- RADIUS Attributes Overview and RADIUS IETF Attributes
- RADIUS Vendor-Proprietary Attributes
- RADIUS Vendor-Specific Attributes and RADIUS Disconnect-Cause Attribute Values
- Connect-Info RADIUS Attribute 77
- Encrypted Vendor-Specific Attributes
- RADIUS Attribute 8 Framed-IP-Address in Access Requests
- RADIUS Attribute 82 Tunnel Assignment ID
- RADIUS Tunnel Attribute Extensions
- RADIUS Attribute 66 Tunnel-Client-Endpoint Enhancements
- RADIUS Attribute Value Screening
Connect-Info RADIUS Attribute 77
The Connect-Info RADIUS Attribute 77 feature enables the Network Access Server (NAS) to report Connect-Info (attribute 77) in RADIUS accounting "start" and "stop" records that are sent to the RADIUS client (dial-in modem). These records allow the transmit and receive connection speeds, modulation, and compression to be compared in order to analyze a user session over a dial-in modem where speeds are often different at the end of the connection (after negotiation).
When the network access server (NAS) sends attribute 77 in accounting "start" and "stop" records, the connect rates can be measured across the platform. The "transmit" speed (the speed at which the NAS modem sends information) and "receive" speed (the speed at which the NAS receives information) can be recorded to determine whether user modem connections renegotiate to lower speeds shortly into a session. If the transmit and receive speeds are different from each other, attribute 77 reports both speeds, which allows the modem connection speeds that each customer gets from their session.
Attribute 77 is also used to send the Class string for broadband connections such as PPPoX, physical connection speeds for dial access, and the VRF string for any sessions on router interfaces defined with ip vrf forwarding command.
Note |
This feature requires no configuration. |
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the Feature Information Table at the end of this document.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Prerequisites for Connect-Info RADIUS Attribute 77
For information about release and platform support, see the Feature Information for Connect-Info RADIUS Attribute 77.
Before the NAS can send attribute 77 in accounting "start" and "stop" records, you must perform the following tasks:
- Configure your NAS for authentication, authorization, and accounting (AAA) and to accept incoming modem calls.
- Enable AAA accounting by using the aaa accounting network default start-stop group radius command in global configuration mode.
- Change the modem poll timer by using the modem link-info poll time command in global configuration mode.
Note |
Changing the modem poll timer is required on the Cisco ASR 1000 Series Aggregation Services Routers. |
Information About Connect-Info RADIUS Attribute 77
The Configurable Connect-Info Attributes feature introduces support for RADIUS attribute 77 (Connect-Info), which provides information about connection speeds, modulation, and compression for modem dial-in connections via RADIUS accounting "start" and "stop" records.
Customizing Attribute 77 for Ethernet Connections
To customize Attribute 77 for Ethernet connections, enter the connection information as the name of the service policy attached to the Ethernet subinterface. The router takes the policy name and copies it to Attribute 77.
For example, in the following configuration the outbound service policy named speed:eth:25100:5100:19/0 is attached to the QinQ Gigabit Ethernet subinterface 1/0/0.2696. The router copies the policy name to Attribute 77 and sends it to the RADIUS server in an Access-Request or Accounting-Start or Stop message.
interface GigabitEthernet1/0/0.2696 encapsulation dot1q 2696 second-dot1q 256 pppoe enable group global no snmp trap link-status service-policy input set_precedence_to_0
service-policy output speed:eth:25100:5100:19/0
Customizing Attribute 77 for ATM Connections
To customize Attribute 77 for ATM connections, configure the aaa connect-info string command in the following configuration modes:
- PVC (for a specific PVC)
- PVC range (for a range of PVCs)
- PVC-in-range (for a specific PVC in a range of PVCs)
- VC class (under a specific class-vc command)
The router takes the name of the VC class you specify under the class-vc command or the string you specify in the aaa connect-info string command and copies it to Attribute 77.
For example, in the following configuration the class-vc command is configured on both ATM PVCs 10/42 and 10/43 and the aaa connect-info command is configured on PVC 10/42:
interface ATM1/0/0.1 multipoint description TDSL clients - default TDSL 1024 no ip mroute-cache class-int speed:ubr:1184:160:10 range pvc 10/41 10/160 ! pvc-in-range 10/42 class-vc speed:ubr:2303:224:10 aaa connect-info speed:ubr:2303:224:10:isp-specific-descr ! pvc-in-range 10/43 class-vc speed:ubr:2303:224:10
For PVC 10/42, the router takes the string (speed:ubr:2303:224:10:isp-specific-descr) specified in the aaa connect-info command and copies it to Attribute 77. If the aaa connect-info command is not configured on the subinterface, the router takes the class name (speed:ubr:2303:224:10) specified in the class-vc command and copies it to Attribute 77.
For PVC 10/43, the router takes the class name (speed:ubr:2303:224:10) specified in the class-vc command and copies it to Attribute 77.
How to Verify the Connect-Info RADIUS Attribute 77
Verifying the Connect-Info RADIUS Attribute 77
To verify attribute 77 in your accounting "start" and "stop" records, use the debug radius command in privileged EXEC mode.
DETAILED STEPS
Example
The following example shows the Connect-Info [77] accounting attributes:
Router# debug radius Sep 8 21:53:05.242: RADIUS/ENCODE(00007D34):Orig. component type = PPPoE Sep 8 21:53:05.242: RADIUS: AAA Unsupported Attr: interface [208] 10 Sep 8 21:53:05.242: RADIUS: 30 2F 31 2F 30 2F 39 2E [ 0/1/0/9.] Sep 8 21:53:05.242: RADIUS: AAA Unsupported Attr: client-mac-address[45] 14 Sep 8 21:53:05.242: RADIUS: 30 30 30 30 2E 63 30 30 31 2E 30 31 [ 0000.c001.01] Sep 8 21:53:05.242: RADIUS(00007D34): Config NAS IP: 0.0.0.0 Sep 8 21:53:05.242: RADIUS/ENCODE(00007D34): acct_session_id: 32042 Sep 8 21:53:05.242: RADIUS(00007D34): sending Sep 8 21:53:05.242: RADIUS/ENCODE: Best Local IP-Address 10.3.8.2 for Radius-Server 10.3.1.107 Sep 8 21:53:05.242: RADIUS(00007D34): Send Access-Request to 10.3.1.107:1645 id 1645/1, len 116 Sep 8 21:53:05.242: RADIUS: authenticator FC 82 50 DB 65 8F 21 A9 - F3 0A A8 09 29 E5 56 65 Sep 8 21:53:05.242: RADIUS: Framed-Protocol [7] 6 PPP [1] Sep 8 21:53:05.242: RADIUS: User-Name [1] 8 ''user1'' Sep 8 21:53:05.242: RADIUS: User-Password [2] 18 * Sep 8 21:53:05.242: RADIUS: NAS-Port-Type [61] 6 Virtual [5] Sep 8 21:53:05.242: RADIUS: NAS-Port [5] 6 0 Sep 8 21:53:05.242: RADIUS: NAS-Port-Id [87] 12 ''0/1/0/9.32'' Sep 8 21:53:05.242: RADIUS: Connect-Info [77] 28 ''speed:ubr:3456:448:10/0000'' Sep 8 21:53:05.242: RADIUS: Service-Type [6] 6 Framed [2] Sep 8 21:53:05.242: RADIUS: NAS-IP-Address [4] 6 10.3.8.2 Sep 8 21:53:05.242: RADIUS(00007D34): Started 5 sec timeout Sep 8 21:53:05.244: RADIUS: Received from id 1645/1 10.3.1.107:1645, Access-Accept, len 32 Sep 8 21:53:05.244: RADIUS: authenticator 9A F1 29 01 66 53 17 CB - 73 FB 1B CE 7D 80 04 F2 Sep 8 21:53:05.244: RADIUS: Service-Type [6] 6 Framed [2] Sep 8 21:53:05.244: RADIUS: Framed-Protocol [7] 6 PPP [1] Sep 8 21:53:05.244: RADIUS(00007D34): Received from id 1645/1 Sep 8 21:53:05.248: RADIUS/ENCODE(00007D34):Orig. component type = PPPoE Sep 8 21:53:05.248: RADIUS(00007D34): Config NAS IP: 0.0.0.0 Sep 8 21:53:05.248: RADIUS(00007D34): sending Sep 8 21:53:05.248: RADIUS/ENCODE: Best Local IP-Address 10.3.8.2 for Radius-Server 5.3.1.107 Sep 8 21:53:05.248: RADIUS(00007D34): Send Accounting-Request to 10.3.1.107:1646 id 1646/3, len 126 Sep 8 21:53:05.248: RADIUS: authenticator 71 6E 73 9B FD 7E 82 81 - 10 2A CD 83 A8 BD D2 F0 Sep 8 21:53:05.248: RADIUS: Acct-Session-Id [44] 10 ''00007D2A'' Sep 8 21:53:05.248: RADIUS: Framed-Protocol [7] 6 PPP [1] Sep 8 21:53:05.248: RADIUS: User-Name [1] 8 ''user1'' Sep 8 21:53:05.248: RADIUS: Acct-Authentic [45] 6 RADIUS [1] Sep 8 21:53:05.248: RADIUS: Acct-Status-Type [40] 6 Start [1] Sep 8 21:53:05.248: RADIUS: NAS-Port-Type [61] 6 Virtual [5] Sep 8 21:53:05.248: RADIUS: NAS-Port [5] 6 0 Sep 8 21:53:05.248: RADIUS: NAS-Port-Id [87] 12 ''0/1/0/9.32'' Sep 8 21:53:05.248: RADIUS: Connect-Info [77] 28 ''speed:ubr:3456:448:10/0000
Additional References
The following sections provide references related to the Connect-Info RADIUS Attribute 77 feature.
Related Documents
Related Topic |
Document Title |
---|---|
IOS dial technologies |
Cisco IOS XE Dial Technologies Configuration Guide, Release 2 |
Cisco IOS Dial Technologies Command Reference |
|
Security commands |
Cisco IOS Security Command Reference |
Standards
Standard |
Title |
---|---|
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature. |
-- |
MIBs
MIB |
MIBs Link |
---|---|
No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature. |
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: |
RFCs
RFC |
Title |
---|---|
RFC 2869 |
Technical Assistance
Description |
Link |
---|---|
The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies. To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds. Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. |
Feature Information for Connect-Info RADIUS Attribute 77
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Table 1 | Feature Information for Connect-Info RADIUS Attribute 77 |
Feature Name |
Releases |
Feature Information |
---|---|---|
Connect-Info RADIUS Attribute 77 |
Cisco IOS XE Release 2.1 |
The Connect-Info RADIUS Attribute 77 feature enables the network access server (NAS) to report Connect-Info (attribute 77) in RADIUS accounting "start" and "stop" records that are sent to the RADIUS client (dial-in modem). These "start" and "stop" records allow the transmit and receive connection speeds, modulation, and compression to be compared in order to analyze a user session over a dial-in modem where speeds are often different at the end of the connection (after negotiation). In Cisco IOS XE Release 2.1, this feature was introduced on the Cisco ASR 1000 series routers. |
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.