Number

All attributes listed in the following table are extensions of IETF attribute 26.

Vendor-Specific Command Codes

A defined code used to identify a particular vendor. Code 9 defines Cisco VSAs, 311 defines Microsoft VSAs, and 529 defines Ascend VSAs.

Sub-Type Number

The attribute ID number. This number is much like the ID numbers of IETF attributes, except it is a "second layer" ID number encapsulated behind attribute 26.

Attribute

The ASCII string name of the attribute.

Description

Description of the attribute.

MS-CHAP Attributes

26

311

1

MSCHAP-Response

Contains the response value provided by a PPP MS-CHAP user in response to the challenge. It is only used in Access-Request packets. This attribute is identical to the PPP CHAP Identifier. ( RFC 2548

26

311

11

MSCHAP-Challenge

Contains the challenge sent by a network access server to an MS-CHAP user. It can be used in both Access-Request and Access-Challenge packets. ( RFC 2548 )

VPDN Attributes

26

9

1

l2tp-cm-local-window-size

Specifies the maximum receive window size for L2TP control messages. This value is advertised to the peer during tunnel establishment.

26

9

1

l2tp-drop-out-of-order

Respects sequence numbers on data packets by dropping those that are received out of order. This does not ensure that sequence numbers will be sent on data packets, just how to handle them if they are received.

26

9

1

l2tp-hello-interval

Specifies the number of seconds for the hello keepalive interval. Hello packets are sent when no data has been sent on a tunnel for the number of seconds configured here.

26

9

1

l2tp-hidden-avp

When enabled, sensitive AVPs in L2TP control messages are scrambled or hidden.

26

9

1

l2tp-nosession-timeout

Specifies the number of seconds that a tunnel will stay active with no sessions before timing out and shutting down.

26

9

1

tunnel-tos-reflect

Copies the IP ToS field from the IP header of each payload packet to the IP header of the tunnel packet for packets entering the tunnel at the LNS.

26

9

1

l2tp-tunnel-authen

If this attribute is set, it performs L2TP tunnel authentication.

26

9

1

l2tp-tunnel-password

Shared secret used for L2TP tunnel authentication and AVP hiding.

26

9

1

l2tp-udp-checksum

This is an authorization attribute and defines whether L2TP should perform UDP checksums for data packets. Valid values are "yes" and "no." The default is no.

Store and Forward Fax Attributes

26

9

3

Fax-Account-Id-Origin

Indicates the account ID origin as defined by system administrator for the mmoip aaa receive-id or the mmoip aaa send-id commands.

26

9

4

Fax-Msg-Id=

Indicates a unique fax message identification number assigned by Store and Forward Fax.

26

9

5

Fax-Pages

Indicates the number of pages transmitted or received during this fax session. This page count includes cover pages.

26

9

6

Fax-Coverpage-Flag

Indicates whether or not a cover page was generated by the off-ramp gateway for this fax session. True indicates that a cover page was generated; false means that a cover page was not generated.

26

9

7

Fax-Modem-Time

Indicates the amount of time in seconds the modem sent fax data (x) and the amount of time in seconds of the total fax session (y), which includes both fax-mail and PSTN time, in the form x/y. For example, 10/15 means that the transfer time took 10 seconds, and the total fax session took 15 seconds.

26

9

8

Fax-Connect-Speed

Indicates the modem speed at which this fax-mail was initially transmitted or received. Possible values are 1200, 4800, 9600, and 14400.

26

9

9

Fax-Recipient-Count

Indicates the number of recipients for this fax transmission. Until e-mail servers support Session mode, the number should be 1.

26

9

10

Fax-Process-Abort-Flag

Indicates that the fax session was aborted or successful. True means that the session was aborted; false means that the session was successful.

26

9

11

Fax-Dsn-Address

Indicates the address to which DSNs will be sent.

26

9

12

Fax-Dsn-Flag

Indicates whether or not DSN has been enabled. True indicates that DSN has been enabled; false means that DSN has not been enabled.

26

9

13

Fax-Mdn-Address

Indicates the address to which MDNs will be sent.

26

9

14

Fax-Mdn-Flag

Indicates whether or not message delivery notification (MDN) has been enabled. True indicates that MDN had been enabled; false means that MDN had not been enabled.

26

9

15

Fax-Auth-Status

Indicates whether or not authentication for this fax session was successful. Possible values for this field are success, failed, bypassed, or unknown.

26

9

16

Email-Server-Address

Indicates the IP address of the e-mail server handling the on-ramp fax-mail message.

26

9

17

Email-Server-Ack-Flag

Indicates that the on-ramp gateway has received a positive acknowledgment from the e-mail server accepting the fax-mail message.

26

9

18

Gateway-Id

Indicates the name of the gateway that processed the fax session. The name appears in the following format: hostname.domain-name.

26

9

19

Call-Type

Describes the type of fax activity: fax receive or fax send.

26

9

20

Port-Used

Indicates the slot/port number of the Cisco AS5300 used to either transmit or receive this fax-mail.

26

9

21

Abort-Cause

If the fax session aborts, indicates the system component that signaled the abort. Examples of system components that could trigger an abort are FAP (Fax Application Process), TIFF (the TIFF reader or the TIFF writer), fax-mail client, fax-mail server, ESMTP client, or ESMTP server.

H323 Attributes

26

9

23

Remote-Gateway-ID

(h323-remote-address)

Indicates the IP address of the remote gateway.

26

9

24

Connection-ID

(h323-conf-id)

Identifies the conference ID.

26

9

25

Setup-Time

(h323-setup-time)

Indicates the setup time for this connection in Coordinated Universal Time (UTC) formerly known as Greenwich Mean Time (GMT) and Zulu time.

26

9

26

Call-Origin

(h323-call-origin)

Indicates the origin of the call relative to the gateway. Possible values are originating and terminating (answer).

26

9

27

Call-Type

(h323-call-type)

Indicates call leg type. Possible values are telephony and VoIP.

26

9

28

Connect-Time

(h323-connect-time)

Indicates the connection time for this call leg in UTC.

26

9

29

Disconnect-Time

(h323-disconnect-time)

Indicates the time this call leg was disconnected in UTC.

26

9

30

Disconnect-Cause

(h323-disconnect-cause)

Specifies the reason a connection was taken offline per Q.931 specification.

26

9

31

Voice-Quality

(h323-voice-quality)

Specifies the impairment factor (ICPIF) affecting voice quality for a call.

26

9

33

Gateway-ID

(h323-gw-id)

Indicates the name of the underlying gateway.

Large Scale Dialout Attributes

26

9

1

callback-dialstring

Defines a dialing string to be used for callback.

26

9

1

data-service

No description available.

26

9

1

dial-number

Defines the number to dial.

26

9

1

force-56

Determines whether the network access server uses only the 56 K portion of a channel, even when all 64 K appear to be available.

26

9

1

map-class

Allows the user profile to reference information configured in a map class of the same name on the network access server that dials out.

26

9

1

send-auth

Defines the protocol to use (PAP or CHAP) for username-password authentication following CLID authentication.

26

9

1

send-name

PPP name authentication. To apply for PAP, do not configure the ppp pap sent-name password command on the interface. For PAP, "preauth:send-name" and "preauth:send-secret" will be used as the PAP username and PAP password for outbound authentication. For CHAP, "preauth:send-name" will be used not only for outbound authentication, but also for inbound authentication. For a CHAP inbound case, the NAS will use the name defined in "preauth:send-name" in the challenge packet to the caller box.

26

9

1

send-secret

PPP password authentication. The vendor-specific attributes (VSAs) "preauth:send-name" and "preauth:send-secret" will be used as the PAP username and PAP password for outbound authentication. For a CHAP outbound case, both "preauth:send-name" and "preauth:send-secret" will be used in the response packet.

26

9

1

remote-name

Provides the name of the remote host for use in large-scale dial-out. Dialer checks that the large-scale dial-out remote name matches the authenticated name, to protect against accidental user RADIUS misconfiguration. (For example, dialing a valid phone number but connecting to the wrong router.)

Miscellaneous Attributes

26

9

2

Cisco-NAS-Port

Specifies additional vendor specific attribute (VSA) information for NAS-Port accounting. To specify additional NAS-Port information in the form an Attribute-Value Pair (AVPair) string, use the radius-server vsa send global configuration command.

26

9

1

min-links

Sets the minimum number of links for MLP.

26

9

1

proxyacl#<n>

Allows users to configure the downloadable user profiles (dynamic ACLs) by using the authentication proxy feature so that users can have the configured authorization to permit traffic going through the configured interfaces.

26

9

1

spi

Carries the authentication information needed by the home agent to authenticate a mobile node during registration. The information is in the same syntax as the ip mobile secure host <addr> configuration command. Basically it contains the rest of the configuration command that follows that string, verbatim. It provides the Security Parameter Index (SPI), key, authentication algorithm, authentication mode, and replay protection timestamp range.

0

No-Reason

No reason is given for the disconnect.

1

No-Disconnect

The event was not disconnected.

2

Unknown

Reason unknown.

3

Call-Disconnect

The call has been disconnected.

4

CLID-Authentication-Failure

Failure to authenticate number of the calling-party.

9

No-Modem-Available

A modem in not available to connect the call.

10

No-Carrier

No carrier detected.

11

Lost-Carrier

Loss of carrier.

12

No-Detected-Result-Codes

Failure to detect modem result codes.

20

User-Ends-Session

User terminates a session.

21

Idle-Timeout

Timeout waiting for user input.

Codes 21, 100, 101, 102, and 120 apply to all session types.

22

Exit-Telnet-Session

Disconnect due to exiting Telnet session.

23

No-Remote-IP-Addr

Could not switch to SLIP/PPP; the remote end has no IP address.

24

Exit-Raw-TCP

Disconnect due to exiting raw TCP.

25

Password-Fail

Bad passwords.

26

Raw-TCP-Disabled

Raw TCP disabled.

27

Control-C-Detected

Control-C detected.

28

EXEC-Process-Destroyed

EXEC process destroyed.

29

Close-Virtual-Connection

User closes a virtual connection.

30

End-Virtual-Connection

Virtual connected has ended.

31

Exit-Rlogin

User exists Rlogin.

32

Invalid-Rlogin-Option

Invalid Rlogin option selected.

33

Insufficient-Resources

Insufficient resources.

40

Timeout-PPP-LCP

PPP LCP negotiation timed out.

41

Failed-PPP-LCP-Negotiation

PPP LCP negotiation failed.

42

Failed-PPP-PAP-Auth-Fail

PPP PAP authentication failed.

43

Failed-PPP-CHAP-Auth

PPP CHAP authentication failed.

44

Failed-PPP-Remote-Auth

PPP remote authentication failed.

45

PPP-Remote-Terminate

PPP received a Terminate Request from remote end.

46

PPP-Closed-Event

Upper layer requested that the session be closed.

47

NCP-Closed-PPP

PPP session closed because there were no NCPs open.

48

MP-Error-PPP

PPP session closed because of an MP error.

49

PPP-Maximum-Channels

PPP session closed because maximum channels were reached.

50

Tables-Full

Disconnect due to full terminal server tables.

51

Resources-Full

Disconnect due to full internal resources.

52

Invalid-IP-Address

IP address is not valid for Telnet host.

53

Bad-Hostname

Hostname cannot be validated.

54

Bad-Port

Port number is invalid or missing.

60

Reset-TCP

TCP connection has been reset.

61

TCP-Connection-Refused

TCP connection has been refused by the host.

62

Timeout-TCP

TCP connection has timed out.

63

Foreign-Host-Close-TCP

TCP connection has been closed.

64

TCP-Network-Unreachable

TCP network is unreachable.

65

TCP-Host-Unreachable

TCP host is unreachable.

66

TCP-Network-Admin Unreachable

TCP network is unreachable for administrative reasons.

67

TCP-Port-Unreachable

TCP port in unreachable.

100

Session-Timeout

Session timed out.

101

Session-Failed-Security

Session failed for security reasons.

102

Session-End-Callback

Session terminated due to callback.

120

Invalid-Protocol

Call refused because the detected protocol is disabled.

150

RADIUS-Disconnect

Disconnected by RADIUS request.

151

Local-Admin-Disconnect

Administrative disconnect.

152

SNMP-Disconnect

Disconnected by SNMP request.

160

V110-Retries

Allowed V.110 retries have been exceeded.

170

PPP-Authentication-Timeout

PPP authentication timed out.

180

Local-Hangup

Disconnected by local hangup.

185

Remote-Hangup

Disconnected by remote end hangup.

190

T1-Quiesced

Disconnected because T1 line was quiesced.

195

Call-Duration

Disconnected because the maximum duration of the call was exceeded.

600

VPN-User-Disconnect

Call disconnected by client (through PPP).

Code is sent if the LNS receives a PPP terminate request from the client.

601

VPN-Carrier-Loss

Loss of carrier. This can be the result of a physical line going dead.

Code is sent when a client is unable to dial out using a dialer.

602

VPN-No-Resources

No resources available to handle the call.

Code is sent when the client is unable to allocate memory (running low on memory).

603

VPN-Bad-Control-Packet

Bad L2TP or L2F control packets.

This code is sent when an invalid control packet, such as missing mandatory Attribute-Value pairs (AVP), from the peer is received. When using L2TP, the code will be sent after six retransmits; when using L2F, the number of retransmits is user configurable.

604

VPN-Admin-Disconnect

Administrative disconnect. This can be the result of a VPN soft shutdown, which is when a client reaches maximum session limit or exceeds maximum hopcount.

Code is sent when a tunnel is brought down by issuing the clear vpdn tunnel command.

605

VPN-Tunnel-Shut

Tunnel teardown or tunnel setup has failed.

Code is sent when there are active sessions in a tunnel and the tunnel goes down.

606

VPN-Local-Disconnect

Call is disconnected by LNS PPP module.

Code is sent when the LNS sends a PPP terminate request to the client. It indicates a normal PPP disconnection initiated by the LNS.

607

VPN-Session-Limit

VPN soft shutdown is enabled.

Code is sent when a call has been refused due to any of the soft shutdown restrictions previously mentioned.

608

VPN-Call-Redirect

VPN call redirect is enabled.