RADIUS Progress Codes

The RADIUS Progress Codes feature adds additional progress codes to RADIUS attribute 196 (Ascend-Connect-Progress), which indicates a connection state before a call is disconnected through progress codes.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Prerequisites for RADIUS Progress Codes

Before attribute 196 (Ascend-Connect-Progress) can be sent in accounting “start” and “stop” records, you must perform the following tasks:

  • Enable AAA.

  • Enable exec, network, or resource accounting.

For information on completing these tasks, refer to the AAA sections o f the Cisco IOS Security Configuration Guide: Securing User Services , Release 15.0.

When these tasks are completed, attribute 196 is active by default.

Information About RADIUS Progress Codes

Attribute 196 is sent in network, exec, and resource accounting “start” and “stop” records. This attribute can facilitate call failure debugging because each progress code identifies accounting information relevant to the connection state of a call. The attribute is activated by default; when an accounting “start” or “stop” accounting record is requested, authentication, authorization, and accounting (AAA) adds attribute 196 into the record as part of the standard attribute list. Attribute 196 is valuable because the progress codes, which are sent in accounting “start” and “stop” records, facilitate the debugging of call failures.


Note


In accounting “start” records, attribute 196 does not have a value.


Table 1 Newly Supported Progress Codes for Attribute 196

Code

Description

10

Modem allocation and negotiation is complete; the call is up.

30

The modem is up.

33

The modem is waiting for result codes.

41

The max TNT is establishing the TCP connection by setting up a TCP clear call.

60

Link control protocol (LCP) is the open state with PPP and IP Control Protocol (IPCP) negotiation; the LAN session is up.

65

PPP negotiation occurs and, initially, the LCP negotiation occurs; LCP is in the open state.

67

After PPP negotiation with LCP in the open state occurs, IPCP negotiation begins.


Note


Progress codes 33, 30, and 67 are generated and seen through debugs on the NAS; all other codes are generated and seen through debugs and the accounting record on the RADIUS server.


How to Configure RADIUS Progress Codes

No configuration is required to configure RADIUS Progress Codes.

How to Verify Attribute 196

To verify attribute 196 in accounting “start” and “stop” records, perform the following steps.

SUMMARY STEPS

    1.    enable

    2.    debug aaa accounting

    3.    show radius statistics


DETAILED STEPS
     Command or ActionPurpose
    Step 1 enable


    Example:
    Device> enable
     

    Enables privileged EXEC mode.

    • Enter your password if prompted.

     
    Step 2 debug aaa accounting


    Example:
    Device# debug aaa accounting
     

    Displays information on accountable events as they occur.

     
    Step 3 show radius statistics


    Example:
    Device# debug aaa authorization
     

    Displays the RADIUS statistics for accounting and authentication packets.

     

    Troubleshooting Tips

    The following example is a sample debug output from the debug ppp negotiation command. This debug output is used to verify that accounting “stop” records have been generated and that attribute 196 (Ascend-Connect-Progress) has a value of 65.

    Tue Aug 7 06:21:03 2001
            NAS-IP-Address = 10.0.58.62
            NAS-Port = 20018
            Vendor-Specific = ""
            NAS-Port-Type = ISDN
            User-Name = "peer_16a"
            Called-Station-Id = "5213124"
            Calling-Station-Id = "5212175"
            Acct-Status-Type = Stop
            Acct-Authentic = RADIUS
            Service-Type = Framed-User
            Acct-Session-Id = "00000014"
            Framed-Protocol = PPP
            Framed-IP-Address = 172.16.0.2
            Acct-Input-Octets = 3180
            Acct-Output-Octets = 3186
            Acct-Input-Packets = 40
            Acct-Output-Packets = 40
            Ascend-Connect-Pr = 65
            Acct-Session-Time = 49
            Acct-Delay-Time = 0
            Timestamp = 997190463
            Request-Authenticator = Unverified

    Additional References

    The following sections provide references related to RADIUS Progress Codes.

    Related Documents

    Related Topic

    Document Title

    Cisco IOS Security commands

    Cisco IOS Security Command Reference

    Configuring Accounting

    Configuring Accounting module

    RADIUS Attributes

    RADIUS Attributes Overview and RADIUS IETF Attributes module

    Standards

    Standard

    Title

    None

    --

    MIBs

    MIB

    MIBs Links

    None

    To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

    http:/​/​www.cisco.com/​go/​mibs

    RFCs

    RFC

    Title

    None

    ---

    Technical Assistance

    Description

    Link

    The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

    To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

    Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

    http:/​/​www.cisco.com/​techsupport

    Feature Information for RADIUS Progress Codes

    The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

    Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.
    Table 2 Feature Information for RADIUS Progress Codes

    Feature Name

    Releases

    Feature Information

    RADIUS Progress Codes

    Cisco IOS XE Release 3.9S

    The RADIUS Progress Codes feature adds additional progress codes to RADIUS attribute 196 (Ascend-Connect-Progress), which indicates a connection state before a call is disconnected through progress codes.

    Glossary

    AAA --authentication, authorization, and accounting. Suite of network security services that provide the primary framework through which access control can be set up on your Cisco router or access server.

    attribute --RADIUS Internet Engineering Task Force (IETF) attributes are the original set of 255 standard attributes that are used to communicate AAA information between a client and a server. Because IETF attributes are standard, the attribute data is predefined and well known; thus all clients and servers who exchange AAA information through IETF attributes must agree on attribute data such as the exact meaning of the attributes and the general bounds of the values for each attribute.

    EXEC accounting--Provides information about user EXEC terminal sessions of the network access server.

    IPCP --IP Control Protocol. A protocol that establishes and configures IP over PPP.

    LCP --link control protocol. A protocol that establishes, configures, and tests data-link connections for use by PPP.

    network accounting--Provides information for all PPP, Serial Line Internet Protocol (SLIP), or AppleTalk Remote Access Protocol (ARAP) sessions, including packet and byte counts.

    PPP --Point-to-Point Protocol. Successor to SLIP that provides router-to-router and host-to-network connections over synchronous and asynchronous circuits. Whereas SLIP was designed to work with IP, PPP was designed to work with several network layer protocols, such as IP, IPX, and ARA. PPP also has built-in security mechanisms, such as CHAP and PAP. PPP relies on two protocols: LCP and NCP.

    RADIUS--Remote Authentication Dial-In User Service. RADIUS is a distributed client/server system that secures networks against unauthorized access. In the Cisco implementation, RADIUS clients run on Cisco routers and send authentication requests to a central RADIUS server that contains all user authentication and network service access information.

    resource accounting--Provides “start” and “stop” records for calls that have passed user authentication, and provides “stop” records for calls that fail to authenticate.