IPSEC
Page 120 7750 SR RADIUS Attributes Reference Guide
IPSEC
Table 38: IPSEC (description)
Attribute ID Attribute Name Description
1 User-Name For IKEv1 remote-access tunnel, this represents the xauth username.
For IKEv2 remote-access tunnel, this represents the identity of the peer; the
value of User-Name is the received IDi in IKEv2 message. This attribute is
included in Access-Request and Accounting-Request
2 User-Password For IKEv1 remote-access tunnel, this represents the xauth password.
For IKEv2 remote-access tunnel with pskradius authentication method, this
represents the pre-shared-key of the ipsec-gw or ipsec-tunnel:
configure service ies/vprn <svc-id> interface <interface-name> sap <sap-
id> ipsec-gw <gw-name> pre-shared-key
or
configure service vprn <svc-id> interface <interface-name> sap <sap-id>
ipsec-tunnel <tnl-name> dynamic-keying pre-shared-key
For IKEv2 remote-access tunnel with authentication method other than
pskradius, this represents the password configured in IPsec radius-
authentication-policy:
configure ipsec radius-authentication-policy <policy-name> password
8 Framed-IP- Address The IPv4 address to be assigned to IKEv1/v2 remote-access tunnel client via
configuration payload: INTERNAL_IP4_ADDRESS. This attribute is also
reflected in RADIUS accounting request packet for IKEv2 tunnel.
9 Framed-IP-Netmask The IPv4 netmask to be assigned to IKEv1/v2 remote-access tunnel client via
configuration payload: INTERNAL_IP4_NETMASK.
30 Called-Station-Id The local gateway address of IKEv2 remote-access tunnel. The attribute can
be included/excluded with configure ipsec radius-authentication-policy
<policy-name> include-radius-attribute called-station-id or configure
ipsec radius-accounting-policy <policy-name> include-radius-attribute
called-station-id.
31 Calling-Station-Id The peer’s address and port of IKEv2 remote-access tunnel. The format is
“address:port”, for example, “10.1.1.1:1546”. he attribute can be included/
excluded with configure ipsec radius-authentication-policy <policy-name
>
include-radius-attribute calling-station-id or configure ipsec radius-
accounting-policy <policy-name> include-radius-attribute caling-station-
id.
44 Acct-Session-Id A unique identifier representing an IKEv2 remote-access tunnel session that is
authenticated. Same Acct-Session-Id is included in both access-request and
accounting-request. The format is local_gw_ip-remote_ip:remote_port-
time_stamp.
To Next Page
Loading...
