you have the ability to do attirubte templates, but this is more BNG specific.

attrribute templates are applied to radius-server groups and these groups are then applied per method list.

xander

Hi Alexander Thuijs,

                                          I thought radius Server only  has the ability to custamize and store accounting records ? Can we customize account records from ASR 9k ?  If So, Can I get the commands or links for configruring and storing custom account records in ASR 9k ? Please give me a granular answer.

You can do that within XR also. You define an attribute list that you want to filter out of the request or accept (so in either direction, defined separately).

A "granular" example:

radius-server attribute list ATTR_LIST        

  attribute

  attribute vendor-specific <…>

!

aaa group server

{ authentication | authorization | accounting }

    { reply | request } { accept | reject } ATTR_LIST

!

xander

Hi Alexander Thuijs,

                             Apart from this example, Could you please mention the XR configuration for creating the attribute list of radius or any command/config  reference guide or any documents for creating the same. Hope your precious response.

Hello Xander! how are you...

Im here again I have some question base on your answer to my previous ones.

First, in our network right now the BRAS both the 10K and the 1K, are configured with nas-port format D to send  the following access-request packet to the Radius

Packet dump: *** Received from 200.3.62.253 port 63618 ....

Framed-Protocol = PPP 

User-Name = "X" 

User-Password = X

Service-Type = Framed-User    

NAS-IP-Address = 200.3.62.253 

Acct-Session-Id = "7/0/0/153.1503_04E4EB3D"

NAS-Port-Type = Ethernet     

NAS-Port = 1879676383 

NAS-Port-Id = "7/0/0/153.1503" 

The systems behind the Radius are doing computations with nas-port, base on nas-port-type too.

So far no problem.

Next quarter the 9K will be working in our network, so I guess it will be necessary some changes in my systems.

So far I understood that format e doesnt describe physical port if you have configured bundle to terminate the sessions, but the informations it gives in the ex SSAAPPPPQQQQQQQQQQVVVVVVVVVVUUUU bits PPPP is the xth bundle ether configured, so that I should adapt all my system to manage this new information for validation. That OK?

Second, suppose I want to avoid any kind of modifications in the systems, I mean masks and logic changes to interpret the informations to validate the subscriber as we do right now, I wonder if exist some clue to have this mask for the nas-port

SSAPPPPPQQQQQQQQQQQQVVVVVVVVVVVV where PPPPP gives me the physical port considering the BRAS 9K will have  24 port 10GE PLIM. Where also Q and V are bits to inform outer vlans and inner vlans.

Besides I wonder if I decide to use the nas-port-id instead of nas-port as example shows in the guide:

An example of a CLI command to construct the NAS-Port-ID from just the BNG port information

aaa attribute format NAS-PORT-ID-FORMAT666

format-string “eth %s/%s/%s:%s.%s ” phy-slot phy-subslot phy-port outer-vlan-Id inner-vlan-id

Here a question, phy port, is the bundle information it will send? or in this case are really physical information. Because... you know what.. this could be an option for us. I mean in case it gives physical port.

Have you understood all this stuff we are doubting, and trying to reduce impacts?

Regards,

Javier

Pablo,

check this reference that may help:

https://supportforums.cisco.com/docs/DOC-23170#NasPortID

and another example:

!  Nas-port computation for PPPoE(32) and if not pppoe  then follow the

! global (non typed) logic

aaa  radius attribute nas-port  format e SSAAPPPPQQQQQQQQQQVVVVVVVVVVUUUU type 32

aaa  radius attribute nas-port  format e SSAAPPPPQQQQQQQQQQVVVVVVVVVVUUUU

xander

Hi Xander,

                   May I know  which type of algorithm(eg: round-robin) is used in XR to access a set of RADIUS servers

It is either in failover mode (the IOS default so to speak), or you can configure the least-outstanding methodology with a configurable batch size.

cheers

xander

Hi Xander,

                       What I meant to ask is if there is a list of radius-servers and a request come then we want to configure the first server will be used as primary server for the first request, the second server as primary for the second request, and so on.  By default , how the radius servers (from a list of servers)  processes the requests. Is there any commands availabl in XR for selecting the access method of servers ?

Yes I got that :), what you are describing is round-robin, which is a lame method and not preferred.

You can't configure that method in XR.

xander

Hi Xander,

                Thanks for your reply. May I know which is the mehod  XR following? Pls give me a response.