Help with Cisco-AVPairs

Robert Graham robert_graham at
Wed Jan 14 01:20:51 CET 2015

Attribute Name and Value	Function	Example	Used in**
ip:portbundle=enable	Enable PBHK feature 	ip:portbundle=enable	Acc-Acc CoA
ip:l4redirect=redirect to {group server-group-name | ip ip-address [port
port-number]} [duration seconds] [frequency seconds]	Enables L4
redirection. 	ip:l4redirect=redirect to group L4-REDIRECT
ip:l4redirect=redirect list 199 to group SERVER_GROUP1 duration 120
frequency 120	Acc-Acc CoA Req
ip:traffic-class= [in | out] access-group [acl-number | name acl-name]
[priority value]	Classification (traffic class) for a TC service 
NoteTC cannot be dynamically downloaded via the ip:inacl or other VSA
pairs. The ACLs in this command must be predefined on the ISG.
	ip:traffic-class=in access-group name ACL_IN_L4R priority 5	Acc-Acc CoA
ip:inacl[#number]={standard-access-control-list |
extended-access-control-list}	Incoming ACL definition, for feature push.
where “ACL1_IN” is predefined on the ISG
ip:inacl#10=deny ip any
ip:inacl#20=permit ip any any	

ip:outacl[#number]={standard-access-control-list |
extended-access-control-list} 	Outgoing ACL definition, for feature push.
where “ACL1_OUT” is predefined on the ISG
ip:outacl#10=deny ip any
ip:outacl#20=permit ip any any	Acc-Acc CoA Req
ip:sub-qos-policy-in=in-policy-name	Per-Session MQC Input policy name
NoteActual MQC policy must be predefined on the ISG. Supported for both IP
and PPP sessions.	ip:sub-qos-policy-int=QOS_POLICY_IN	Acc-Acc CoA Req
ip:sub-qos-policy-out=<out-policy-name>	Per-Session MQC Output policy name
NoteActual MQC policy must be predefined on the ISG. Supported for both IP
and PPP sessions.	ip:sub-qos-policy-out=QOS_POLICY_OUT	Acc-Acc CoA Req 
atm:vc-qos-policy-in=<in-policy-name>	Specifies MQC policy applied on atm
vc	atm:vc-qos-policy-in= QOS_POLICY_IN	Acc-Acc CoA Req 
atm:vc-qos-policy-out=<out-policy-name>	Specifies MQC policy applied on
atm vc	atm:vc-qos-policy-out= QOS_POLICY_OUT	Acc-Acc CoA Req
ip:vrf-id=<vrf_name>	Places a session inside the specified
VRF	ip:vrf-id=VPN_ISP1	Acc-Acc CoA Req
ip:ip-unnumbered=<loopback address>	Specifies loopback
address	ip:ip-unnumbered= loopback5	Acc-Acc CoA Req
ip:pool-def#n =<ip pool definition>	IP pool definition for router

ip:addr-pool =<pool_name>	IP address pool name used for PPP
access	ip:addr-pool=PPPOE_POOL	Acc-Acc CoA Req
parent-session-id=<id-number>	Used to match a TC service with parent
session for accounting purposes.	parent-session-id= 00000081	Accounting 
client-mac-address=<mac-address>	Identify client’s MAC
address	client-mac-address= 0050.5607.0103	Acc-Req Accounting
circuit-id-tag=<tag name>	DHCP Option 82 tag (identifies line card &
port)	circuit-id-tag=0|4|22|1|15	Acc-Req Acc-Acc CoA Req Accounting
remote-id-tag=<tag name>	DHCP Option 82 tag (identifies DSLAM or L2
switch)	remote-id-tag= 0|6|000d.edc0.3f80	Acc-Req Acc-Acc CoA Req
vrf-id = <vrf name>	Identifier for the virtual routing
table.	vrf-id=VPN_ISP1	Accounting
sg-version=<isg-version>	Identify ISG version	sg-version=1.0	CoA Ack
connect-progress=<session-state>	Report session state - (Call Up, LAN Ses
Up)	connect-progress= Call Up	Accounting 
disc-cause-ext=<disconnect-cause>	Report disconnect cause – (No Reason,
PPP Receive Term, TS User Exit)	disc-cause-ext= PPP Receive
Term	Accounting 
subscriber:classname=<dhcp-class-name>	Used to assign IP address from a
specific DHCP pool	subscriber:classname= VPN_ISP1_CLASS	Acc-Acc CoA Req 
subscriber:accounting-list=<accounting-method-list-name> 	The session or
service requires accounting.
	subscriber:accounting-list=ACCNT_LIST1	Acc-Acc CoA Req
Prepaid-config=<prepaid-method -name>	Specify service is
pre-paid	prepaid-config=PREPAID_CONFIG	Acc-Acc CoA Req 
subscriber:policy-directive=<policy-directive> 	Additional policy
directive for a service. (i.e., further authentication)
	subscriber:policy-directive=authenticate aaa list APP1_SERVER	Acc-Acc 
subscriber:subscriber-service = <type of service>	Type of service –
(vpdn, local, relay-pppoe) Typically used as part of a service profile for
PPP sessions to decide whether the session needs to forwarded or
terminated.	subscriber:subscriber-service=local	Acc-Acc
subscriber:sg-service-type=primary 	Indicates whether service is primary.
	subscriber:sg-service-type=primary	Acc-Acc 
subscriber:service-group=<group-name >	Defines a group name to outline
what non-primary services are dependent on a primary service.
	subscriber:sg-service-type=ISP1_SERVICES	Acc-Acc CoA-Req
vpdn:tunnel-id =<vpdn_tunnel_id>	VPDN tunnel id	vpdn:tunnel-id=nas1	Acc-Acc
vpdn:l2tp-tunnel_password=<vpdn_tunnel_password>	VPDN tunnel password
	vpdn:l2tp-tunnel-password=cisco	Acc-Acc
vpdn:ip-addresses=<vpdn_ip_address>	VPDN Ip
addresses	vpdn:ip-addresses=	Acc-Acc
vpdn:tunnel-type =<vpdn_tunnel_type>	VPDN tunnel type (t2tp,l2f,
pptp)	vpdn:tunnel-type=l2tp	Acc-Acc

Robert Graham
Network Engineer
U-Haul International
2727 N. Central Ave
Phoenix, AZ 85004

FreeRadius users mailing list <freeradius-users at>
>On 13 January 2015 at 14:22, Herwin Weststrate <herwin at>
>> On 13-01-15 15:04, paul.moser at wrote:
>>> On 11 January 2015 at  01:32 Arran Cudbard-Bell
>[a.cudbardb at] wrote:
>>>> So if anyone has a complete or semi-complete list of all the
>Cisco-AVPair attributes
>>> please send them over so the Cisco dictionary can be updated.
>>> The ones I'm aware of - though don't necessarily know their meaning
>>> Cisco-AVPair = "connect-progress=some_state"
>>> Cisco-AVPair = "disc-cause-ext=some_cause"
>>> Cisco-AVPair = parent-session-id=0D70DD7
>>> Cisco-AVPair = "portbundle=some_state"
>>> Cisco-AVPair = "accounting-list=some_list"
>>> Cisco-AVPair = "ip:l4redirect=some_rule"
>>> Cisco-AVPair = "ip:traffic-class=some_rule"
>>> Cisco-AVPair = "ip:inacl2002=some_rule"
>>> Cisco-AVPair = "ip:inacl2005=some_rule"
>>> Cisco-AVPair = "ip:outacl2002=some_rule"
>>> Cisco-AVPair = "ip:outacl2005=some_rule"
>>> Cisco-AVPair = "ip:traffic-class=some_rule"
>>> Cisco-AVPair = postpay-config=default
>>> Cisco-AVPair = prepaid-config=default
>> In addition, we've seen the following:
>>   Cisco-AVPair = "ssid=some_ssid"
>> --
>> Herwin Weststrate
>List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list