radius-attribute include

Function

The radius-attribute include command allows RADIUS packets to carry a specified attribute.

The undo radius-attribute include command deletes a specified attribute from RADIUS packets.

By default, the specified attribute cannot be added to a RADIUS packet.

Format

For NetEngine 8000 F1A:

radius-attribute include class { edsg | daa }

radius-attribute include { agent-circuit-id | agent-remote-id } value-added-service

radius-attribute include radius-attribute-name

radius-attribute include hw-dhcp-option option-num &<1-16>

radius-attribute include reply-message coa-nak

radius-attribute include { hw-dhcpv6-option37 | edsg-service-name } accounting-request

radius-attribute include { hw-version | hw-product-id } [ edsg ]

radius-attribute include hw-vpn-instance accounting-request

radius-attribute include hw-user-mac edsg accounting-request

radius-attribute include hw-acct-terminate-subcause [ edsg ]

radius-attribute include framed-route accounting-request

radius-attribute include hw-web-url accounting-request

radius-attribute include nas-port lns

radius-attribute include reply-message logon-ack

radius-attribute include reply-message query-ack

radius-attribute include { session-timeout | online-time | user-group } coa-query-ack

radius-attribute include hw-gateway-address access-request

radius-attribute include hw-dhcpv6-option v6-option-num &<1-16>

undo radius-attribute include class { edsg | daa }

undo radius-attribute include [ radius-attribute-name ]

undo radius-attribute include hw-dhcp-option [ { option-num } &<1-16> ]

undo radius-attribute include reply-message [ coa-nak ]

undo radius-attribute include { hw-dhcpv6-option37 | edsg-service-name } accounting-request

undo radius-attribute include { hw-version | hw-product-id } [ edsg ]

undo radius-attribute include hw-vpn-instance accounting-request

undo radius-attribute include hw-user-mac edsg accounting-request

undo radius-attribute include hw-acct-terminate-subcause [ edsg ]

undo radius-attribute include framed-route accounting-request

undo radius-attribute include hw-web-url accounting-request

undo radius-attribute include nas-port lns

undo radius-attribute include reply-message logon-ack

undo radius-attribute include reply-message query-ack

undo radius-attribute include { session-timeout | online-time | user-group } coa-query-ack

undo radius-attribute include hw-gateway-address access-request

undo radius-attribute include hw-dhcpv6-option [ { v6-option-num } &<1-16> ]

undo radius-attribute include { agent-circuit-id | agent-remote-id } value-added-service

For NetEngine 8000 F1A, NetEngine 8000 F2A:

radius-attribute include nas-ip-address { accounting-on | accounting-off } *

radius-attribute include event-timestamp { accounting-on | accounting-off } *

undo radius-attribute include nas-ip-address

undo radius-attribute include event-timestamp

Parameters

Parameter Description Value
radius-attribute

Radius attribute name.

The value is a string of 1 to 64 case-sensitive characters, spaces not supported.
include

Specifies the DHCP option carried in authentication requests to be sent to the RADIUS server. A maximum of 16 DHCP options can be sent to the RADIUS server.

The value is an integer that ranges from 1 to 254 .
class

Indicates the public No. 25 attribute, which is used to take the accounting information.

-
edsg

EDSG Service.

-
daa

DAA Service.

-
agent-circuit-id

Indicates the DSL FORUM No. 1 attribute, which represents the agent circuit ID.

-
agent-remote-id

Indicates the DSL FORUM No. 2 attribute, which represents the agent remote circuit ID.

-
value-added-service

List of enabled value-added services.

-
radius-attribute-name

Specifies an attribute name.

The value is a string of 1 to 64 characters.
hw-dhcp-option option-num

Specifies the option ID of HW-DHCP-Option sent to the RADIUS server.

The value is an integer ranging from 1 to 254. The option ID of HW-DHCP-Option carried in accounting request packets can only be 60.
reply-message

Indicates the public No. 18 attribute, which indicates the description of return character strings.

-
coa-nak

Indicates CoA-NAK packets.

-
hw-dhcpv6-option37

Indicates the Huawei proprietary No. 150 attribute, which is used to encapsulate the client MAC.

-
edsg-service-name

Indicates the EDSG service name. If the radius-attribute hw-policy-name support-type edsg command is configured, it indicates the Huawei proprietary No. 95 attribute. If the radius-attribute hw-policy-name support-type edsg command is not configured, it indicates the Huawei proprietary No. 185 attribute.

-
accounting-request

Configures the attribute in the accounting-request packet.

-
hw-version

Indicates the Huawei proprietary No. 254 attribute, which is used to indicate the system software version.

-
hw-product-id

Indicates the Huawei proprietary No. 255 attribute, which is used to indicate the device type.

-
hw-vpn-instance

Indicates the Huawei proprietary No. 94 attribute to be carried in accounting request packets. This attribute represents the VPN instance information. Specify this parameter if the upstream device needs to identify VPN instance information of users and implement service policies based on the VPN instance information in accounting request packets.

-
hw-user-mac

Indicates the Huawei proprietary No. 153 attribute, which carries the Mac address of a user.

-
hw-acct-terminate-subcause

Indicates the Huawei proprietary No. 181 attribute, which carries the sub-cause for which a user goes offline.

-
framed-route

Indicates the public No. 22 attribute, which carries routing information provided by the RADIUS server to users through the NAS.

-
hw-web-url

Indicates the Huawei proprietary No. 253 attribute, which carries the URL forcibly pushed to Web users.

-
nas-port

Physical interface for user access.

-
lns

The number of LNS sessions is collected based on the source IP address of the tunnel.

-
logon-ack

Indicates the attribute to be carried in ACK packets sent to the RADIUS server when switchover from the CoA-based pre-authentication domain to authentication domain is performed successfully.

-
query-ack

Indicates the attribute to be carried in ACK packets sent to the RADIUS server in a CoA-based re-authentication query.

-
session-timeout

Indicates the Session-Timeout attribute to be carried in CoA query ACK packets sent to the RADIUS server.

-
online-time

Indicates the Acct-Session-Time attribute (user online duration) to be carried in CoA query ACK packets sent to the RADIUS server.

-
user-group

Indicates the Filter-Id attribute (user group ID) to be carried in CoA query ACK packets sent to the RADIUS server.

-
coa-query-ack

Ack message replied to the RADIUS server during COA query.

-
hw-gateway-address

Indicates the Huawei proprietary No. 73 attribute, which carries the gateway address. This attribute is supported only in IPoE access scenarios.

-
access-request

Configures the attribute to be carried in authentication request packets.

-
hw-dhcpv6-option v6-option-num

Specifies the option ID of HW-DHCPv6-Option sent to the RADIUS server.

The value is an integer ranging from 1 to 65535. The option ID of HW-DHCPv6-Option carried in accounting request packets can only be 16.
nas-ip-address

Indicates the public No. 4 attribute, which is used to indicate the address of device.

-
accounting-on

Indicates RADIUS accounting-on packets.

-
accounting-off

Indicates RADIUS accounting-off packets.

-
event-timestamp

Indicates the event-timestamp attribute.

-

Views

RADIUS server group view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
radius write

Usage Guidelines

Usage Scenario

By default, many attributes are not carried in packets, which prevents unnecessary or unidentifiable attributes from being sent to a RADIUS server. To allow an attribute to be carried in a packet, run the radius-attribute include command.

For NetEngine 8000 F1A, the following attributes can be configured using the radius-attribute include command that can be carried in RADIUS packets to be sent to a RADIUS server:

bb_caller_id: No. 97 RADIUS attribute, the private attribute of REDBACK.

hw-auth-type: No. 180 RADIUS attribute, indicating the authentication type of users.

hw-acct-terminate-subcause: No. 181 RADIUS attribute, indicating the ID of a subcause for a session interruption.

hw-avpair: Huawei proprietary No. 188 attribute. indicating the attribute-value pair, which is the framework attribute of extensible sub-attributes

hw-version: No. 254 RADIUS attribute, indicating the version of system software.

hw-product-id: No. 255 RADIUS attribute, indicating the device type.

nas-port-id: No. 87 RADIUS attribute. It is specific to scenarios in which the LNS sends request packets that need to carry the nas-port-id attribute to the LNS RADIUS server.

hw-dhcp-option: Huawei proprietary No. 187 attribute. It is used to send DHCP options to and deliver DHCP options from the RADIUS server.

hw-dhcpv6-option: Huawei proprietary No. 189 attribute. It is used to send DHCP options to and deliver DHCPv6 options from the RADIUS server.

reply-messag: public No. 18 attribute. It indicates the description of return character strings.

class: public No. 25 attribute, which carries accounting related information.

hw-dhcpv6-option37: Huawei proprietary No. 150 attribute, which carries the Mac address of a user.

edsg-service-name: EDSG service policy name. If the radius-attribute hw-policy-name support-type edsg command is configured, this attribute indicates Huawei proprietary No. 95 attribute. If the radius-attribute hw-policy-name support-type edsg command is not configured, this attribute indicates Huawei proprietary No. 185 attribute.

hw-vpn-instance: Huawei proprietary No. 94 attribute, which carries VPN instance information.

hw-web-url: Huawei proprietary No. 253 attribute, which carries information about the web redirection URL.

framed-route: public No. 22 attribute, which carries information about user routes.

hw-user-mac: Huawei proprietary No. 153 attribute, which carries the Mac address of a user.

hw-gateway-address: Huawei proprietary No. 73 attribute, which carries the gateway address. This attribute is supported only in IPoE access scenarios.

Configuration Impact

If an attribute is not carried in a packet by default, run the radius-attribute include command to allow the attribute to be carried in the packet. If you also specify a packet type, the attribute is carried only in this type of packets.

If you specify multiple attributes, all the specified attributes are carried in packets.

Precautions

  • If no packet type parameter is specified in the command, the attribute specified in the command is carried in both authentication request packets and accounting packets.
  • This command applies only to the attributes that are not sent to the RADIUS server by default. This command takes effect for all newly generated packets that meet the specified conditions.
  • A maximum of 64 RADIUS server groups (excluding hw-dhcp-option, hw-dhcpv6-option, agent-circuit-id, agent-remote-id, NAS-Port-Id, and nas-port) can be configured in the RADIUS server group view. The actual number of encapsulated attributes is controlled by the actual packet length. The radius-attribute include hw-dhcp-option , radius-attribute include hw-dhcpv6-option , and radius-attribute include {agent-circuit-id | agent-remote-id} value-added-service commands are not restricted by the preceding configurations.

Example

# Configure the device to include the remaining user duration in the ACK packets sent to the RADIUS server during COA query.
<HUAWEI> system-view
[~HUAWEI] radius-server group g1
[*HUAWEI-radius-g1] commit
[~HUAWEI-radius-g1] radius-attribute include session-timeout coa-query-ack
# Configure the device to include ReplyMessage in the ACK packets sent to the RADIUS server during COA query.
<HUAWEI> system-view
[~HUAWEI] radius-server group g1
[*HUAWEI-radius-g1] commit
[~HUAWEI-radius-g1] radius-attribute include reply-message query-ack
# Configure ReplyMessage to be carried in the ACK packets that are replied to the RADIUS server when COA-based pre-authentication to authentication domain switchover is performed successfully.
<HUAWEI> system-view
[~HUAWEI] radius-server group g1
[*HUAWEI-radius-g1] commit
[~HUAWEI-radius-g1] radius-attribute include reply-message logon-ack
# Configure the device to send the HW-DHCPv6-Option37 attribute in accounting packets and authentication request packets to the RADIUS server group g1.
<HUAWEI> system-view
[~HUAWEI] radius-server group g1
[*HUAWEI-radius-g1] commit
[~HUAWEI-radius-g1] radius-attribute include hw-dhcpv6-option37 accounting-request
# Configure the device to send hw-dhcp-options 4, 5, 6, 7, and 8 from the DHCP client in authentication packets to the RADIUS server group g1.
<HUAWEI> system-view
[~HUAWEI] radius-server group g1
[*HUAWEI-radius-g1] commit
[~HUAWEI-radius-g1] radius-attribute include hw-dhcp-option 4 5 6 7 8
# Configure the device to send Huawei-proprietary attribute hw-product-id to the RADIUS server group g1.
<HUAWEI> system-view
[~HUAWEI] radius-server group g1
[*HUAWEI-radius-g1] commit
[~HUAWEI-radius-g1] radius-attribute include hw-product-id
# Configure the device to send Redback-proprietary attribute bb_caller_id to the RADIUS server group g1.
<HUAWEI> system-view
[~HUAWEI] radius-server group g1
[*HUAWEI-radius-g1] commit
[~HUAWEI-radius-g1] radius-attribute include bb_caller_id
# Configure the device to send the reply-message attribute in COA-NAK packets to the RADIUS server group g1.
<HUAWEI> system-view
[~HUAWEI] radius-server group g1
[*HUAWEI-radius-g1] commit
[~HUAWEI-radius-g1] radius-attribute include reply-message coa-nak
# Configure the device to send the nas-ip-address attribute in accounting-on and accounting-off packets to the RADIUS server group g1.
<HUAWEI> system-view
[~HUAWEI] radius-server group g1
[*HUAWEI-radius-g1] commit
[~HUAWEI-radius-g1] radius-attribute include nas-ip-address accounting-on accounting-off
# Configure the device to send Huawei-proprietary attribute hw-user-mac in accounting request packets to the RADIUS server group g1.
<HUAWEI> system-view
[~HUAWEI] radius-server group g1
[*HUAWEI-radius-g1] commit
[~HUAWEI-radius-g1] radius-attribute include hw-user-mac edsg accounting-request
# Configure the device to send Huawei-proprietary attribute hw-vpn-instance in accounting request packets to the RADIUS server group g1.
<HUAWEI> system-view
[~HUAWEI] radius-server group g1
[*HUAWEI-radius-g1] commit
[~HUAWEI-radius-g1] radius-attribute include hw-vpn-instance accounting-request
# Configure the device to send Huawei-proprietary attribute hw-web-url in accounting request packets to the RADIUS server group g1.
<HUAWEI> system-view
[~HUAWEI] radius-server group g1
[*HUAWEI-radius-g1] commit
[~HUAWEI-radius-g1] radius-attribute include hw-web-url accounting-request
# Configure the device to send the public attribute framed-route in accounting request packets to the RADIUS server group g1.
<HUAWEI> system-view
[~HUAWEI] radius-server group g1
[*HUAWEI-radius-g1] commit
[~HUAWEI-radius-g1] radius-attribute include framed-route accounting-request
# Configure the device to send huawei proprietary hw-acct-terminate-subcause in radius packet
<HUAWEI> system
[~HUAWEI] radius-server group g1
[*HUAWEI-radius-g1] commit
[~HUAWEI-radius-g1] radius-attribute include hw-acct-terminate-subcause
# Configure the device to send the class attribute in accounting packets of DAA services to the RADIUS server group g1.
<HUAWEI> system-view
[~HUAWEI] radius-server group g1
[*HUAWEI-radius-g1] commit
[~HUAWEI-radius-g1] radius-attribute include class daa
# Configure the device to send DHCPv6 Option 16 in the hw-dhcp-option attribute of authentication requests to the RADIUS server group group1.
<HUAWEI> system-view
[~HUAWEI] radius-server group group1
[*HUAWEI-radius-group1] commit
[~HUAWEI-radius-group1] radius-attribute include hw-dhcpv6-option 16
# Configure the device to include the user group in the ACK packets sent to the RADIUS server during COA query.
<HUAWEI> system-view
[~HUAWEI] radius-server group g1
[*HUAWEI-radius-g1] commit
[~HUAWEI-radius-g1] radius-attribute include user-group coa-query-ack
# Configure the device to include the user online duration in the ACK packets sent to the RADIUS server during COA query.
<HUAWEI> system-view
[~HUAWEI] radius-server group g1
[*HUAWEI-radius-g1] commit
[~HUAWEI-radius-g1] radius-attribute include online-time coa-query-ack
# Configure the device to send the class attribute in accounting packets of EDSG services to the RADIUS server group g1.
<HUAWEI> system-view
[~HUAWEI] radius-server group g1
[*HUAWEI-radius-g1] commit
[~HUAWEI-radius-g1] radius-attribute include class edsg
Parent Topic: AAA and User Management Configuration Commands (Administrative User)
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >