![[Top]](../images/home.jpg){kind=small}
![[Contents]](../images/contents.jpg){kind=small}
![[Prev]](../images/previous.jpg){kind=small}
![[Next]](../images/next.jpg){kind=small}
![[Last]](../images/index.jpg){kind=small}
Reference to RADIUS Attributes
Attribute Name
Description: The Description text explains the attribute.
Usage: The Usage text explains the values you can specify for the attribute.
Example: The Example text presents an example of how to use the attribute.
Dependencies: The Dependencies text tells you what other information you need in order to specify the proper value for the attribute.
See Also: The See Also text points you to related information.
Acct-Authentic (45)
Description: Indicates the method the MAX TNT used to authenticate a call, or reports that
the MAX TNT accepted the call without authentication.
Usage: Acct-Authentic does not appear in a user profile It can have either of the following values:
Acct-Delay-Time (41)
Description: Indicates how many seconds the MAX TNT has been trying to send the
Accounting packet.
Usage: Acct-Delay-Time does not appear in a user profile. Its default value is 0 (zero).
Dependencies: The MAX TNT sends Acct-Delay-Time in an Accounting-Request packet under the following conditions:
Acct-Input-Octets (42)
Description: Indicates how many octets the MAX TNT received during the session. The
value reflects only the data delivered by PPP or other encapsulation. It does not include the
header or other protocol-dependent components of the packet.
Usage: Acct-Input-Octets does not appear in a user profile. Its default value is 0 (zero).
Dependencies: The MAX TNT sends Acct-Input-Octets in an Accounting-Request packet, at the end of a session (Acct-Status-Type=Stop), when both of the following conditions are true:
Acct-Input-Packets (47)
Description: Indicates how many packets the MAX TNT received during the session. The
packets are counted before the encapsulation is removed. The attribute's value does not include
maintenance packets, such as keepalive or management packets.
Usage: Acct-Input-Packets does not appear in a user profile. Its default value is 0 (zero).
Dependencies: The MAX TNT sends Acct-Input-Packets in an Accounting-Request packet, at the end of a session (Acct-Status-Type=Stop), when both of the following conditions are true:
Acct-Output-Octets (43)
Description: Indicates how many octets the MAX TNT has sent during the session. The value
reflects only the data delivered by PPP or other encapsulation. It does not include the header or
other protocol-dependent components of the packet.
Usage: Acct-Output-Octets does not appear in a user profile. Its default value is 0 (zero).
Dependencies: The MAX TNT sends Acct-Output-Octets in an Accounting-Request packet, at the end of a session (Acct-Status-Type=Stop), when both of the following conditions are true:
Acct-Output-Packets (48)
Description: Indicates how many packets the MAX TNT has sent during the session. The
packets are counted before the encapsulation is removed. The attribute's value does not include
maintenance packets, such as keepalive or management packets.
Usage: Acct-Output-Packets does not appear in a user profile. Its default value is 0 (zero).
Dependencies: The MAX TNT sends Acct-Output-Packets in an Accounting-Request packet, at the end of a session (Acct-Status-Type=Stop), when both of the following conditions are true:
Acct-Session-Id (44)
Description: Identifies the routing or terminal-server session reported in the
Accounting-Request packet. RADIUS correlates the Accounting Start packet and Accounting
Stop packet by means of Acct-Session-Id.
Usage: Acct-Session-Id does not appear in a user profile. Its value is a random number with a range from 1 to 2,137,383,647. For every session, RADIUS generates a unique session ID.
Dependencies: The MAX TNT sends Acct-Session-Id in an Accounting-Request packet under the following conditions:
Acct-Session-Time (46)
Description: Indicates how many seconds the session has been logged in.
Usage: Acct-Session-Time does not appear in a user profile. Its default value is 0 (zero).
Dependencies: The MAX TNT sends Acct-Session-Time in an Accounting-Request packet, at the end of a session (Acct-Status-Type=Stop), when the session has been authenticated.
Acct-Status-Type (40)
Description: Indicates whether the Accounting packet the MAX TNT sends to the RADIUS
server reports the beginning (Start) or end (Stop) of a routing or terminal-server session.
Usage: Acct-Status-Type does not appear in a user profile.
Dependencies: The MAX TNT includes Acct-Status-Type in an Accounting-Request packet under the following conditions:
Ascend-Add-Seconds (240)
Description: Specifies the number of seconds that average line utilization (ALU) for
transmitted data must exceed the threshold indicated by the Ascend-Target-Util attribute before
the MAX TNT begins adding bandwidth to a session. The MAX TNT determines the ALU for
a session by applying the algorithm specified by the Ascend-History-Weigh-Type attribute.
When utilization exceeds the threshold for a period greater than the value of the Ascend-Add-Seconds attribute, the MAX TNT attempts to add the number of channels specified by the Ascend-Inc-Channel-Count attribute. Using the Ascend-Add-Seconds attribute prevents the system from continually adding bandwidth, and can slow down the process of allocating bandwidth.
Dependencies: Consider the following:
Ascend-ARA-PW (181)
Description: Specifies the password of the incoming caller over an AppleTalk Remote Access
(ARA) connection. The ARA software in the MAX TNT uses DES to encrypt and decrypt the
password.
Usage: Specify an alphanumeric text string containing up to 20 characters. The default value is null. The password you enter for this attribute must be identical to the password you enter in the first line of the user profile. The MAX TNT requires both entries.
Example: This example shows how to set up a TCP connection through ARA with a dynamic IP address assignment:
Emma Password="pwd"See Also: Password (2)
Framed-Protocol=ARA,
Ascend-ARA-PW="pwd",
Ascend-Route-IP=Route-IP-Yes,
Ascend-Assign-IP-Pool=1
Ascend-Assign-IP-Pool (218)
Description: Specifies the address pool from which RADIUS assigns the user an IP address.
A dynamic address comes from the pool of addresses you set up by assigning values to the Pool-Base-Address and Assign-Count parameters in an IP-Global profile on the MAX TNT, the Ascend-IP-Pool-Definition attribute in a RADIUS profile, or both. An IP address pool you set up in RADIUS overrides an IP address pool you set up in the MAX TNT configuration interface, but only if you designate the two pools by the same number.
Example: In the following user profile, the host requests an address from pool #2:
Emma Password="m2dan", User-Service=Framed-UserSee Also: Configuring IP address pools and
Framed-Protocol=PPP,
Ascend-Route-IP=Route-IP-Yes,
Ascend-Metric=2,
Framed-Routing=None,
Ascend-Assign-IP-Pool=2
Ascend-Authen-Alias (203)
Description: Sets the MAX TNT unit's login name during PPP authentication.
When the MAX TNT places an outgoing call, it identifies itself by a login name and password. The login name is either its system name (as specified by the Name parameter in the System profile) or the value you specify for the Ascend-Authen-Alias attribute.
Example: The following example shows how to use the Ascend-Authen-Alias attribute in an outgoing profile:
Homer-Out Password="ascend", User-Service=Dialout-Framed-User
User-Name="Homer",
Ascend-Authen-Alias="myMAXTNTcallingU",
Ascend-Send-Auth=Send-Auth-PAP,
Ascend-Send-Secret="passwrd1",
Ascend-Dial-Number="31",
Framed-Protocol=PPP,
Framed-Address=10.0.100.1,
Framed-Netmask=255.255.255.0,
Ascend-Metric=2,
Framed-Routing=None,
Framed-Route="10.5.0.0/24 10.0.100.1 1",
Ascend-Idle-Limit=30
Ascend-Backup (176)
Description: Specifies the name of a backup profile for a nailed-up link. When the physical
connection fails due to loss of a T1 line or serial WAN port, the MAX TNT automatically
diverts traffic to the backup connection. When the primary connection is back online, traffic
again uses the primary connection.
Usage: Specify the name of the profile that you want to act as the backup. The backup connection can be switched or nailed up. The default value is null.
Dependencies: Consider the following:
Ascend-BACP-Enable (133)
Description: Specifies whether Bandwidth Allocation Control Protocol (BACP) is enabled
for the link.
BACP is the Internet standard protocol equivalent to the Ascend MP+ bandwidth allocation protocol. BACP functions similarly to MP+ and uses the same attributes as MP+.
Ascend-Base-Channel-Count (172)
Description: Specifies the initial number of channels the MAX TNT sets up when originating
calls for a PPP, MP, or MP+ link.
Usage: The maximum number of channels you can specify depends upon the nature of the link:
Dependencies: The Ascend-Base-Channel-Count attribute does not apply when all channels of the link are nailed up (Ascend-Call-Type=Nailed). For optimum MP+ performance, both sides of a connection must set the following values to the same number:
Ascend-Billing-Number (249)
Description: Specifies a billing number for charges incurred on the line. If you do not enter a
billing number, the telephone company assigns charges to the telephone number associated
with the line. Your carrier determines the billing number, and uses it to sort your bill. If you
have several departments, and each department has its own Ascend-Billing-Number, your
carrier can separate and tally each department's usage.
Usage: Specify a telephone number of up to ten characters, limited to the following:
1234567890()[]!z-*# |
See Also: Setting up CLID authentication and
Ascend-Callback (246)
Description: Enables or disables callback.
Usage: Specify one of the following values:
See Also: Setting up the MAX TNT for callback.
Ascend-Call-By-Call (250)
Description: Specifies the T1 PRI service that the MAX TNT uses when placing a PPP, MP,
or MP+ call.
Usage: Specify a number corresponding to the type of service the MAX TNT uses. The default value is 6. Table 14-1 lists the services available for each service provider.
Ascend-Call-Filter (243)
Description: Specifies the characteristics of a call filter in a RADIUS user profile. The MAX
TNT uses the filter only when it places a call or receives a call associated with the profile that
includes the filter definition.
Usage: Filter entries apply on a first-match basis. Therefore, the order in which you enter them is significant. If you make changes to a filter in a RADIUS user profile, the changes do not take effect until a call uses that profile.
You can specify an IP filter or a generic filter. The following subsections describe how to configure each of the filter types.
IP call filter entries
Use the following format for an IP call filter entry:
Ascend-Call-Filter="ip dir action [dstip dest_ipaddr\subnet_mask] [srcip src_ipaddr\subnet_mask] [proto [dstport cmp value [srcport cmp value] [est]]"
Table 14-2 describes each element of the syntax. None of the keywords are case sensitive.
Generic call filter entries
Use the following format for a generic call filter entry:
Ascend-Call-Filter="generic dir action offset mask value compare [more]"
Table 14-3 describes each element of the syntax. None of the keywords are case sensitive.
Example: The following are examples of IP call filter entries:
Ascend-Call-Filter="ip in drop"
Ascend-Call-Filter="ip out forward tcp"
Ascend-Call-Filter="ip out forward tcp dstip 10.0.200.3/16 srcip 10.0.200.25/16 dstport!=telnet"
Ascend-Call-Filter="ip out forward tcp dstip 10.0.200.3/16 srcip 10.0.200.25/16 icmp"The following are examples of generic call filter entries:
Ascend-Call-Filter="generic in drop 0 ffff 0080"
Ascend-Call-Filter="generic in drop 0 ffff != 0080 more"
Ascend-Call-Filter="generic in drop 16 ff aa"See Also: Ascend-Data-Filter (242).
Ascend-Call-Type (177)
Description: Specifies the type of nailed-up connection in use.
Usage: Table 14-4 lists the settings you can specify for Ascend-Call-Type.
Dependencies: The MAX TNT adds or subtracts switched channels on a Nailed/Mpp connection as the settings on either side of the connection require. Each side makes its calculations on the basis of the traffic it receives at that side. If the two sides of the connection disagree on the number of channels needed, the side requesting the greater number prevails.
Ascend-Client-Assign-DNS (137)
Description: Specifies whether or not the MAX TNT sends the Ascend-Client-Primary-DNS
and Ascend-Client-Secondary-DNS values during connection negotiation.
Usage: Specify one of the following settings:
See Also: Setting up access to specific DNS servers,
Ascend-Client-Primary-DNS (135), and
Ascend-Client-Secondary-DNS (136).
Ascend-Client-Gateway (132)
Description: Specifies the default route for IP packets coming from the user on a connection.
Usage: Specify the IP address of the next-hop router in dotted decimal notation. The default value is 0.0.0.0. If you accept the default, the Ascend unit routes packets as specified in the routing table, using the system-wide default route if it cannot find a more specific route.
Dependencies: The Ascend unit must have a direct route to the address you specify. The direct route can come from a profile or an Ethernet connection. If the Ascend unit does not have a direct route, it drops the packets on the connection. When you diagnose routing problems with a profile that includes a default route, an error in a per-user gateway address is not apparent from inspection of the global routing table.
Example: If you specify Ascend-Client-Gateway=10.0.0.3 in the RADIUS user profile
Berkeley, IP packets from the user with destinations through the default route go through the
router at 10.0.0.3.
Ascend-Client-Primary-DNS (135)
Description: Specifies a primary DNS server address to send to any client connecting to the
MAX TNT.
Usage: Specify the IP address of the primary DNS server. You must specify the address in dotted decimal notation. The default is 0.0.0.0, which specifies that no primary DNS server is available for the connection. If you do not specify Ascend-Client-Primary-DNS or Ascend-Client-Secondary-DNS in any user profile, the Ascend unit routes packets as specified in the routing table, using the system-wide default route if it cannot find a more specific route.
Dependencies: You must include the setting Ascend-Client-Assign-DNS=DNS-Assign-Yes to direct the MAX TNT to send the primary DNS server address during connection negotiation.
See Also: Setting up access to specific DNS servers,
Ascend-Client-Assign-DNS (137), and
Ascend-Client-Secondary-DNS (136).
Ascend-Client-Secondary-DNS (136)
Description: Specifies a secondary DNS server address to send to any client connecting to the
MAX TNT.
Usage: Specify the IP address of the secondary DNS server. You must specify the address in dotted decimal notation. The default is 0.0.0.0, which specifies that no primary DNS server is available for the connection. If you do not specify Ascend-Client-Primary-DNS or Ascend-Client-Secondary-DNS in any user profile, the Ascend unit routes packets as specified in the routing table, using the system-wide default route if it cannot find a more specific route.
Dependencies: You must include the setting Ascend-Client-Assign-DNS=DNS-Assign-Yes to direct the MAX TNT to send the secondary DNS server address during connection negotiation.
See Also: Setting up access to specific DNS servers,
Ascend-Client-Assign-DNS (137), and
Ascend-Client-Primary-DNS (135).
Ascend-Connect-Progress (196)
Description: Indicates the state of the connection before it disconnects.
Usage: Ascend-Connect-Progress can have any one of values specified in Table 14-5.
Dependencies: The MAX TNT includes Ascend-Connect-Progress in an Accounting-Request packet when the session has ended or has failed authentication (Acct-Status-Type=Stop).
Ascend-Data-Filter (242)
Description: Specifies the characteristics of a data filter in a RADIUS user profile. The MAX
TNT uses the filter only when it places or receives a call associated with the profile that
includes the filter definition.
Usage: Filter entries apply on a first-match basis. Therefore, the order in which you enter them is significant. If you make changes to a filter in a RADIUS user profile, the changes do not take effect until a call uses that profile.
You can specify an IP filter or a generic filter. The following sections describe how to configure each of the filter types.
IP data filter entries
Use the following format for an IP data filter entry:
Ascend-Data-Filter="ip dir action [dstip dest_ipaddr\subnet_mask] [srcip src_ipaddr\subnet_mask] [proto [dstport cmp value]
[srcport cmp value] [est]]"
Table 14-6 describes each element of the syntax. None of the keywords are case sensitive.
Generic data filter entries
Use the following format for a generic data filter entry:
Ascend-Data-Filter="generic dir action offset mask value compare [more]"
Table 14-7 describes each element of the syntax. None of the keywords are case sensitive.
Example: The following are examples of IP data filter entries:
Ascend-Data-Filter="ip in drop"
Ascend-Data-Filter="ip out forward tcp"
Ascend-Data-Filter="ip out forward tcp dstip 10.0.200.3/16 srcip 10.0.200.25/16 dstport!=telnet"
Ascend-Data-Filter="ip out forward tcp dstip 10.0.200.3/16 srcip 10.0.200.25/16 icmp"The following are examples of generic data filter entries:
Ascend-Data-Filter="generic in drop 0 ffff 0080"
Ascend-Data-Filter="generic in drop 0 ffff != 0080 more"
Ascend-Data-Filter="generic in drop 16 ff aa"See Also: Ascend-Call-Filter (243).
Ascend-Data-Rate (197)
Description: Specifies the rate of data received on the connection in bits per second.
Usage: Ascend-Data-Rate does not appear in a user profile. Its default value is 0 (zero).
Dependencies: The MAX TNT includes Ascend-Data-Rate in an Accounting-Request packet when the session has ended or has failed authentication (Acct-Status-Type=Stop).
Ascend-Data-Svc (247)
Description: Specifies the type of data service the link uses for outgoing calls.
Usage: Set the Ascend-Data-Svc attribute to one of the values listed in Table 14-8. The data service you specify must be available end-to-end.
Dependencies: Consider the following:
Ascend-DBA-Monitor (171)
Description: Specifies how the Ascend calling unit monitors the traffic on an MP+ call. The
Ascend unit can use the information to add or subtract bandwidth as necessary.
Usage: Specify one of the following values:
Ascend-Dec-Channel-Count (237)
Description: Specifies the number of channels the MAX TNT removes when bandwidth
changes during a call.
Usage: Specify a number from 1 to 32. The default value is 1.
Dependencies: Consider the following:
Ascend-Dialout-Allowed (131)
Description: Specifies whether the user associated with an outgoing RADIUS user profile
can use one of the MAX TNT unit's digital modems to dial out.
Usage: Specify one of the following settings:
Ascend-Dial-Number (227)
Description: Specifies the phone number the MAX TNT dials to reach the router or node at
the remote end of the link.
Usage: Specify a telephone number of up to 21 characters, limited to the following:
1234567890()[]!z-*#|The MAX TNT sends only the numeric characters to place a call. The default value is null.
Dependencies: If Use-Trunk-Groups=Yes in the System profile, the first digits in the Ascend-Dial-Number attribute have the meanings listed in Table 14-9.
Ascend-Disconnect-Cause (195)
Description: Indicates the reason a connection went offline.
Usage: Ascend-Disconnect-Cause can return any of the values listed in Table 14-10.
Dependencies: The MAX TNT includes Ascend-Disconnect-Cause in an Accounting-Request packet when the session has ended or has failed authentication (Acct-Status-Type=Stop).
Ascend-Event-Type (150)
Description: Indicates one of the following:
Dependencies: In a cold-start notification, the MAX TNT sends values for NAS-Identifier, Ascend-Event-Type, and Ascend-Number-Sessions in an Ascend-Access-Event-Request packet (code 33). The RADIUS accounting server must send back an Ascend-Access-Event-Response packet (code 34) with the correct identifier to the MAX TNT.
In a session event, the MAX TNT sends values for Password, NAS-Identifier, Ascend-Access-Event-Type, and Ascend-Number-Sessions in an Ascend-Access-Event-Request packet (code 33). The authentication server must send back an Ascend-Access-Event-Response packet (code 34) with the correct identifier to the MAX TNT.
NAS-Identifier (4).
Ascend-Expect-Callback (149)
Description: Specifies whether a user dialing out should expect the remote end to call back.
Usage: Specify one of the following values:
Ascend-First-Dest (189)
Description: Records the destination IP address of the first packet the MAX TNT receives on
a link after RADIUS authenticates the connection.
Usage: Ascend-First-Dest does not appear in a user profile and has no default value.
Dependencies: Ascend-First-Dest applies only if the session routes IP. The MAX TNT includes Ascend-First-Dest in an Accounting-Request packet when both of the following conditions are true:
Ascend-Force-56 (248)
Description: Specifies whether the MAX TNT uses only the 56-Kbps portion of a channel,
even when all 64 Kbps appear to be available:
Usage: Specify one of the following values:
Ascend-FR-Circuit-Name (156)
Description: Specifies the Permanent Virtual Connection (PVC) for which the user profile is
an endpoint. A circuit specification defines two DLCI endpoints of a PVC, with one endpoint
specified in each RADIUS user profile or Connection profile.
Usage: Specify a text string of up to 15 characters. The default value is null.
Dependencies: Consider the following:
Ascend-FR-DCE-N392 (162)
Description: Specifies the number of errors, during Ascend-FR-DCE-N393-monitored
events, that causes the network side to declare the user side's procedures inactive.
Usage: Specify an integer from 1 to 10. The default value is 3.
Dependencies: Consider the following:
Ascend-FR-DCE-N393 (164)
Description: Specifies the DCE-monitored event count. The MAX TNT considers a link
active if the event count does not reach the value of Ascend-FR-DCE-N393.
Usage: Specify a number from 1 to 10. The default value is 4.
Dependencies: The Ascend-FR-DCE-N393 attribute does not apply if Ascend-FR-Type=Ascend-FR-DTE.
See Also: Ascend-FR-Type (159).
Ascend-FR-Direct (219)
Description: Specifies whether the MAX TNT uses a direct connection for Frame Relay
packets.
Usage: Specify one of the following values:
Ascend-FR-Direct-DLCI (221)
Description: Specifies the Data Link Connection Indicator (DLCI) for the user profile in a
Frame Relay direct connection.
Usage: Specify an integer from 16 to 991. The default value is 16. Many direct connections can use the same DLCI.
Dependencies: Ascend-FR-Direct-DLCI applies only if Ascend-FR-Direct=FR-Direct-Yes.
See Also: Direct connections (rarely used),
Configuring a Frame Relay direct connection,
Ascend-FR-Direct (219), and
Ascend-FR-Direct-Profile (220).
Ascend-FR-Direct-Profile (220)
Description: Specifies the name of the Frame Relay profile that carries the direct connection.
Usage: Specify the name of a Frame Relay profile. This profile connects to the Frame Relay switch handling the Data Link Connection Indicator (DLCI) specified by Ascend-FR-Direct-DLCI. You can specify up to 15 alphanumeric characters. The default value is null.
Dependencies: Ascend-FR-Direct-Profile applies only if Ascend-FR-Direct=FR-Direct-Yes.
See Also: Direct connections (rarely used),
Configuring a Frame Relay direct connection,
Ascend-FR-Direct (219), and
Ascend-FR-Direct-DLCI (221).
Ascend-FR-DLCI (179)
Description: Specifies the Data Link Connection Indicator (DLCI) for the user profile in a
Frame Relay gateway connection.
Usage: Specify an integer from 16 to 991. The default value is 16. You must assign each gateway connection its own DLCI.
Dependencies: Ascend-FR-DLCI applies only if Ascend-FR-Direct=FR-Direct-No.
See Also: Gateway connections,
Configuring a Frame Relay gateway connection,
Ascend-FR-Direct (219), and
Ascend-FR-Profile-Name (180).
Ascend-FR-DTE-N392 (163)
Description: Specifies the number of errors, during Ascend-FR-DTE-N393-monitored
events, that causes the user side to declare the network side's procedures inactive.
Usage: Specify an integer from 1 to 10. The default value is 3.
Dependencies: Consider the following:
Ascend-FR-DTE-N393 (165)
Description: Specifies the DTE-monitored event count. The MAX TNT considers a link
active if the event count does not reach the value of Ascend-FR-DTE-N393.
Usage: Specify a number from 1 to 10. The default value is 4.
Dependencies: The Ascend-FR-DTE-N393 attribute does not apply if Ascend-FR-Type=Ascend-FR-DCE.
See Also: Ascend-FR-Type (159).
Ascend-FR-Link-Mgt (160)
Description: Specifies the link management protocol the MAX TNT uses to communicate
with the Frame Relay switch.
Usage: Specify one of the following values:
Ascend-FR-N391 (161)
Description: Specifies the interval, in seconds, at which the MAX TNT requests a Full Status
Report. If you configure a Frame Relay connection for link management, it regularly requests
updates on the status of the link. If the Frame Relay unit at the other end of the link does not
respond to the requests, or if the response indicates a DLCI failure, the MAX TNT considers
the link inactive.
Usage: Specify an integer from 1 to 255. The default value is 6.
Dependencies: The Ascend-FR-N391 attribute does not apply if Ascend-FR-Type=Ascend-FR-DCE.
See Also: Ascend-FR-Type (159).
Ascend-FR-Nailed-Grp (158)
Description: Associates a group of nailed-up channels with the Frame Relay profile.
Usage: Specify a number from 1 to the maximum number of nailed-up channels that your MAX TNT allows. The default value is 1.
Dependencies: Do not associate a group with more than one active Frame Relay profile.
See Also: Setting up Frame Relay user connections.
Ascend-FR-Profile-Name (180)
Description: Specifies the name of the Frame Relay profile that carries the gateway
connection.
Usage: Specify the name of a Frame Relay profile. This profile connects to the Frame Relay switch handling the Data Link Connection Indicator (DLCI) specified by Ascend-FR-DLCI. You can specify up to 15 alphanumeric characters. The default value is null.
Dependencies: Ascend-FR-Profile-Name applies only if Ascend-FR-Direct=FR-Direct-No.
See Also: Gateway connections,
Configuring a Frame Relay gateway connection,
Ascend-FR-Direct (219), and
Ascend-FR-DLCI (179).
Ascend-FR-T391 (166)
Description: Specifies the Link Integrity Verification polling timer.
Usage: Specify a number of seconds from 5 to 30. The default value is 10.
Dependencies: The Ascend-FR-T391 attribute does not apply if Ascend-FR-Type=Ascend-FR-DCE.
See Also: Ascend-FR-Type (159).
Ascend-FR-T392 (167)
Description: Sets up the timer for the verification of the polling cycle (the length of time the
MAX TNT should wait between Status Enquiry messages). The MAX TNT records an error if
it does not receive a Status Enquiry within the number of seconds you specify.
Usage: Specify a number of seconds from 5 to 30. The default value is 10.
Dependencies: The Ascend-FR-T392 attribute does not apply if Ascend-FR-Type=Ascend-FR-DTE.
See Also: Ascend-FR-Type (159).
Ascend-FR-Type (159)
Description: Specifies the type of Frame Relay connection that the Frame Relay profile uses.
Usage: Specify one of the following values:
Ascend-FT1-Caller (175)
Description: Specifies whether the MAX TNT initiates an FT1-B&O call, or waits for the
remote end to initiate these types of calls.
Usage: Specify one of the following values:
Ascend-Group (178)
Description: Points to the nailed-up channels used by the profile's WAN link.
Usage: Your usage depends upon the value you specify for the Ascend-Call-Type attribute:
"1,3,5,7" and
Ascend-Call-Type=Nailed/Mpp, the MAX TNT assigns four nailed-up groups to the profile.
Ascend-History-Weigh-Type (239)
Description: Specifies which Dynamic Bandwidth Allocation (DBA) algorithm to use for
calculating average line utilization (ALU) of transmitted data.
Usage: Specify one of the following settings:
Ascend-Home-Agent-IP-Addr (183)
Description: Indicates the IP address of the home agent used for the mobile client.
Usage: The Ascend-Home-Agent-IP-Addr attribute appears in an accounting Stop record under the following conditions:
Ascend-Home-Agent-Password (184)
Description: Specifies the password that the foreign agent sends to the home agent during
Ascend Tunnel Management Protocol (ATMP) operation. The password must match the value
of the home agent's ATMP-Home-Agent-Password parameter in the ATMP subprofile of the
IP-Interface profile. All mobile clients accessing a single home agent must specify the same
password.
Usage: Specify a text string of up to 20 characters. The default value is null.
See Also: Setting up an ATMP tunnel for an IP network.
Ascend-Home-Agent-UDP-Port (186)
Description: Specifies the UDP port number to which the foreign agent directs Ascend
Tunnel Management Protocol (ATMP) messages.
Usage: Specify a UDP port number from 0 to 65535. The default value is 5150.
Dependencies: If you specify a value for the udp_port argument of Ascend-
Primary-Home-Agent or Ascend-Secondary-Home-Agent, or if you accept the default of 5150
for udp_port, you need not specify the Ascend-Home-Agent-UDP-Port attribute.
See Also: Setting up an ATMP tunnel for an IP network,
Ascend-Primary-Home-Agent (129), and
Ascend-Secondary-Home-Agent (130).
Ascend-Home-Network-Name (185)
Description: Specifies the name of the Connection profile that defines the link on which the
home agent sends all packets it receives from the mobile client during Ascend Tunnel
Management Protocol (ATMP) operation.
Usage: Specify the name of the home agent's Connection profile. The default value is null.
Dependencies: You must specify a value for the Ascend-Home-Network-Name attribute only if the home agent is a gateway.
See Also: Setting up an ATMP tunnel for an IP network.
Ascend-Host-Info (252)
Description: Specifies a list of hosts to which a user can establish a Telnet session.
Usage: You can specify up to 10 Ascend-Host-Info entries in a user profile. Enter your attribute settings in the following format:
Ascend-Host-Info="IP_address text"where IP_address specifies the IP address of each host, and text describes each host. You can enter up to 31 characters for text. The RADIUS server assigns each entry a number. When the user selects the number, the terminal server initiates a Telnet session with the host at the specified IP address.
Dependencies: If you specify a value for the Ascend-Host-Info attribute, you must also specify the following settings in the Menu-Mode-Options subprofile of the Terminal-Server profile:
initial-banner-Cal Password="ascend", User-Service=Dialout-Framed-UserSee Also: Reply-Message (18).
Reply-Message="Up to 16 lines of up to 80 characters each",
Reply-Message="will be accepted. ",
Reply-Message="Additional lines will be ignored.",
Reply-Message="",
Ascend-Host-Info="1.2.3.4 Berkeley",
Ascend-Host-Info="1.2.3.5 Alameda",
Ascend-Host-Info="1.2.36 San Francisco",
...
Ascend-Idle-Limit (244)
Description: Specifies the number of seconds the MAX TNT waits before clearing a call
when a session is inactive.
Usage: Specify a number from 0 to 65535. If you specify 0 (zero), the MAX TNT always clears a call when a session is inactive. The default value is 120 seconds. If you accept the default, and the Answer-Defaults profile specifies a value for the analogous Idle-Timer parameter, the MAX TNT ignores the Idle-Timer value and uses the Ascend-Idle-Limit default.
Dependencies: Consider the following:
Ascend-IF-Addr
Description: Specifies the IP address of the local numbered interface.
Usage: Specify an IP address in dotted decimal notation. The default value is 0.0.0.0.
See Also: Setting up an interface-based IP routing connection,
Ascend-IF-Netmask (153), and
Ascend-Remote-Addr (154).
Ascend-IF-Netmask (153)
Description: Specifies the subnet mask in use for the local numbered interface.
Usage: Specify a subnet mask consisting of four numbers from 0 to 255, separated by periods. The default value is 0.0.0.0.
See Also: Setting up an interface-based IP routing connection,
Ascend-IF-Addr, and
Ascend-Remote-Addr (154).
Ascend-Inc-Channel-Count (236)
Description: Specifies the number of channels the MAX TNT adds when bandwidth changes
during a call.
Usage: Specify a number from 1 to 32. The default value is 1.
Dependencies: Consider the following:
Ascend-IP-Direct (209)
Description: Specifies the IP address to which the MAX TNT redirects packets from the user.
When you include this attribute in a user profile, the MAX TNT bypasses all internal routing
tables, and simply sends all packets it receives on the connection's WAN interface to the
specified IP address.
Ascend-IP-Direct only affects packets from the user. It does not affect packets that go to the user. The MAX TNT uses its internal routing scheme to route packets to the user.
Dependencies: Consider the following:
Emma Password="m2dan", User-Service=Framed-UserSee Also: Setting up IP redirection and
Framed-Protocol=PPP,
Framed-Address=10.8.9.10,
Framed-Netmask=255.255.252.0,
Ascend-Route-IP=Route-IP-Yes,
Ascend-IP-Direct=10.2.3.11,
Ascend-Metric=2,
Framed-Routing=None,
...
Ascend-IP-Pool-Definition (217)
Description: Specifies the first address in an IP address pool, as well as the number of
addresses in the pool.
Usage: The Ascend-IP-Pool-Definition attribute has the following format:
Ascend-IP-Pool-Definition="num first_ipaddr max_entries"
Example: In the following example, an administrator configures a pseudo-user profile to create two address pools. Address pool #1 contains a block of 7 IP addresses from 10.1.0.1 to 10.1.0.7. Address pool #2 contains a block of 48 IP addresses from 10.2.0.1 to 10.2.0.48.
pools-TNT Password="ascend", User-Service=Dialout-Framed-UserSee Also: Configuring IP address pools and
Ascend-IP-Pool-Definition="1 10.1.0.1 7",
Ascend-IP-Pool-Definition="2 10.2.0.1 48"
Ascend-IPX-Alias (224)
Description: Specifies an IPX network number to use when connecting to IPX routers that
require numbered interfaces.
Usage: Specify an IPX network number. The default value is 0 (zero). RADIUS requires that the Ascend-IPX-Alias attribute have a decimal value (base 10), but IPX network numbers generally have hexadecimal values (base 16). In order to give the Ascend-IPX-Alias attribute a value, you must convert the hexadecimal IPX network number to a decimal value for use in the user profile.
See Also: Setting up IPX routing in a user profile,
Ascend-IPX-Peer-Mode (216),
Ascend-IPX-Route (174), and
Ascend-Route-IPX (229).
Ascend-IPX-Peer-Mode (216)
Description: Specifies whether the caller associated with the user profile is an Ethernet client
with its own IPX network address, or a dial-in PPP client.
Dial-in clients do not belong to an IPX network, so you must assign them an IPX network number. When you do so, a dial-in client can establish a routing connection with the MAX TNT. You must use the IPX-Dialin-Pool parameter in the MAX TNT configuration interface to define a virtual IPX network. The MAX TNT advertises the route to the virtual network, and assigns it as the network address for dial-in clients.
See Also: Setting up IPX routing in a user profile,
Ascend-IPX-Route (174), and
Ascend-Route-IPX (229).
Ascend-IPX-Route (174)
Description: Enables you to configure a static IPX route in a pseudo-user profile.
Usage: To configure a static IPX route, use the following format:
Ascend-IPX-Route="profile_name network# [node#] [socket#] [server_type] [hop_count] [tick_count] [server_name]"Table 14-12 describes each Ascend-IPX-Route argument.
Example: To define an IPX route, you would configure a pseudo-user profile as follows:
ipxroute-CA-1 Password="ascend", User-Service=Dialout-Framed-UserSee Also: Setting up IPX routing in a user profile,
Ascend-IPX-Route="def 6 7 8 9 10"
Ascend-Link-Compression (233)
Description: The Ascend-Link-Compression attribute turns data compression on or off for a
PPP link.
Usage: You can specify one of the following values:
See Also: Framed-Compression (13).
Ascend-Maximum-Call-Duration (125)
Description: Specifies the maximum number of minutes an incoming call can remain
connected. For a multichannel call, the value you specify applies to each individual channel,
not to the connection as a whole.
Usage: Specify a number from 0 to 1440. The MAX TNT checks the connection once per minute, so the actual time the call is connected is slightly longer than the time you set. The default value is 0 (zero), which specifies that the MAX TNT does not set a limit on the duration of an incoming call.
See Also: Configuring a time limit and idle connection attributes.
Ascend-Maximum-Channels (235)
Description: Specifies the maximum number of channels allowed on an MP+ call.
Usage: Specify an integer from 1 to the maximum number of channels your system supports. The default value is 1.
Dependencies: The Ascend-Maximum-Channels attribute applies only to MP+ calls. For optimum MP+ performance, both sides of a connection must set the following values to the same number:
Ascend-Maximum-Time (194)
Description: Specifies the maximum length of time in seconds that any session can remain
online. Once a session reaches the time limit, its connection goes offline.
Usage: Specify a number from 0 to 4,294,967,295. The default value is 0 (zero), which specifies that the MAX TNT does not enforce a time limit.
See Also: Configuring a time limit and idle connection attributes.
Ascend-Menu-Item (206)
Description: Defines a single terminal-server menu item for a user profile. You can specify
up to 20 Ascend-Menu-Item attributes per profile. The screen displays the menu items in the
order in which they appear in the RADIUS profile.
Using the Ascend-Menu-Item attribute, you can configure a profile to give a terminal-server user a custom menu of items from which to choose. The server uses the custom menu to present the user with a subset of terminal-server commands. The user does not have access to the regular menu or to the terminal-server command line.
Ascend-Menu Item=command;text;matchTable 14-13 lists each argument. If any entry consists of an option containing more than the maximum number of characters allowed, the RADIUS server discards the entry.
Emma Password="m2dan", User-Service=Login-UserThe terminal server displays the following text:
Ascend-Menu-Item="show ip stats;Display IP Stats",
Ascend-Menu-Item="ping 1.2.3.4;Ping server",
Ascend-Menu-Item="telnet 10.2.4.5; Telnet to Ken's machine",
Ascend-Menu-Item="show arp;Display ARP Table"
Ascend-Menu-Selector=" Option:"
1. Display IP Stats 3. Telnet to Ken's machineSee Also: Setting up a custom menu and an input prompt and
2. Ping server 4. Display ARP Table.
Option:
Ascend-Menu-Selector (205)
Description: Specifies a string as a prompt for user input in the terminal-server menu
interface.
Enter Selection (1-num, q)The num argument represents the last number in the list. The terminal server automatically determines the value of num by counting the number of items in the menu. The only valid user input is in the range 1 through num, and
q to quit. However, you can specify a different string for prompting the user to make a selection. The Ascend-Menu-Selector attribute enables you to specify a string that the terminal server displays when prompting a user for a menu selection.
Usage: Specify a text string of up to 31 characters. The terminal server displays the string when prompting the user for a menu selection.
Example: Suppose you set the following attributes:
Emma Password="m2dan", User-Service=Login-UserThe terminal server displays the following text:
Ascend-Menu-Item="show ip stats;Display IP Stats",
Ascend-Menu-Item="ping 1.2.3.4;Ping server",
Ascend-Menu-Item="telnet 10.2.4.5; Telnet to Ken's machine",
Ascend-Menu-Item="show arp;Display ARP Table"
Ascend-Menu-Selector=" Option:"
1. Display IP Stats 3. Telnet to Ken's machineNote that the valid user input in this example is still 1 through 4, or q to quit.
2. Ping server 4. Display ARP Table.
Option:
See Also: Setting up a custom menu and an input prompt and
Ascend-Metric (225)
Description: Specifies the virtual hop count of an IP route.
If there are two routes available to a single destination network, you can make sure that the MAX TNT uses any available nailed-up channel before it uses a switched channel. Simply set the Ascend-Metric attribute to a value higher than the metric of any nailed-up route. The higher the value you enter, the less likely that the MAX TNT will bring the link online. The MAX TNT uses the lowest metric.
Dependencies: The hop count includes the metric of each switched link in the route.
Example: If a route to a station takes three hops over nailed-up lines, and Ascend-Metric=4 in a user profile that reaches the same station, the MAX TNT does not bring the user's link online. However, if the link is already online, the MAX TNT does not use the nailed-up line.
See Also: Ascend-Route-IP (228) and
Framed-Route (22).
Ascend-Minimum-Channels (173)
Description: Specifies the minimum number of channels an MP+ call maintains.
Usage: Specify a number from 1 to 32. The default value is 1.
Dependencies: The Ascend-Minimum-Channels attribute applies only to MP+ calls. For optimum MP+ performance, both sides of a connection must set the following values to the same number:
Ascend-MPP-Idle-Percent (254)
Description: Specifies a percentage of bandwidth utilization below which the MAX TNT
clears a single-channel MP+ call.
Usage: Specify a number from 0 to 99. The default value is 0 (zero), which causes the MAX TNT to ignore bandwidth utilization when determining whether to clear a call.
Dependencies: Consider the following:
Ascend-Multicast-Client (155)
Description: Specifies whether the user is a multicast client of the MAX TNT.
Usage: Specify one of the following values:
Ascend-Multicast-GRP-Leave-Delay
Description: Specifies the number of seconds the MAX TNT waits before forwarding an
IGMP version 2 leave group message from a multicast client.
Usage: Specify a number of seconds from 0 to 120. The default is 0 (zero). If you specify a
value other than the default, and the MAX TNT receives a leave group message, the unit
sends an IGMP query to the WAN interface or client from which it received the leave
group message. If the MAX TNT does not receive a response from an active multicast client
from the same group, it sends a leave group message when the time you specify expires.
If you accept the default, the MAX TNT forwards a
leave group message immediately. If users might establish multiple multicast sessions for identical groups, set Ascend-Multicast-GRP-Leave-Delay to a value of 10 to 20 seconds.
Forwarding=Yes in the IP-Global profile, and Multicast-Allowed=Yes in the IP-Interface
profile.
See Also: Ascend-Multicast-Client (155).
Ascend-Multicast-Rate-Limit (152)
Description: Specifies how many seconds the MAX TNT waits before accepting another
packet from a multicast client. To prevent multicast clients from creating response storms to
multicast transmissions, you configure the user profile to limit the rate at which the MAX TNT
accepts packets from clients.
Usage: Specify an integer. If you set the attribute to 0 (zero), the MAX TNT does not apply rate limiting. The default value is 100.
See Also: Ascend-Multicast-Client (155).
Ascend-Multilink-ID (187)
Description: Specifies the ID number of the Multilink bundle when the session closes. A
Multilink bundle is a multichannel MP or MP+ call.
Usage: Ascend-Multilink-ID does not appear in a user profile and has no default value.
Dependencies: The MAX TNT sends Ascend-Multilink-ID in an Accounting-Request packet when both of the following conditions are true:
Ascend-Number-Sessions (202)
Description: Indicates the number of active user sessions of a given class (as specified by the
Class attribute). In the case of multichannel calls, such as MP+ calls, each separate connection
counts as a session.
Usage: The Ascend-Number-Sessions attribute has a compound value. The first part specifies a user-session class. The second part reports the number of active sessions in that class.
Dependencies: The MAX TNT sends the Ascend-Number-Sessions attribute in an Ascend-Access-Event-Request (33) packet. Only RADIUS daemons you customize to recognize this packet respond to requests from the MAX TNT. Other daemons ignore it.
When modifying the daemon, make sure that it recognizes an Ascend-Access-Event-Request packet in the following format:
Identifier (8-bit)
Length (16-bit)
Authenticator (48-bit for an accounting server, 64-bit for an authentication server)
List of attributes
See Also: Ascend-Event-Type (150) and
Class (25).
Ascend-Num-In-Multilink (188)
Description: Indicates the number of sessions remaining in a Multilink bundle when the
session closes. A Multilink bundle is a multichannel MP or MP+ call.
Usage: Ascend-Num-In-Multilink does not appear in a user profile and has no default value.
Dependencies: The MAX TNT sends Ascend-Num-In-Multilink in an Accounting-Request packet when both of the following conditions are true:
Ascend-PPP-Address (253)
Description: Specifies the MAX TNT unit's IP address as reported to the calling unit during
PPP IPCP negotiations.
Usage: Specify an IP address in dotted decimal notation. The default value is 0.0.0.0, which specifies that IPCP negotiates with the value of the IP-Address parameter in the IP-Interface profile on the MAX TNT.
If you specify a valid IP address, IPCP negotiates with that IP address. If you specify 255.255.255.255, IPCP negotiates with the address 0.0.0.0.
Ascend-PPP-Async-Map (212)
Description: Specifies the async control character map for the PPP, MP, or MP+ session. The
MAX TNT passes the control characters through the link as data. Only applications running
over the link use the characters.
Usage: Specify a four-byte bitmap to one or more control characters. The async control character map is defined in RFC 1548 and specifies that each bit position represents its ASCII equivalent. The bits are ordered with the lowest bit of the lowest byte being 0. For example, bit 19 corresponds to Control-S (DC3) or ASCII 19.
Example: Your specification might look like the following:
Emma Password="m2dan", User-Service=Login-UserThe number 19 translates to 13 hexadecimal or 10011 binary. Therefore, NUL (00), SOH (01), and EOT (04) are mapped.
Ascend-PPP-Async-Map=19,
...
Ascend-PPP-VJ-1172 (211)
Description: Specifies whether the MAX TNT uses the 0037h value for the VJ compression
type. The MAX TNT uses the value only during IPNCP negotiation.
RFC 1172 section 5.2 contains an erroneous statement that the VJ compression type value is 0037h. It should be 002dh. However, many older implementations use the 0037h value when negotiating VJ compression. If you do not specify a value for Ascend-PPP-VJ-1172, the VJ compression type is 002dh.
Ascend-PPP-VJ-1172=PPP-VJ-1172
Ascend-PPP-VJ-Slot-Comp (210)
Description: Instructs the MAX TNT to not use slot compression when sending
VJ-compressed packets.
When you turn on VJ compression, the MAX TNT removes the TCP/IP header, and associates a TCP/IP packet with a connection by giving it a slot ID. The first packet coming into a connection must have a slot ID, but succeeding packets need not have one. If the packet does not have a slot ID, the MAX TNT associates it with the last-used slot ID. This scenario uses slot ID compression, because the slot ID does not appear in any packet but the first in a stream.
See Also: Framed-Compression (13).
Ascend-Preempt-Limit (245)
Description: Specifies the number of idle seconds the MAX TNT waits before using one of
the channels of an idle link for a new call.
Usage: Specify a number from 0 to 65535. The MAX TNT never preempts a call if you enter 0 (zero). The default value is 60.
Dependencies: The Ascend-Preempt-Limit attribute does not apply to nailed-up links.
See Also: Configuring a time limit and idle connection attributes,
Ascend-Idle-Limit (244), and
Ascend-MPP-Idle-Percent (254).
Ascend-Pre-Input-Octets (190)
Description: Reports the number of octets received before authentication. The value reflects
only the data delivered by PPP or other encapsulation. It does not include the header or other
protocol-dependent components of the packet.
Usage: Ascend-Pre-Input-Octets does not appear in a user profile. Its default value is 0 (zero).
Dependencies: The MAX TNT includes Ascend-Pre-Input-Octets in an Accounting-Request packet when all of the following conditions are true:
Ascend-Pre-Input-Packets (192)
Description: Reports the number of packets received before authentication. The packets are
counted before the encapsulation is removed. The attribute's value does not include
maintenance packets, such as keepalive or management packets.
Usage: Ascend-Pre-Input-Packets does not appear in a user profile. Its default value is 0 (zero).
Dependencies: The MAX TNT includes Ascend-Pre-Input-Packets in an Accounting-Request packet when both of the following conditions are true:
Ascend-Pre-Output-Octets (191)
Description: Reports the number of octets transmitted before authentication. The value
reflects only the data delivered by PPP or other encapsulation. It does not include the header or
other protocol-dependent components of the packet.
Usage: Ascend-Pre-Output-Octets does not appear in a user profile. Its default value is 0 (zero).
Dependencies: The MAX TNT includes Ascend-Pre-Output-Octets in an Accounting-Request packet when all of the following conditions are true:
Ascend-Pre-Output-Packets (193)
Description: Reports the number of packets transmitted before authentication. The packets
are counted before the encapsulation is removed. The attribute's value does not include
maintenance packets, such as keepalive or management packets.
Usage: Ascend-Pre-Output-Packets does not appear in a user profile. Its default value is 0 (zero).
Dependencies: The MAX TNT includes Ascend-Pre-Output-Packets in an Accounting-Request packet when both of the following conditions are true:
Ascend-PreSession-Time (198)
Description: Reports the length of time in seconds from when a call connected to when it
completes authentication.
Usage: Ascend-PreSession-Time does not appear in a user profile. Its default value is 0 (zero).
Dependencies: The MAX TNT includes Ascend-PreSession-Time in an Accounting-Request packet when the session has ended or has failed authentication (Acct-Status-Type=Stop).
Ascend-Primary-Home-Agent (129)
Description: Specifies the first home agent the foreign agent tries to reach when setting up an
Ascend Tunnel Management Protocol (ATMP) tunnel, and the UDP port the foreign agent uses
for the link. The RADIUS server passes the attributes in the mobile client's RADIUS user
profile to the foreign agent. The foreign agent sends the attributes when connecting with the
home agent.
Usage: Specify the primary home agent in the following format:
Ascend-Primary-Home-Agent="hostname | ip_address [:udp_port]"Table 14-14 lists each element of the syntax.
Dependencies: Consider the following:
Ascend-Primary-Home-Agent="max1.home.com:6001"
Ascend-Primary-Home-Agent="10.0.0.1:6001"See Also: Setting up an ATMP tunnel for an IP network,
Ascend-PRI-Number-Type (226)
Description: Specifies the type of phone number the MAX TNT dials.
Usage: Specify one of the settings listed in Table 14-15.
Ascend-PW-Expiration (21)
Description: Specifies an expiration date for a user's password. When the MAX TNT makes
an authentication request, the RADIUS server checks the current date against the value of
Ascend-PW-Expiration. If the date of the authentication request is the same or a later date than
the value of Ascend-PW-Expiration, the user receives a message saying that the password has
expired.
You must specify Ascend-PW-Expiration when you first create a user, and it must appear on the first line of the user profile. If it appears after the first line, RADIUS does not check the expiration date and could accept an expired password.
month day yearSeparate each part of the date specification with one or more spaces, tabs, or commas. The default value is 00/00/00.
Table 14-16 lists each argument.
Dependencies: Consider the following:
Emma Password="m2dan", User-Service=Login-User, Ascend-PW-Expiration="January 1, 1997"See Also: Configuring password expiration and
...
Ascend-PW-Lifetime (208)
Description: Specifies the number of days that a password is valid.
Usage: Specify an integer. You can set the Ascend-PW-Lifetime attribute on any line other than the first.
Dependencies: Consider the following:
Emma Password="m2dan", User-Service=Login-User, Ascend-PW-Expiration="Jan 1, 1997"See Also: Configuring password expiration and
Ascend-PW-Lifetime=30
Ascend-Receive-Secret (215)
Description: Specifies a value that must match the password the calling unit sends to your
MAX TNT.
Usage: Specify up to 20 characters. The default value is null.
Dependencies: You can set the Ascend-Receive-Secret attribute for Cache-Token or PAP-Token-CHAP authentication only.
Example: The following example shows the settings you would specify for a user called
Emma to access an Enigma Logic server. Because the profile includes Ascend-Receive-Secret,
the MAX TNT can authenticate additional channels through CHAP without having to use the
SAFEWORD server for authentication.
Emma Password="SAFEWORD"See Also: Configuring Cache-Token authentication and
User-Service=Framed-User,
Framed-Protocol=PPP,
Framed-Address=200.0.5.1,
Framed-Netmask=255.255.255.0,
Ascend-Receive-Secret="b5XSAM"
Ascend-Remote-Addr (154)
Description: Specifies the IP address of the numbered interface at the remote end of a link.
Usage: Specify the IP address of the numbered interface in dotted decimal notation. The default value is 0.0.0.0.
Dependencies: For Ascend-Remote-Addr to apply, you must enable IP for the user profile (Ascend-Route-IP=Route-IP-Yes).
See Also: Setting up an interface-based IP routing connection,
Ascend-IF-Addr,
Ascend-IF-Netmask (153), and
Ascend-Route-IP (228).
Ascend-Remove-Seconds (241)
Description: Specifies the number of seconds that average line utilization (ALU) for
transmitted data must fall below the Ascend-Target-Util threshold before the MAX TNT
begins removing bandwidth from a session. The MAX TNT determines the ALU for a session
by means of the Ascend-History-Weigh-Type algorithm.
When utilization falls below the threshold for a period of time greater than the value of the Ascend-Remove-Seconds attribute, the MAX TNT attempts to remove the number of channels specified by the Ascend-Dec-Channel-Count attribute. Using the Ascend-Remove-Seconds attribute prevents the system from continually subtracting bandwidth, and can slow down the process of removing bandwidth.
Dependencies: Consider the following:
Ascend-Require-Auth (201)
Description: Specifies whether the MAX TNT requires additional authentication after
Calling-Line ID (CLID) or called-number authentication.
Usage: Specify one of the following values:
Example: The following example shows a two-tiered approach to using the Ascend-Require-Auth attribute. The first user profile specifies CLID authentication, and indicates that additional authentication will follow. Because Recv-Auth-Mode=CHAP-PPP-Auth in the PPP-Answer subprofile of the Answer-Defaults profile, CHAP authentication will follow CLID authentication. The second user profile sets up other attributes for the call.
5551212 Password="Ascend-CLID"
Ascend-Require-Auth=Require-Auth
Emma Password="pwd", Caller-Id="5551212"See Also: External authentication after CLID authentication,
User-Service=Framed-User,
Framed-Protocol=PPP,
Framed-Address=200.11.12.10,
Framed-Netmask=255.255.255.248,
Ascend-Send-Secret="pwd",
...
Ascend-Route-IP (228)
Description: Specifies whether IP routing is allowed for the user profile.
Usage: Specify one of the following values:
Ascend-Route-IPX (229)
Description: Specifies whether IPX routing is allowed for the user profile.
Usage: Specify one of the following values:
See Also: Setting up IPX routing in a user profile,
Ascend-IPX-Alias (224),
Ascend-IPX-Peer-Mode (216), and
Ascend-IPX-Route (174).
Ascend-Secondary-Home-Agent (130)
Description: Specifies the secondary home agent the foreign agent tries to reach when the
primary home agent (Ascend-Primary-Home-Agent) is unavailable, and specifies the UDP
port the foreign agent uses for the link.
Usage: Specify the secondary home agent using the following format:
Ascend-Secondary-Home-Agent="hostname | ip_address [:udp_port]"Table 14-17 lists each element of the syntax.
Dependencies: If you specify the Ascend-Home-Agent-UDP-Port attribute on the line immediately following the Ascend-Secondary-Home-Agent attribute, you need not specify a value for udp_port. By the same token, if you specify a value for the udp_port argument of Ascend-Secondary-Home-Agent, or if you accept the default of 5150, you need not specify the Ascend-Home-Agent-UDP-Port attribute.
Example: To specify max2.home.com at IP address 10.0.0.2 as the secondary home agent, and to indicate that the foreign agent should use UDP port 6002, enter one of the following lines in the RADIUS user profile:
Ascend-Secondary-Home-Agent="max2.home.com:6002"
Ascend-Secondary-Home-Agent="10.0.0.2:6002"To specify a primary home agent and a secondary home agent, enter the following lines in the RADIUS user profile:
Ascend-Primary-Home-Agent="max1.home.com:6001"
Ascend-Secondary-Home-Agent="max2.home.com:6002"The foreign agent first tries max1.home.com on UDP port 6001. If the name cannot be resolved, or if max1.home.com does not respond, the foreign agent then tries max2.home.com on UDP port 6002.
See Also: Setting up an ATMP tunnel for an IP network,
Ascend-Seconds-Of-History (238)
Description: Specifies the number of seconds the MAX TNT uses as a sample for calculating
average line utilization (ALU) of transmitted data. The MAX TNT arrives at this average by
using the algorithm specified by the Ascend-History-Weigh-Type attribute.
Usage: Specify a number from 1 to 300. The default value is 15 seconds. The number of seconds you specify depends on your device's traffic patterns. For example, if you want to average spikes with normal traffic flow, you might want the MAX TNT to use a longer time period. If, on the other hand, traffic patterns consist of many spikes that are short in duration, you might want to specify a shorter period of time. Doing so assigns less weight to the short spikes.
Dependencies: Consider the following:
Ascend-Send-Auth (231)
Description: Specifies the authentication protocol that the MAX TNT requests when
initiating a PPP or MP+ connection. The answering side of the connection determines which
authentication protocol, if any, the connection uses.
Usage: Specify one of the following values:
Ascend-Send-Passwd (232)
Description: Specifies the password that the RADIUS server sends to the remote end of a
connection on an outgoing call.
Usage: Specify a text string of up to 20 characters. The default value is null.
Dependencies: In a user profile, you can specify either Ascend-Send-Passwd or Ascend-Send-Secret, but not both. Use Ascend-Send-Passwd only if your version of the MAX TNT does not support Ascend-Send-Secret.
See Also: Requesting an access protocol for outgoing calls,
Ascend-Send-Auth (231), and
Ascend-Send-Secret (214).
Ascend-Send-Secret (214)
Description: Specifies the password that the RADIUS server sends to the remote end of a
connection on an outgoing call. It is encrypted when passed between the RADIUS server and
the MAX TNT.
Usage: Specify a text string of up to 20 characters. The default value is null.
Dependencies: In a user profile, you can specify either Ascend-Send-Passwd or Ascend-Send-Secret, but not both. Use Ascend-Send-Passwd only if your version of the MAX TNT does not support Ascend-Send-Secret.
See Also: Requesting an access protocol for outgoing calls,
Ascend-Send-Auth (231), and
Ascend-Send-Passwd (232).
Ascend-Session-Svr-Key (151)
Description: Enables the MAX TNT to match a user session with a client request to perform
certain operations, such as disconnecting a session or changing a session's filters.
Usage: Specify up to 16 characters. The default value is null.
Dependencies: Consider the following:
Ascend-Shared-Profile-Enable (128)
Description: Specifies whether multiple incoming callers can share a single RADIUS user
profile.
Usage: Specify one of the following settings:
Ascend-Target-Util (234)
Description: Specifies the percentage of bandwidth use at which the MAX TNT adds or
subtracts bandwidth.
Usage: Specify a number from 0 to 100. The default value is 70. With a value of 70%, the device adds bandwidth when it exceeds a 70 percent utilization rate, and subtracts bandwidth when it falls below that number.
Dependencies: When choosing a target utilization rate, consider the following:
Ascend-Third-Prompt (213)
Description: Indicates the value entered at the prompt specified by the Third-Login-Prompt
parameter.
Usage: The Ascend-Third-Prompt attribute can contain up to 80 characters. It does not appear in a user profile. If the user enters more than 80 characters at the third prompt, the MAX TNT truncates the input to 80. If the user does enter any characters, the MAX TNT sets the attribute to null.
Ascend-Token-Expiry (204)
Description: Specifies the lifetime (in minutes) of a cached token.
Usage: On the first line of the user profile, specify an integer representing the number of minutes in the lifetime of the cached token. The default value is 0 (zero). If you accept the default, the MAX TNT rejects subsequent Cache-Token requests from the same user.
Example: The following two-line example shows how to set up Cache-Token authentication with a 90-minute token cache. Notice that the Ascend-Token-Expiry attribute must appear on the first line of the profile, along with the user name and password.
Connor Password="ACE", Ascend-Token-Expiry=90See Also: Configuring Cache-Token authentication,
Ascend-Receive-Secret="shared-secret",
...
Ascend-Token-Idle (199)
Description: Specifies the maximum length of time in minutes a cached token can remain
alive between authentications.
Usage: On the first line of the user profile, specify an integer representing the maximum length of time in minutes that a cached token can remain alive. The default value is 0 (zero). If you accept the default, the cached token remains alive until the value of the Ascend-Token-Expiry attribute causes it to expire.
Dependencies: Typically, the value of Ascend-Token-Idle is lower than the value of Ascend-Token-Expiry.
Example: The following two-line example shows how to set up Cache-Token authentication with a 90-minute token cache and an 80-minute idle limit. Notice that the Ascend-Token-Idle attribute must appear on the first line of the profile.
Jim Password="ACE", Ascend-Token-Expiry=90, Ascend-Token-Idle=80See Also: Configuring Cache-Token authentication,
Ascend-Receive-Secret="shared secret"
Ascend-Token-Immediate (200)
Description: Specifies how RADIUS treats the password it receives when the user profile
specifies a token-card server. Use this attribute in an ACE or SAFEWORD user profile that
contains the setting User-Service=Login-User.
Usage: Specify one of the following values:
Example: To specify that the MAX TNT must send the password it receives from the login user to the ACE server, you would configure the user profile as follows:
Connor Password="ACE", Ascend-Token-Immediate=Tok-Imm-YesSee Also: Configuring Cache-Token authentication,
Ascend-Receive-Secret="shared-secret",
User-Service=Login-User,
...
Ascend-Transit-Number (251)
Description: Specifies the U.S Interexchange Carrier (IEC) you use for long distance calls
over a T1 PRI line.
Usage: Specify the same digits you use to prefix a phone number you dial over a T1 access line or voice interface:
Ascend-TS-Idle-Limit (169)
Description: Specifies the number of seconds that a terminal-server connection must be idle
before the MAX TNT disconnects the session.
Usage: Specify a value from 0 to 65535.The default value is 120. A setting of 0 (zero) specifies that the line can be idle indefinitely.
Dependencies: Ascend-TS-Idle-Limit does not apply if you are using a Frame Relay or raw TCP connection, or if Ascend-TS-Idle-Mode=TS-Idle-None.
See Also: Ascend-TS-Idle-Mode (170).
Ascend-TS-Idle-Mode (170)
Description: Specifies whether the MAX TNT uses a terminal-server idle timer and, if so,
whether both the user and host must be idle before the MAX TNT disconnects the session.
Usage: Specify one of the following settings:
Default Password="UNIX"Dependencies: Ascend-TS-Idle-Mode does not apply if you are using a Frame Relay or raw TCP connection.
User-Service=Login-User,
Ascend-TS-Idle-Limit=90,
Ascend-TS-Idle-Mode=TS-Idle-Input
See Also: Ascend-TS-Idle-Limit (169).
Ascend-User-Acct-Base (142)
Description: Specifies whether the numeric base of the RADIUS Acct-Session-ID attribute is
10 or 16.
Usage: Specify one of the following settings:
Example: When you set Ascend-User-Acct-Base=Ascend-User-Acct-Base-10, the MAX TNT presents a typical session ID to the accounting server in the following way:
"1234567890"When you set Ascend-User-Acct-Base=Ascend-User-Acct-Base-16, the MAX TNT presents the same session ID in the following way:
"499602D2"See Also: Ascend-User-Acct-Host (139),
Ascend-User-Acct-Host (139)
Description: Specifies the IP address of the RADIUS accounting server for the connection.
Usage: Specify an IP address in dotted decimal notation. The default value is 0.0.0.0.
See Also: Setting up accounting on a per-user basis,
Ascend-User-Acct-Base (142),
Ascend-User-Acct-Key (141),
Ascend-User-Acct-Port (140),
Ascend-User-Acct-Time (143), and
Ascend-User-Acct-Type (138).
Ascend-User-Acct-Key (141)
Description: Specifies the RADIUS client password as it appears in the clients file.
Usage: Specify a text string. The default value is null.
See Also: Setting up accounting on a per-user basis,
Ascend-User-Acct-Base (142),
Ascend-User-Acct-Host (139),
Ascend-User-Acct-Port (140),
Ascend-User-Acct-Time (143), and
Ascend-User-Acct-Type (138).
Ascend-User-Acct-Port (140)
Description: Specifies a UDP port number for the connection between the user and the
RADIUS accounting server.
Usage: Specify the UDP port number you indicated for the authentication process of the
daemon in /etc/services. Or, if you used the incr keyword to the -A argument when
starting the daemon, specify the number of the UDP port for authentication services plus 1.
You can specify a number from 1 to 32767.
See Also: Setting up accounting on a per-user basis,
Ascend-User-Acct-Base (142),
Ascend-User-Acct-Host (139),
Ascend-User-Acct-Key (141),
Ascend-User-Acct-Time (143), and
Ascend-User-Acct-Type (138).
Ascend-User-Acct-Time (143)
Description: Specifies the number of seconds the MAX TNT waits for a response to a
RADIUS accounting request for the connection.
Usage: Specify an integer from 1 to 10. The default value is 0 (zero).
See Also: Setting up accounting on a per-user basis,
Ascend-User-Acct-Base (142),
Ascend-User-Acct-Host (139),
Ascend-User-Acct-Key (141),
Ascend-User-Acct-Port (140), and
Ascend-User-Acct-Type (138).
Ascend-User-Acct-Type (138)
Description: Specifies the RADIUS accounting server(s) to use for the connection.
Usage: Specify one of the following settings:
Ascend-Xmit-Rate (255)
Description: Specifies the rate of data transmitted on the connection in bits per second. For
ISDN calls, Ascend-Xmit-Rate indicates the transmit data rate. For analog calls, it indicates
the modem baud rate at the time of the initial connection.
Usage: Ascend-Xmit-Rate does not appear in a user profile. Its default value is 0 (zero).
Dependencies: The MAX TNT includes Ascend-Xmit-Rate in an Accounting-Request packet when the session has ended or has failed authentication (Acct-Status-Type=Stop).
Caller-Id (31)
Description: Specifies the calling-party number for Calling-Line ID (CLID) authentication,
indicating the phone number of the user that wants to connect to the MAX TNT.
Usage: Specify a telephone number of up to 37 characters, limited to the following:
1234567890()[]!z-*#|The default value is null.
Dependencies: Consider the following:
Emma Password="test", Caller-Id="123456789"See Also: CLID authentication using a name, password, and caller ID and
User-Service=Framed-User,
Framed-Protocol=PPP,
Framed-Address=255.255.255.254,
Framed-Netmask=255.255.255.255,
Ascend-Assign-IP-Pool=1,
Ascend-Route-IP=Route-IP-Yes,
Ascend-Idle-Limit=30
Challenge-Response (3)
Description: Specifies the value that a Challenge Handshake Authentication Protocol
(CHAP) user provides in response to the password challenge.
Usage: The MAX TNT sends the Challenge-Response value in an Access-Request packet. The default value is null.
Change-Password (17)
Description: Enables the MAX TNT to change an expired password.
When a user specifies an expired password, RADIUS prompts the user for a new password. When the user enters the new password, the MAX TNT sends an Access-Password-Request packet containing both the old password (as the value of the Change-Password attribute), and the new password (as the value of the Password attribute).
users file and replace the expired password with the new one. Note that the RADIUS server can make the change only in the flat file. It cannot make the change in the database version of the users file.
Class (25)
Description: Enables you to classify user sessions for purposes such as billing users on the
basis of the service option they choose.
Keep in mind that accounting entries specify the class on a per-user and per-session basis. The Ascend-Number-Sessions attribute reports information about all user sessions (that is, on the number of current sessions of each class).
Dependencies: If you include the Class attribute in the RADIUS user profile, the RADIUS server sends it to the MAX TNT in the Access-Accept packet when the session begins. The MAX TNT then includes Class in Accounting-Request packets it sends to the RADIUS accounting server under the following conditions:
See Also: Classifying user sessions in RADIUS and
Client-Port-DNIS (30)
Description: Specifies the called-party number, indicating the phone number the user dialed
to connect to the MAX TNT. You use this attribute to set up called-number authentication or to
route an incoming call to a particular device.
Usage: Specify the number the remote end dials to reach the MAX TNT, limiting your specification to the following characters:
1234567890()[]!z-*#|You can specify up to 18 characters. The default value is null.
Typically, the phone numbers different callers can use to reach the MAX TNT share a group of digits. For example, a local caller might dial 555-1234, while a long distance caller would dial 1-415-555-1234. In such cases, you need only specify the rightmost digits the calls have in common. In this example, you would specify only 1234.
Example: To set up called-number authentication in addition to name and password authentication, you could configure the user profile as follows:
Clara-p50 Password="ascend", Client-Port-DNIS=1234See Also: Authentication using a name, password, and called-party number.
User-Service=Framed-User,
Framed-Protocol=PPP,
Framed-Address=200.10.11.12,
Framed-Netmask=255.255.255.248
Framed-Address (8)
Description: Specifies the IP address of a caller. RADIUS can authenticate an incoming
caller by matching the user's IP address to the one specified in the user profile.
Usage: Specify an IP address in dotted decimal notation. The default value is 0.0.0.0. An answering user profile with the default setting matches all IP addresses.
Dependencies: Every Connection profile and RADIUS user profile that specifies an explicit IP address is a static route.
Framed-Compression (13)
Description: Turns TCP/IP header compression on or off.
Usage: To turn on TCP/IP header compression, specify Van-Jacobson-TCP-IP. This setting applies only to packets in TCP applications, such as Telnet, and turns on header compression for both sides of the link. By default, the Framed-Compression attribute does not turn on header compression.
Dependencies: Turning on header compression is most effective in reducing overhead when the data portion of the packet is small.
Framed-MTU (12)
Description: Specifies the maximum number of bytes the MAX TNT can receive in a single
packet on a PPP, MP, MP+, or Frame Relay link.
Usage: The default value is 1524. You should accept the default unless the device at the remote end of the link cannot support it. If the administrator of the remote network determines that you must change the value, specify a number from 1 to 1524 (for a PPP, MP, or MP+ link) or from 128 to 1600 (for a Frame Relay link).
Framed-Netmask (9)
Description: Specifies a subnet mask for the caller at Framed-Address.
Usage: Specify an IP address in dotted decimal notation. The default value is 0.0.0.0, which specifies that the MAX TNT assumes a default subnet mask on the basis of the class of the address (as shown in Table 14-18).
Framed-Protocol (7)
Description: Specifies the type of framed protocol the link can use. When you set this
attribute, the link cannot use any other type of framed protocol.
Usage: Table 14-19 lists the values you can specify for Framed-Protocol. By default, the MAX TNT does not limit the protocols a link can access.
Dependencies: Framed-Protocol can appear in both Access-Request and Access-Accept packets. However, it does not appear in an Access-Request packet if Auth-Send67=No in the External-Auth profile's Rad-Auth-Client subprofile.
What Framed-Protocol does depends on how you set User-Service:
Ascend Password="Pipeline"See Also: User-Service (6).
User-Service=Framed-User,
Framed-Protocol=PPP,
Framed-Address=10.0.200.225,
Framed-Netmask=255.255.255.0,
Ascend-Metric=2,
Framed-Routing=None,
Framed-Route="10.0.220.0 10.0.200.225 1",
Ascend-Idle-Limit=30
...
Framed-Route (22)
Description: Enables you to add static IP routes to the MAX TNT unit's routing table.
Usage: The Framed-Route attribute has the following format:
Framed-Route="host_ipaddr[/subnet_mask] gateway_ipaddr metricTable 14-20 describes each Framed-Route argument.
[private] [profile_name]"
Example: The following example shows how to set up two RADIUS pseudo-user profiles to define global static IP routes:
route-1 Password="ascend", User-Service=Dialout-Framed-User
Framed-Route="10.0.200.33/29 10.0.200.37 1 n lala-gw-out ",
Framed-Route="10.0.200.50/29 10.0.200.37 1 n lala-gw-out ",
Framed-Route="10.0.200.47/29 10.0.200.49 1 n nana-gw-out "
route-2 Password="ascend", User-Service=Dialout-Framed-UserSee Also: Setting up static IP routes and
Framed-Route="11.0.200.33/29 11.0.200.37 1 n zzz-gw-out ",
Framed-Route="12.0.200.47/29 11.0.200.49 1 n kk-gw-out "
Framed-Routing (10)
Description: Specifies whether the MAX TNT sends Routing Information Protocol (RIP)
packets, receives RIP packets, or both.
If you enable RIP to both send and receive updates on the WAN interface, the MAX TNT broadcasts its routing table to the remote network and listens for RIP updates from that network. Gradually, all routers on both networks have consistent routing tables (all of which can become quite large).
See Also: Requiring that a caller accept an IP address,
Setting up static IP routes, and
Ascend-Route-IP (228).
Login-Host (14)
Description: Specifies the IP host to which the user automatically connects when you:
Usage: Specify an IP address in dotted decimal notation. The default value is 0.0. 0.0, which specifies that the Login-User does not automatically connect to a particular host.
Dependencies: Consider the following:
Login-Service (15)
Description: Specifies the type of terminal-server connection a dial-in user makes to the IP
host on your local network. The user makes the connection immediately after authentication,
and never sees the terminal-server interface.
Usage: Specify one of the following values:
Dependencies: Consider the following:
# The following profile causes an auto-TCP to 4.2.3.1 port 9See Also: Enabling Telnet, TCP, and Rlogin connections,
upon login.
Greg Password="test1"
User-Service=Login-User,
Login-Service=TCP-Clear,
Login-Host=4.2.3.1,
Login-TCP-Port=9
Login-TCP-Port (16)
Description: Specifies the port number to which a TCP session connects when
Login-Service=TCP-Clear.
Usage: Specify an integer from 1 to 65535. The default value is 23.
See Also: Enabling Telnet, TCP, and Rlogin connections and
Login-Service (15).
NAS-Identifier (4)
Description: Indicates the IP address of the MAX TNT.
Usage: NAS-Identifier does not appear in a user profile. Its default value is 0.0.0.0.
NAS-Port (5)
Description: Indicates the network port on which the MAX TNT receives a call. The MAX
TNT sends NAS-Port to the RADIUS server in an Accounting-Request packet. If you specify
NAS-Port on the first line of a user profile, the MAX TNT sends the value you specify to the
RADIUS server in an Access-Request packet.
Usage: The format of the NAS-Port value depends on the setting of the New-NAS-Port-ID-Format parameter in the System profile.
When New-NAS-Port-ID-Format=Yes
When New-NAS-Port-ID-Format=Yes, the NAS-Port value has the following format:
shelf slot line channelwhere shelf specifies the shelf number (0-3), slot specifies the slot number (0-15), line specifies the line number (0-31), and channel specifies the channel number (0-31) for an ISDN call. For an analog call, the values are the same, except that line number can be 0-63, and the channel number is always 1. The default value for the RADIUS daemon appears in the
/etc/services file.The values are all bit encoded. For an ISDN call, the bit-encoded number has the following format:
tllccwhere t indicates
1 for a digital call or 2 for an analog call, ll indicates the line number, and cc indicates the channel number.Example: To restrict an ISDN user to channel 2 on line 2 for slot 2 and shelf 1, you could set up a user profile as follows:
Robin Password="password", NAS-Port=1057The NAS-Port value of 1057 translates to the bit-encoded number 0000010000100001. This number indicates the following NAS port:
User-Service=Framed-User,
Framed-Protocol=PPP,
Ascend-Assign-IP-Pool=1,
Ascend-Route-IP=1,
Ascend-Idle-Limit=300,
Framed-Routing=None
shelf=00 (shelf 1)
slot=0001 (slot 2)
line=00001 (line 2)
channel=00001 (channel 2)
NAS-Port-Type (61)
Description: Specifies the type of service in use for the session.
Some ISPs offer different levels of service on the basis of connection type. To prevent a client from using a capability to which he or she has not subscribed, set the NAS-Port-Type attribute to an appropriate value.
Password (2)
Description: Specifies the password of the calling device or dial-in user.
Usage: Specify an alphanumeric string of up to 252 characters. The default value is null. The Password attribute must appear on the first line of the user profile.
See Also: Specifying a password.
Reply-Message (18)
Description: Carries message text from the RADIUS server to a RADIUS client (such as the
MAX TNT). In a pseudo-user profile that configures message text and a list of IP hosts, the
Reply-Message attribute specifies text that appears to the terminal-server operator at the
menu-driven interface. In addition, if the RADIUS server determines that the MAX TNT
should terminate the session, it sends an Access-Terminate-Session packet containing the
Reply-Message attribute.
Usage: Specify a text string of up to 80 characters. The default value is null. You can specify up to 16 Reply-Message attributes in a pseudo-user profile.
Dependencies: Consider the following:
** Bad Password
** Session TerminatedExample: To set up message text for a MAX TNT named Cal, you could configure a pseudo-user profile as follows:
initial-banner-Cal Password="ascend", User-Service=Dialout-Framed-UserSee Also: Ascend-Host-Info (252).
Reply-Message="Up to 16 lines of up to 80 characters each",
Reply-Message="will be accepted. ",
Reply-Message="Additional lines will be ignored.",
Reply-Message="",
Ascend-Host-Info="1.2.3.4 Berkeley",
Ascend-Host-Info="1.2.3.5 Alameda",
Ascend-Host-Info="1.2.36 San Francisco",
...
User-Name (1)
Description: Specifies one of the following:
Example: Suppose you enter the following first line of a user profile for a user named Emma:
Emma Password="pwd", Ascend-PW-Expiration="Jan 30 1997"The RADIUS server tests the user's name and password against the values the user provides when making a request for access. If the RADIUS server does not find a match, it denies the request for access.
To use CLID authentication with the incoming phone number as the User-Name, you could configure a user profile as follows:
5551212 Password="Ascend-CLID"Finally, the following example shows how you would enter User-Name in a pseudo-user profile for a static route:
Ascend-Require-Auth=Not-Require-Auth,
User-Service=Framed-User,
Framed-Protocol=PPP,
Framed-Address=255.255.255.254,
Framed-Netmask=255.255.255.255,
Ascend-Assign-IP-Pool=1,
Ascend-Route-IP=Route-IP-Yes,
Ascend-Idle-Limit=30
route-1 Password="ascend", User-Service=Dialout-Framed-UserSee Also: Setting up name and password authentication,
Framed-Route="10.4.5.0/22 10.9.8.10 1 n inu-out"
User-Service (6)
Description: Specifies the type of services the link can use.
If RADIUS authenticates an incoming call by means of the User-Name and Password attributes, and the type of call matches the value of the User-Service attribute, the MAX TNT applies the attributes specified in the user profile to the call. If the type of call does not match the User-Service attribute, the MAX TNT rejects the call.
Dependencies: Consider the following:
Copyright © 1998, Ascend Communications, Inc. All rights reserved.