User:action sub-attribute – ADC SG-1 User Manual
Page 167
Appendix A: SG-1 Vendor-Specific Attributes
A-9
General:
Format:
adc-avpair = "user:auth-type=<pre-auth | service-selection | web-auth>",
Example:
adc-avpair = "user:auth-type=pre-auth",
user:action sub-attribute
The user:action sub-attribute defines the action that should be taken by the system.
The actions are:
a.
Reject – Reject an authenticated peer or disconnect a connected peer.
b.
echo – The system sends echo messages to the connected session. It disconnects the session after 33
seconds if it is not responding for the echo messages. In case the echo did not get any response during the
session lifetime the system is not disconnecting the session and is setting the echo status to disable. The
echo action is relevant only for native IP sessions and is being ignored in other session types.
c.
macantispoof – The system is allowing only one IP address per MAC address. The MAC is the user MAC
address as learned by the DHCP relay or by the proxy RADIUS. In case the call trigger is not DHCP or
proxy RADIUS the system is setting the mac-anti-spoofing status to disable.
d.
user_space_overwrite – The system should update the user space (and not the service space) with all
attributes received when this sub-attribute appears. This action is relevant only for Service-Accept mes-
sages (service authentication response) and is being ignored when received in session authentication
respond. The action may be included once in access accept messages, and the system ignores all other
instances.
e.
user_space_overwrite_on_next_service – The system should update once the user space (and not the ser-
vice space) with all next-service attributes when it is being invoked. The system then resets this sub-
attribute. When the next-service parameters includes user:action=user_space_overwrite the system should
ignore it. The action may be included once in access accept messages, and the system ignores all other
instances. This sub-attribute is not working in hierarchy mode.
Operation Mode:
Access Request message
Service-Request message
Vendor-type:
13
Vendor-length =
2 + name length + (23 | 32)