Nas-port-type (radius attribute 61) – Cisco 10000 User Manual

16-45

Cisco 10000 Series Router Software Configuration Guide

OL-2226-23

Chapter 16 Configuring RADIUS Features

Extended NAS-Port-Type and NAS-Port Support

Feature History for Extended NAS-Port-Type and NAS-Port Support

NAS-Port-Type (RADIUS Attribute 61)

Remote Authentication Dial-In User Service (RADIUS) attributes are used to define specific Authentication,
Authorization, and Accounting (AAA) elements in a user profile, which is stored on the RADIUS daemon.
Currently the Internet Engineering Task Force (IETF) RADIUS attributes that are supported include an
attribute 61, NAS-Port-Type. NAS-Port-Type indicates the type of physical port the network access
server (NAS) is using to authenticate the user.

However there was no method to identify NAS-Port-Type based on a specific broadband service type
because the RADIUS RFC does not support extended types that defines these types of ports. Basically
all PPPoA, PPPoEoE, and PPPoEoA sessions were identified as being VIRTUAL and all PPPoEoVLAN
and PPPoEoQinQ as ETHERNET.

The Extended NAS-Port-Type Attribute Support feature expands NAS-Port-Type, attribute 61, in order
that the client can better identify what type of service is taking place on the different types of ports.

One advantage of this feature is that service providers can have their own coding mechanism to track
users on given ports differently. Service providers may especially want to track customers using shared
resources such as Ethernet or ATM interfaces that have VLANs (or Q-in-Q) and VCs connected to
certain customers.

The configuration command radius-server attribute 61 extended enables identifying the following
new non-RFC compliant, broadband service port types that are indicated by the following numeric
values:

•

Value 30: PPPoA

•

Value 31: PPPoEoA

•

Value 32: PPPoEoE

•

Value 33: PPPoEoVLAN

•

Value 34: PPPoEoQinQ

An additional capability is that subinterfaces such as VLAN, Q-in-Q, VC, or VC ranges are allowed to
override the NAS-Port-Type attribute value to be sent on any session that resides on it. This capability
provides an extra level of granularity for service providers in managing their end users and allows for
further differentiation of different customer usage. This capability is provided with the radius attribute
nas-port-type [value] command.

The value for NAS-Port-Type can be any number chosen by the customer. In particular, customizing your
own value is useful when you need to differentiate the NAS-Port-Type based on which type of end client
is actually using the port. For example if you want to track mobile clients behind a specific PVC, you
can define your own NAS-Port-Type for mobile clients.

Cisco IOS Release

Description

Required PRE

12.3(7)XI1

This feature was introduced on the Cisco 10000 series
router.

PRE2

12.2(28)SB

This feature was integrated into Cisco IOS Release
12.2(28)SB.

PRE2