| Overview | Package | Class | Deprecated | Help |
| Properties | |
|---|---|
| acceptAuthenticateChange |
Specifies whether or not the system should handle the CoA messages initiated by the RADIUS
server, and provide for mid-session interval changes of policies applicable to subscriber hosts.
type=boolean default=false Displayed(tab/group)=Accept CoA |
| acceptScriptPolicy |
Specifies the RADIUS script policy used to change the RADIUS attributes of
the incoming Access-Accept messages
type=string default= Displayed(tab/group)=Script Policy (/RADIUS Script Policy) |
| accessAlgorithm |
Specifies the algorithm used to select a RADIUS server from the list of configured servers.
type=subscrauth.AccessAlgorithmType default=direct Displayed(tab/group)=Access Algorithm (RADIUS Servers) |
| accountingStopOnFail |
specifies if and in what failure condition a RADIUS accounting-stop message
indicating the failure has to be sent.
type=subscrauth.AccountingStopOnFail Displayed(tab/group)=Accounting Stop Message |
| callingStationIdType |
Specifies what string will be put in the RADIUS Calling-Station-Id attribute if included in
RADIUS authentication-request messages.
This field is only applicable if the 'callingStationId' bit is set in 'radiusAttributes'.
type=subscrauth.CallingStationIdType default=sapString Displayed(tab/group)=Calling Station ID Type (/Calling Station ID) |
| coaScriptPolicy |
Specifies the RADIUS script policy used to change the RADIUS attributes of
the incoming Change-of-Authorization messages
type=string default= Displayed(tab/group)=Script Policy (/RADIUS Script Policy) |
| domainName |
Specifies the domain name to use with user name operations. If nothing specified, the
domain name is retrieved from localuserdb.DhcpHost.dhcpDomainName.
This object is only relevant while the value of the object 'userNameOp' is equal to
'appendDomain', 'replaceDomain' or 'defaultDomain'."
type=string default= minimum=0 maximum=128 Displayed(tab/group)=Domain Name (/User Name) |
| fallbackForceProb |
Specifies if the RADIUS servers are probed, although in 'out-of-service' state, or not.
In case force-probing is true, the RADIUS servers are probed before the hold-time expires and the action in fallback is followed.
In case force-probing is false, the action in fallback is followed after the hold-time has expired (default).
type=boolean default=false Displayed(tab/group)=Fallback Force-Probing (/RADIUS Fallback) |
| nasPortBitspec |
Specifies what number will be put in the RADIUS NAS-Port attribute if included
in RADIUS authentication-request messages.
This field is only applicable if the 'nasPort' bit is set in 'radiusAttributes'
Maximum 32 bits can be specified.
If less than 32 bits are specified, the least significant bits are used and the
omitted higher bits are set to zero.
The value of tmnxSubAuthPlcyNasPortBitspec specifies
origin option ::= 'o' | 'i' | 's' | 'm' | 'p' | 'v' | 'c'
'c' - ATM VCI (Virtual Channel Identifier)
'i' - inner VLAN ID
'm' - MDA number
'o' - outer VLAN ID
'p' - port number
's' - slot number
'v' - ATM VPI (Virtual Path Identifier)
Example: *12o*12i*2s01 means 'the 12 least significant bits of the
outer VLAN ID, followed by the 12 least significant bits of the inner
VLAN ID, followed by the two least significant bits of the slot number,
followed by a zero and a one-bit', stored in network order in the least
significant bits: 0000ooooooooooooiiiiiiiiiiiiss01
type=string default= minimum=0 maximum=255 Displayed(tab/group)=NAS Port Bit Specification (/NAS Port) |
| nasPortPrefixString |
Specifies the user configurable string to be added as prefix to the NAS-Port attribute if
included in RADIUS accounting-request messages. This field is only applicable if the
'nasPortId' bit is set and nasPortPrefixType is set to userString.
type=string default= minimum=0 maximum=8 Displayed(tab/group)=Port Prefix String (/NAS Port ID) |
| nasPortPrefixType |
Specifies what type of prefix will be added to the NAS-Port attribute if included in RADIUS
accounting-request messages. This field is only applicable if the 'nasPortId' bit is set
type=subscrauth.NasPortPrefixType default=none Displayed(tab/group)=Port Prefix Type (/NAS Port ID) |
| nasPortSuffixType |
specifies what type of suffix will be added to the NAS-Port attribute if included in RADIUS
accounting-request messages. This field is only applicable if the 'nasPortId' bit is set
type=subscrauth.NasPortSuffixType default=none Displayed(tab/group)=Port Suffix Type (/NAS Port ID) |
| nasPortTypeType |
Specifies what kind of value will be put in the RADIUS NAS-Port-Type attribute
if included in RADIUS authentication-request messages.
This field is only applicable if the 'nasPortType' bit is set in 'radiusAttributes'.
type=subscrauth.NasPortTypeType default=standard Displayed(tab/group)=Port Type (/NAS Port Type) |
| nasPortTypeValue |
Specifies what value will be put in the RADIUS NAS-Port-Type attribute if included in RADIUS
authentication-request messages.
This field is only applicable if the 'nasPortType' bit is set in 'radiusAttributes' and the
value of 'nasPortTypeType' is equal to 'config'."
type=int default=0 minimum=0 maximum=255 Displayed(tab/group)=Port Type Value (/NAS Port Type) |
| password |
Specifies the password associated with the user for going to the RADIUS server.
type=string default= minimum=0 maximum=64 Displayed(tab/group)=Password (/Password) |
| pppDomain |
Specifies the domain name to use with PAP/CHAP user name operations.
type=string default= minimum=0 maximum=128 Displayed(tab/group)=Domain Name (/PPP User Name) |
| pppUserNameOp |
Specifies the operation to perform on the PAP/CHAP user name.
type=subscrauth.PppUserNameType default=noop Displayed(tab/group)=User Name Operation (/PPP User Name) |
| pppoeAccessMethod |
Specifies the authentication method used to authenticate PPPoE towards the RADIUS server.
There are three types:
(1)none indicates that no PPPoE authentication is done,
(2)padi: indicates that authentication is done based on the received PADI packet
(3)pap-chap: indicates that PAP/CHAP authentication is done.
type=subscrauth.PppoeAccessMethodType default=padi Displayed(tab/group)=PPPoE Access Method |
| radAuthDownTime |
Specifies, in seconds, how long the system waits before addressing
a RADIUS server that was previously down and has just come up.
type=int default=30 minimum=30 maximum=900 units=seconds Displayed(tab/group)=Authentication Hold Down Time (RADIUS Servers) |
| radiusAttributes |
Specifies what RADIUS attributes the system should include into RADIUS authentication-request messages.
type=subscrauth.RadiusAttributeType default=0 Displayed(tab/group)=RADIUS Attributes |
| radiusFallbackAction |
type=subscrauth.RadiusFallbackActionType default=deny Displayed(tab/group)=Fallback Action (/RADIUS Fallback) |
| radiusFallbackLocalUserDbName |
type=string default= minimum=0 maximum=32 Displayed(tab/group)=Local User DB Name (/RADIUS Fallback) |
| radiusServerPolicyPointer |
type=Pointer Displayed(tab/group)=RADIUS Server Policy (/RADIUS Server Policy) |
| reAuthenticate |
Specifies whether authentication must be re-issued when the DHCP lease timer
expires.
type=boolean default=false Displayed(tab/group)=Re-Authenticate When DHCP Lease Expires |
| requestScriptPolicy |
Specifies the RADIUS script policy used to change the RADIUS attributes of
the outgoing Access-Request messages
type=string default= Displayed(tab/group)=Script Policy (/RADIUS Script Policy) |
| retryAttempts |
Specifies the number of RADIUS requests towards the same RADIUS server.
type=int default=3 minimum=1 maximum=256 Displayed(tab/group)=Retry Attempts (RADIUS Servers) |
| router |
Identify a virtual router instance in the system. This value cannot be
changed once an RADIUS server is configured for this policy. When the value
is '0', both base and management router instances are matched.
type=long default=0 |
| routerType |
Specifies a virtual router type in the system. This value cannot be changed once a RADIUS server is configured for
this policy. This attribute is used for NFM-P configuration only. When the Base option is selected, the routing table
configuration of the router is the Base routing instance. When the Management option is selected, the routing table
configuration of the router is the Management routing instance. When the Matched option is selected, the Base and
Management router instances are the same. When the VPRN option is selected, a VPRN service is used as the routing instance.
type=subscrauth.RouterType default=matched Displayed(tab/group)=Router Instance (RADIUS Servers) |
| sourceAddress |
Specifies the source address of a radius packet for DHCP radius authentication.
It must be a valid unicast address (otherwise an error is returned).
If this object is configured with the address of the router
interface (ref TIMETRA-VRTR-MIB::vRiaIpAddress) the Radius client
uses it while making a request to the server.
If the address is not configured or is not the address of one of
the interfaces, the source address is based on the address of the
Radius server. If the server address is in-band, the client uses
the system ip address. If it is out-of-band, the source address is
the address of the management interface (The addresses can be
found in TIMETRA-VRTR-MIB::vRiaIpAddress).
type=InetAddress default=0.0.0.0 Displayed(tab/group)=Source Address (RADIUS Servers) |
| sourceAddressType |
Specifies the the type of host address stored in property 'sourceAddress'.
type=rtr.InetAddressType default=ipv4 |
| subscrauth.RadiusEntry-Set |
type=Children-Set |
| timeoutSeconds |
Specifies, in seconds, between authentication request retries towards
the same RADIUS server.
type=int default=5 minimum=1 maximum=340 units=seconds Displayed(tab/group)=Timeout (RADIUS Servers) |
| userNameAppend |
Specifies what needs to be appended to the user-name sent to the RADIUS server.
For SR release 8.0R4 onwards, use 'userNameOp' instead; the value of this attribute is ignored
if the value of 'userNameOp' is different from 'noop'."
type=subscrauth.UserNameAppendType default=nothing Displayed(tab/group)=Append To User Name (/User Name) |
| userNameFormat |
Specifies how the user is represented when contacting RADIUS server.
type=subscrauth.UserNameFormat default=macAddress Displayed(tab/group)=User Name Format (/User Name) |
| userNameMacFormat |
Specifies how a MAC address is represented when contacting a RADIUS server.
This is only used while the value of 'userNameFormat' is equal to 'dhcpClientVenderOpts'
and if the MAC address is used by default of DHCP client vendor options.
Examples:
'ab:' for 00:0c:f1:99:85:b8 SROS style
'XY-' for 00-0C-F1-99-85-B8 IEEE canonical style
'mmmm.' for 0002.03aa.abff Cisco style
'xx' for 000cf19985b8
type=string default=aa: minimum=2 maximum=7 Displayed(tab/group)=User Name Mac Format (/User Name) |
| userNameOp |
Specifies the operation to perform on the user name of DHCP hosts before transmitting it to
the RADIUS server.
When the value is 'append', the string specified by 'domainName', preceded with a '@', is
appended to the user name; if the value of 'domainName' is empty, the domain-name string is
retrieved from localuserdb.DhcpHost.dhcpDomainName.
When the value is 'strip', any '@' character and all subsequent characters are removed
from the user name.
When the value is 'replace', all characters after a '@' delimiter are replaced with the
string specified by 'domainName'.
When the value is 'useDefault', the same action is performed as with 'append', but
only if the user name does not contain a domain name already.
When the value is 'none', nothing append to user name, same as 'userNameAppend'= 'nothing'.
Note: the operation 'strip', 'replace' and 'useDefault' are only applicable when
'userNameFormat' is 'dhcpClientVenderOpts'.
type=subscrauth.PppUserNameType default=noop Displayed(tab/group)=User Name Operation (/User Name) |
| vprnPointer |
Identify a VPRN instance in the system. This value cannot be
changed once an RADIUS server is configured for this policy.
This attribute is used for NFM-P configuration only.
type=Pointer default= Displayed(tab/group)=VPRN ID (RADIUS Servers/Service Type) |
| Overridden Properties | |
|---|---|
| configurationAction |
default=overwriteIfExists |
| displayedName |
access=read-create minimum=1 maximum=32 |
| policyType |
default=subscriberAuthentication |
| Properties inherited from policy.PolicyObject |
|---|
| description, displayedName, globalPolicy, id, isLocal, policyType, siteId, siteName, templateObject |
| Properties inherited from ManagedObject |
|---|
| actionMask, children-Set, deploymentState, isFaultSquelched, name, objectFullName, selfAlarmed |
| Methods |
|---|
instanceFullName
: string - the full name of the object.
continueOnFailure
: continueOnFailure - (Optional) Continue processing requests in this stream if an exception occurs, unless the request is invalid. Default: false
dependencyCount
: int -
subscrauth.Policy.getServiceDependencyCountException
| Supported Network Elements | |
|---|---|
| 7450 ESS | |
| 7750 SR | |
| 7705 SAR Hm | |
| Product Specifics | |
| 7450 ESS (all versions) | |
| 7450 ESS 20.0 | |
| 7450 ESS 21.0 | |
| 7450 ESS 22.0 | |
| 7450 ESS 23.0 | |
| 7450 ESS 24.0 | |
| 7450 ESS 25.0 | |
| 7705 SAR Gen 2 (all versions) | |
| 7705 SAR Hm 20.0 | |
| 7705 SAR Hm 21.0 | |
| 7705 SAR Hm 22.0 | |
| 7705 SAR Hm 23.0 | |
| 7705 SAR Hm 24.0 | |
| 7705 SAR Hm 25.0 | |
| 7750 SR (all versions) | |
| 7750 SR 20.0 | |
| 7750 SR 21.0 | |
| 7750 SR 22.0 | |
| 7750 SR 23.0 | |
| 7750 SR 24.0 | |
| 7750 SR 25.0 | |