" 00:06:25: RADIUS: Tunnel-Server-Endpoi[67] 12 00:"10.1.1.1" 00:06:25: RADIUS: Tunnel-Client-Endpoi[66] 12 00:"10.1.1.2" 00:06:25: RADIUS: Tunnel-Assignment-Id[82] 15 00:"from_isdn101" 00:06:25: RADIUS: Tunnel-Type [64] 6 00:L2TP [3] 00:06:25: RADIUS: Acct-Tunnel-Connecti[68] 12 "2056100083" 00:06:25: RADIUS: Tunnel-Client-Auth-I[90] 10 00:"isdn101" 00:06:25: RADIUS: Tunnel-Server-Auth-I[91] 6 00:"lns" 00:06:25: RADIUS: Framed-Protocol [7] 6 PPP [1] 00:06:25: RADIUS: Framed-Route [22] 39 "10.80.0.1 255.255.255.255 10.60.0.1 100" <======== 00:06:25: RADIUS: Framed-IP-Address [8] 6 10.60.0.1 00:06:25: RADIUS: Vendor, Cisco [26] 35 00:06:25: RADIUS: Cisco AVpair [1] 29 "connect-progress=LAN Ses Up" 00:06:25: RADIUS: Authentic [45] 6 RADIUS [1] 00:06:25: RADIUS: User-Name [1] 14 "username1@example.com" 00:06:25: RADIUS: Acct-Status-Type [40] 6 Start [1] 00:06:25: RADIUS: NAS-Port [5] 6 1 00:06:25: RADIUS: Vendor, Cisco [26] 33 00:06:25: RADIUS: Cisco AVpair [1] 27 "interface=Virtual-Access1" 00:06:25: RADIUS: NAS-Port-Type [61] 6 Virtual [5] 00:06:25: RADIUS: Service-Type [6] 6 Framed [2] 00:06:25: RADIUS: NAS-IP-Address [4] 6 10.1.0.1 00:06:25: RADIUS: Acct-Delay-Time [41] 6 0
Additional References
Related Documents
Related Topic |
Document Title |
---|---|
Cisco IOS commands |
|
Security commands: complete command syntax, command modes, command history, defaults, usage guidelines, and examples |
Cisco IOS Security Command Reference |
RADIUS |
“Configuring RADIUS” feature module. |
Standards
Standard |
Title |
---|---|
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature. |
-- |
MIBs
MIB |
MIBs Link |
---|---|
None. |
To locate and download MIBs for selected platforms, Cisco software releases, and feature sets, use Cisco MIB Locator found at the following URL: |
RFCs
RFC |
Title |
---|---|
RFC 2865 |
|
RFC 3575 |
IANA Considerations for RADIUS (Remote Authentication Dial In User Service) |
Technical Assistance
Description |
Link |
---|---|
The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies. To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds. Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. |
Feature Information for Framed-Route in RADIUS Accounting
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Feature Name |
Releases |
Feature Information |
---|---|---|
Framed-Route in RADIUS Accounting |
Cisco IOS XE Release 2.1
|
The Framed-Route in RADIUS Accounting feature provides for the presence of Framed-Route (RADIUS attribute 22) information in RADIUS Accounting-Request accounting records. In Cisco IOS XE Release 2.1, this feature was introduced on Cisco ASR 1000 Series Aggregation Services Routers. |