Reference to RADIUS Attributes

This chapter discusses RADIUS attributes found in user profiles. Each listing provides information in this format:

Attribute Name

Usage: The Usage text explains the values you can specify for the attribute.

Example: The Example text presents an example of how to use the attribute.

Dependencies: The Dependencies text tells you what other information you need in order to specify the proper value for the attribute.

See Also: The See Also text points you to related information.

Acct-Authentic (45)

The MAX sends Acct-Authentic in an Accounting-Request packet under these conditions:

• At the start of a session (when Acct-Status-Type=Start)

• At the end of an authenticated session (Acct-Status-Type=Stop) when the Auth parameter is not set to RADIUS/LOGOUT

• RADIUS (1)

  This value indicates that RADIUS authenticated the incoming call. RADIUS is the default.

• Local (2)

  This value indicates that the MAX authenticated the call using a local Connection profile, TACACS profile, or TACACS+ profile, or that the MAX accepted the call without authentication.

Acct-Delay-Time (41)

The MAX sends Acct-Delay-Time in an Accounting-Request packet under these conditions:

• At the start of a session (when Acct-Status-Type=Start)

• At the end of a session or when a session fails to authenticate (Acct-Status-Type=Stop) and the Auth parameter is not set to RADIUS/LOGOUT

Acct-Input-Octets (42)

Usage: The MAX sends Acct-Input-Octets in an Accounting-Request packet at the end of a session (Acct-Status-Type=Stop) when both of these conditions are true:

• The session has been authenticated.

• The Auth parameter is not set to RADIUS/LOGOUT.

Acct-Input-packets (47)

• The session has been authenticated.

• The Auth parameter is not set to RADIUS/LOGOUT.

• A framed protocol is in use.

Acct-Output-Octets (43)

The MAX sends Acct-Output-Octets in an Accounting-Request packet at the end of a session
(Acct-Status-Type=Stop) when both of these conditions are true:

• The session has been authenticated.

• The Auth parameter is not set to RADIUS/LOGOUT.

Acct-Output-packets (48)

• The Auth parameter is not set to RADIUS/LOGOUT.

• The session is authenticated.

• A framed protocol is in use.

Acct-Session-Id (44)

The MAX sends Acct-Session-Id under these conditions:

• At the start of a session (when Acct-Status-Type=Start)

• At the end of a session or when a session failed to authenticate (Acct-Status-Type=Stop) and the Auth parameter is not set to RADIUS/LOGOUT

Dependencies: Keep this additional information in mind:

• When an SNMP accounting session and a RADIUS accounting session have the same ID, they are identical.

  However, SNMP records all calls, while RADIUS records only those calls that result in a successful login or authentication.

• Using the Acct-ID Base parameter in the Ethernet\>Mod Config\>Accounting menu, you can specify whether the numeric base of the Acct-Session-Id attribute is 10 or 16.

  This parameter controls how the MAX presents Acct-Session-Id attribute to the accounting server. For more information, see the MAX Reference Guide.

Acct-Session-Time (46)

The MAX sends Acct-Session-Time in an Accounting-Request packet at the end of a session (Acct-Status-Type=Stop) when both of these conditions are true:

• The session has been authenticated.

• The Auth parameter is not set to RADIUS/LOGOUT.

Acct-Status-Type (40)

• NAS-Identifier (4) with the IP address of the MAX

• Acct-Status-Type (40) with the value7

• Acct-Delay-Time(41) with the number of seconds the MAX has been trying to send the packet without receiving an acknowledgement from the accounting server.

• 1 (Start)

• 2 (Stop)

• 7 (Accounting-On)

• 8 (Accounting-Off)

• At the start of a session (when Acct-Status-Type=Start)

• At the end of a session or when a session fails to authenticate (when Acct-Status-Type=Stop), and only if the Auth parameter is not set to RADIUS/LOGOUT

• You boot the MAX and Acct=RADIUS in the Ethernet > Mod Config > Accounting menu (Acct-Status-Type=Accounting-On.

• You set the Acct parameter RADIUS and save the configuration while the MAX is running (Acct-Status-Type=Accounting-On).

  When Acct-Status-Type=Accounting-On, the MAX retransmits the request until it receives an Accounting-Response packet from the RADIUS accounting server, or until the MAX reaches a limit of ten retries for each accounting server it attempts to reach.

• You reset the MAX.

• You set Acct to either None or TACACS+ and save the configuration while the MAX is running (Accounting-Off).

• You change the setting of the Auth parameter in the Ethernet>Mod Config>Auth menu from RADIUS to RADIUS/LOGOUT (Accounting-Off).

• When Auth=RADIUS/LOGOUT, Acct is set to N/A, and RADIUS accounting is disabled (Accounting-Off).

  When Acct-Status-Type=Accounting-Off, the MAX retransmits the request until it receives an Accounting-Response packet from RADIUS, or until the MAX reaches a limit of ten retries for each accounting server it attempts to reach. If the MAX is being reset, it sends only one Accounting-Request packet, and does not retransmit the request. The MAX does not send an Accounting-Request packet in response to a power failure.

Ascend-Add-Seconds (240)

When utilization exceeds the threshold for a period of time greater than the value of the Ascend-Add-Seconds attribute, the MAX attempts to add the number of channels specified by the Ascend-Inc-Channel-Count attribute. Using the Ascend-Add-Seconds attribute prevents the system from continually adding bandwidth, and can slow down the process of allocating bandwidth.

Usage: Specify a number between 1 and 300. The default value is 5.

Dependencies: Keep this additional information in mind:

• Additional channels must be available, and the number of channels the MAX adds cannot exceed the amount the Ascend-Maximum-Channels attribute specifies.

• Ascend-Add-Seconds and Ascend-Remove-Seconds have little or no effect on a system with a high Ascend-Seconds-Of-History value.

  If the value of Ascend-Seconds-Of-History is low, the Ascend-Add-Seconds and Ascend-Remove-Seconds attributes provide an alternative way to ensure that spikes must persist for a certain period of time before the system responds.

Ascend-Appletalk-Peer-Mode (117)

Usage: Specify one of the following values:

• Appletalk-Peer-Router (0) specifies that the caller is an AppleTalk router, such as an Ascend Pipeline unit.

• Appletalk-Peer-Dialin specifies that the caller is a dial-in AppleTalk client, such as a single Macintosh dialing in over a modem.

Example: The following example shows a RADIUS user profile for a routed connection:

pipe50  Password="pipe50"

        User-Service = Framed-User,

        Framed-Protocol = PPP,

        Ascend-Appletalk-Peer-Mode = Appletalk-Peer-Router,

        Ascend-Route-Appletalk = Route-Appletalk-Yes,

        Ascend-Idle-Limit = 0

mac1    Password = "mac1"

        User-Service = Framed-User,

        Framed-Protocol = PPP,

        Ascend-Appletalk-Peer-Mode = Appletalk-Peer-Dialin,

        Ascend-Route-Appletalk = Route-Appletalk-Yes,

        Ascend-Idle-Limit = 0

See Also: Ascend-Appletalk-Peer-Mode (117), Ascend-Appletalk-Route (116)

Ascend-Appletalk-Route (116)

Usage: Create a pseudo-user profile with the first line in the following format:

appleroute-num Password="ascend', user-service=Dialout-Framed-
User

Ascend-Appletalk-Route="net_start net_end zone_name 
profile_name"

Each static route must appear in a user profile. User profile entries for Appletalk static routes are identified by the special name appleroute-# and have the following format:

appleroute-# Password = "ascend" User-Service = Dialout-Framed-User

	Address 1

	Address 2

	...

	Address n

An example of a static route with the associated connection profiles is:

appleroute-1    Password = "ascend" User-Service = Dialout-
Framed-User Ascend-Appletalk-Route = "20 25 testzone1 pipe50"

pipe50  Password = "ascend" User-Service = Dialout-Framed-User,

        User-Service = Framed-User,

        Framed-Protocol = MPP,

        Ascend-Appletalk-Peer-Mode = Appletalk-Peer-Router,

        Ascend-Route-Appletalk = Route-Appletalk-Yes,

        Ascend-Dialout-Allowed = Dialout-Allowed,

        Ascend-Dial-Number = "83272",

        Ascend-Send-Auth = Send-Auth-PAP,

        Ascend-Send-Passwd = "MAX"

See Also: Ascend-Appletalk-Peer-Mode (117)

Ascend-Ara-PW (181)

Usage: Specify an alphanumeric text string containing up to 20 characters. The default value is null. The password you enter for this attribute must be identical to the password you enter in the first line of the user profile. The MAX requires both entries.

Example: This example sets up a TCP connection through ARA with a dynamic IP address assignment:

Emma Password="pwd"

          Framed-Protocol=ARA,

          Ascend-Ara-PW="pwd",

          Ascend-Route-IP=Route-IP-Yes,

          Ascend-Assign-IP-Pool=1

Ascend-Assign-IP-Client (144)

Usage: Specify an IP address in dotted-decimal notation. The default value is 0.0.0.0. You can specify multiple instances of this attribute. At present, the MAX does not use the list of radipad client units.

Dependencies: If no Ascend-Assign-IP-Client attribute is present, the list of client units defaults to those present in the RADIUS clients file.

See Also: Ascend-Assign-IP-Global-Pool (146)
Ascend-Assign-IP-Server (145)

Ascend-Assign-IP-Global-Pool (146)

Usage: Specify the name of the pseudo-user profile containing global IP pool definitions. The Ascend unit tries to allocate an address from the pools in order, and chooses an address from the pool with the first available IP address.

Dependencies: Do not set the Framed-Address attribute in the user profile. If you do, the MAX will require the caller to use the static IP address the attribute specifies.

See Also: Ascend-Assign-IP-Client (144)
Ascend-Assign-IP-Server (145)
Framed-Address (8)

Ascend-Assign-IP-Pool (218)

A dynamic address comes from the pool of addresses set by the Pool #n Start and Pool #n Count parameters, by the Ascend-IP-Pool-Definition attribute, or both. An IP address pool you set up in RADIUS overrides an IP address pool you set up in the MAX configuration interface only if you designate the two pools by the same number.

If you need to define more than ten pools of addresses, you must use the RADIUS attribute Ascend-IP-Pool-Definition to configure the IP address pools.

Usage: Specify an integer corresponding to an address pool. The default value is 1. If you set Ascend-Assign-IP-Pool=0, RADIUS chooses an address from any pool that has one available.

Example: In this example, the user requests an address from pool #2:

Emma Password="m2dan", User-Service=Framed-User

Framed-Protocol=PPP,

Ascend-Route-IP=Route-IP-Yes,

Ascend-Metric=2,

Framed-Routing=None,

     Ascend-Assign-IP-Pool=2

Ascend-Assign-IP-Server (145)

Usage: Specify an IP address in dotted decimal notation. The default value is 0.0.0.0. Only one instance of this attribute can appear in the profile. The default value is a placeholder only. You must specify a valid IP address for radipad to work.

See Also: Ascend-Assign-IP-Client (144)
Ascend-Assign-IP-Global-Pool (146)

Ascend-Authen-Alias (203)

When the MAX places an outgoing call, it identifies itself by a login name and password. The login name is either its system name (as specified by the Name parameter in the System profile) or the value you specify for the Ascend-Authen-Alias attribute.

Usage: Specify a text string containing up to 16 characters. The default is the value of the Name parameter in the System profile.

Example: This example uses the Ascend-Authen-Alias attribute in an outgoing profile:

Homer-Out Password="Ascend", User-Service=Dialout-Framed-User

        User-Name="Homer",

        Ascend-Authen-Alias="myMAXcallingU",

        Ascend-Send-Auth=Send-Auth-PAP,

        Ascend-Send-Secret="passwrd1",

        Ascend-Dial-Number="31",

        Framed-Protocol=PPP,

        Framed-Address=10.0.100.1,

        Framed-Netmask=255.255.255.0,

        Ascend-Metric=2,

        Framed-Routing=None,

        Framed-Route="10.5.0.0/24 10.0.100.1 1",

        Ascend-Idle-Limit=30

Ascend-backup (176)

When you use the backup connection, the MAX does not move routes to the backup profile. Therefore, the IP routes that appear in the terminal server display may be incorrect, although statistical counts reflect the change.

Usage: Specify the name of the profile that you want to act as the backup. The backup connection can be switched or nailed up. The default value is null.

Dependencies: Keep this additional information in mind:

• The Ascend-backup attribute applies to nailed-up connections only (Ascend-Call-Type=Nailed or Nailed/Mpp).

• Do not create nested backup connections.

• Attributes that you define for the primary profile do not automatically apply to the backup profile.

  For example, if you set the primary profile to filter Telnet packets, you must set the backup profile to filter Telnet packets as well. Outgoing Frame Relay packets are the only packets that follow the primary profile definitions. All other packets follow the backup profile definitions.

• If you configure a RADIUS user profile for Frame Relay and for backup, the MAX brings up the backup connection when any one of the DLCIs becomes unusable.

• Do not use the Ascend-backup attribute to provide alternative lines for getting to a single destination.

Ascend-BACP-Enable (134)

BACP is the Internet standard protocol equivalent to the Ascend MP+ bandwidth allocation protocol. BACP functions similarly to MP+ and uses the same attributes as MP+.

Usage: You can specify one of these settings:

• BACP-No (0) disables BACP for the link.

  The default value is BACP-No.

• BACP-Yes (1) enables BACP for the link.

Ascend-Base-Channel-Count (172)

Usage: The maximum number of channels you can specify depends upon the nature of the link:

• For a PPP link, the maximum number of channels is always 1.

• For an MP+ or MP link, you can specify any value up to the number of channels available, but the device at the remote end of the link must also support MP+ or MP.

• For a Combinet link, you can specify up to two channels.

Dependencies: The Ascend-Base-Channel-Count attribute does not apply when all channels of the link are nailed up (Ascend-Call-Type=Nailed).

For optimum MP+ performance, both sides of a connection must set these values to the same number:

• The base channel count, as specified by Base Ch Count (in the Connection profile) or Ascend-Base-Channel-Count (in RADIUS)

• The minimum channel count, as specified by Min Ch Count (in the Answer profile or Connection profile) or Ascend-Minimum-Channels (in RADIUS)

• The maximum channel count, as specified by Max Ch Count (in the Answer profile or Connection profile) or Ascend-Maximum-Channels (in RADIUS)

Ascend-Billing-Number (249)

Your carrier determines the billing number, and uses it to sort your bill. If you have several departments, and each department has its own Ascend-Billing-Number, your carrier can separate and tally each department's usage.

Usage: Specify a telephone number. You can indicate up to ten characters, and you must limit those characters to the following:

1234567890()[]!z-*# |

• For a T1 line, the MAX appends the value specified in the Ascend-Billing-Number attribute to the end of each phone number it dials for the call.

• Ascend-Billing-Number for outgoing calls on an ISDN BRI line applies only to installations in Australia.

• For a T1 PRI line, the MAX uses the Ascend-Billing-Number rather than the phone number ID to identify itself to the answering party.

  The Id Auth parameter enables you to require a device to authenticate incoming calls by checking the calling party's phone number. The device performs Calling Line ID (CLID) authentication before answering an incoming call. The calling party's phone number must match the Calling # parameter or the Caller-Id attribute. If the MAX cannot authenticate the call when CLID authentication is required, it rejects the call.

  If the calling party uses the Ascend-Billing-Number attribute instead of its phone number as its ID, the CLID the answering side uses is not the true phone number of the caller. This situation presents a security breach if you use Id Auth.

  Further, be aware that if you specify a value for the Ascend-Billing-Number attribute, there is no guarantee that the phone company will send it to the answering device.

Ascend-Bridge (230)

Usage: You can specify one of these values:

• Bridge-No (0)

  This setting disables bridging for the link. Bridge-No is the default.

• Bridge-Yes (1)

  This setting enables bridging for the link.

MAX1 Password="m2dan", User-Service=Framed-User

Framed-Protocol=PPP,

Ascend-Route-IPX=Route-IPX-No,

Ascend-Bridge=Bridge-Yes,

     Ascend-Handle-IPX=Handle-IPX-Client,

See Also: Ascend-Bridge-Address (168)

Ascend-Bridge-Address (168)

Usage: The Ascend-Bridge-Address attribute has this format:

Ascend-Bridge-Address="MAC_address profile_name IP_address"

Table 9-1. Ascend-Bridge-Address arguments

When your MAX receives an ARP request for one of the IP addresses you specify, the MAX replies with the corresponding MAC address and uses the specified profile to bring up a connection to that address. Because the MAX replies to these ARP requests as if the IP devices were local, you must have user profiles that bridge IP packets to each device.

Dependencies: Each bridge entry must appear in a pseudo-user profile. You create a pseudo- user to store information that the MAX can query-in this case, in order to store bridging information. For a unit-specific bridge entry, specify the first line of a pseudo-user profile in this format:

Bridge-unit_name-num Password="Ascend", User-Service=

Dialout-Framed-User

In each pseudo-user profile, you specify one or more Ascend-Bridge-Address attributes. Whenever you power on or reset the MAX, or when you select the Upd Rem Cfg command from the Sys Diag menu, RADIUS adds bridging entries to the bridge table in this way:

1. RADIUS looks for profiles having the format Bridge-unit_name-num, where unit_name is the system name and num is a number in a sequential series, starting with 1.

2. RADIUS loads the data to create the bridging tables.

Bridge-Ascend-1 Password="Ascend", User-Service=Dialout-Framed-User

       Ascend-Bridge-Address="2:2:3:10:11:12 Prof1 1.2.3.4 1",

       Ascend-Bridge-Address="2:2:3:13:14:15 Prof2 5.6.7.8 2"

Ascend-Callback (246)

• The phone number specified by Ascend-Dial-Number

• The password specified by Ascend-Send-Secret or Ascend-Send-Passwd

• Any other relevant attributes in the user profile that authenticated the call

Usage: You can specify one of these values:

• Callback-No (0)

  This value indicates that the MAX answers in the normal manner after authentication.

• Callback-Yes (1)

  This value indicates that the MAX hangs up and calls back the caller after authentication.

Ascend-Call-By-Call (250)

Usage: Specify a number corresponding to the type of service the MAX uses. The default value is 6. Table 9-2 lists the services available for each service provider.

Table 9-2. Ascend-Call-By-Call setting

Number	AT&T	Sprint	MCI
0	Disable call-by-call service.	Reserved	N/A
1	SDN (including GSDN)	Private	VNET/Vision
2	Megacom 800	Inwatts	800
3	Megacom	Outwatts	PRISM1, PRISM II, WATS
4	N/A	FX	900
5	N/A	Tie Trunk	DAL
6	ACCUNET Switched Digital Services	N/A	N/A
7	Long Distance Service (including AT&T World Connect)	N/A	N/A
8	International 800 (I800)	N/A	N/A
16	AT&T MultiQuest	N/A	N/A

Ascend-Call-Filter (243)

Unlike the Filter profiles in the MAX configuration interface, RADIUS filters are part of the outgoing or incoming RADIUS user profile. The MAX uses a RADIUS filter only when the MAX places or answers a call with a RADIUS profile that includes the filter specification.

Usage: Filter entries apply on a first-match basis. Therefore, the order in you specify filter entries is significant. If you make changes to a filter in a RADIUS user profile, the changes do not take effect until a call uses that profile.

IP call filter entries

Ascend-Call-Filter="ip dir action

[dstip dest_ipaddr\subnet_mask][srcip src_ipaddr\subnet_mask] 

[proto [dstport cmp value] [srcport cmp value] [est]]"

Table 9-3 describes each element of the syntax.

Table 9-3. IP call filter syntax elements

Keyword or argument	Description
ip	Indicates an IP filter.
dir	Indicates filter direction. You can specify in (to filter packets coming into the MAX) or out (to filter packets going out of the MAX).
action	Indicates what action the MAX should take with a packet that matches the filter. You can specify either forward or drop.
dstip dest_ipaddr	dstip is a keyword indicating destination IP address. The filter applies to packets whose destination address matches the value of dest_ipaddr. If a subnet mask portion of the address is present, the MAX compares only the masked bits. If you set dest_ipaddr to 0.0.0.0, or if this keyword and its IP address specification are not present, the filter matches all IP packets.
srcip src_ipaddr	srcip is a keyword indicating source IP address. The filter applies to packets whose source address matches the value of src_ipaddr. If a subnet mask portion of the address is present, the MAX compares only the masked bits. If you set src_ipaddr to 0.0.0.0, or if this keyword and its IP address specification are not present, the filter matches all IP packets.
proto	Indicates a protocol that you can specify as a name or a number. The filter applies to packets whose protocol field matches this value.The supported names and numbers are icmp (1), tcp (6), udp (17), and ospf (89). If you set proto to 0 (zero), the filter matches any protocol.
dstport cmp value	dstport is a keyword indicating destination port. This argument is valid only when the protocol is tcp (6) or udp (17). If you do not specify a destination port, the filter matches any port. cmp is an argument indicating how to compare the specified value to the actual destination port. It can have the value <, =, >, or !=. value can be a number or a name. Supported names and numbers are ftp-data (20), ftp (21), telnet (23), smtp (25), nameserver (42), domain (53), tftp (69), gopher (70), finger (79), www (80), kerberos (88), hostname (101), nntp (119), ntp (123), exec (512), login (513), cmd (514), and talk (517).
srcport cmp value	srcport is a keyword indicating source port. It is valid only when the protocol is tcp (6) or udp (17). If you do not specify a source port, the filter matches any port. cmp is an argument indicating how to compare the specified value to the actual source port. It can have the value <, =, >, or !=. value can be a number or a name. Supported names and numbers are ftp-data (20), ftp (21), telnet (23), smtp (25), nameserver (42), domain (53), tftp (69), gopher (70), finger (79), www (80), kerberos (88), hostname (101), nntp (119), ntp (123), exec (512), login (513), cmd (514), and talk (517).
est	If you set this argument to 1, the filter matches a packet only if a TCP session is already established. It is valid only when the proto specification is tcp (6).

None of the keywords are case sensitive.

IPX call filter entries

Ascend-Call-Filter="ipx <dir> <action>

   [srcipxnet <srcipxnet> srcipxnode <srcipxnode>

   [srcipxsoc <cmp> <value> ]]

   [dstipxnet <dstipxnet> dstipxnode <dstipxnode>

   [dstipxsoc <cmp> <value> ]]

Table 9-8 lists each keyword and argument.

Table 9-4. IPX filter syntax elements

Syntax element	Description
ipx	Designates an IPX filter.
<dir>	Indicates filter direction. You can specify "in" (to filter packets coming into the MAX) or "out" (to filter packets going out of the MAX).
<action>	Indicates the action the MAX should take with a packet that matches the filter. You can specify either "forward" or "drop".
srcipxnet	Designates that a source IPX network number appears after this keyword.
<srcipxnet>	Specifies the source IPX network number-the unique internal network number assigned to the NetWare server. You must specify the network number in hexadecimal format. Specifying 0x or 0X is optional.
srcipxnode	Designates that a source IPX node number appears after this keyword.
<srcipxnode>	Specifies the source IPX node number-the node number of the NetWare server. A valid IPX node number must accompany the IPX network number. You must specify the node number in hexadecimal format. Specifying 0x or 0X is optional. The IPX node number 0xffffffffffff is allowed and matches all IPX packets with the same node number.
srcipxsoc	Designates that a source IPX socket number specification appears after this keyword.
<cmp>	Indicates how to compare the socket number specified by <value> to the actual socket number in the packet. The <cmp> argument can have the value <, =, >, or !=.
<value>	Specifies the socket number of the NetWare server. Following the srcipxsoc keyword, the <value> argument specifies the source socket number; following the dstipxsoc keyword, the <value> argument specifies the destination socket number. You must specify the socket number in hexadecimal format. Specifying 0x or 0X is optional.
dstipxnet	Designates that a destination IPX network number appears after this keyword.
<dstipxnet>	Specifies the destination IPX network number-the unique internal network number assigned to the NetWare server. You must specify the network number in hexadecimal format. Specifying 0x or 0X is optional.
dstipxnode	Designates that a destination IPX node number appears after this keyword.
<dstipxnode>	Specifies the destination IPX node number-the node number of the NetWare server. A valid IPX node number must accompany the IPX network number. You must specify the node number in hexadecimal format. Specifying 0x or 0X is optional. The IPX node number 0xffffffffffff is allowed and matches all IPX packets with the same node number.
dstipxsoc	Designates that a source IPX socket number specification appears after this keyword.

Generic call filter entries

Ascend-Call-Filter="generic dir action offset mask value 
compare [more]"

Table 9-5 describes each element of the syntax. None of the keywords are case sensitive.

Table 9-5. Generic call filter syntax elements

Keyword or argument	Description
generic	Indicates a generic filter.
dir	Indicates filter direction. You can specify in (to filter packets coming into the MAX) or out (to filter packets going out of the MAX).
action	Indicates what action the MAX should take with a packet that matches the filter. You can specify either forward or drop.
offset	Indicates the number of bytes masked from the start of the packet. The byte position specified by offset is called the byte-offset. Starting at the position specified by offset, the MAX applies the value of the mask argument. A mask hides the part of a number that appears behind the binary zeroes in the mask. For example, if you set mask to ffff0000 in hexadecimal format, the filter uses only the first 16 binary digits in the comparison, since f=1111 in binary format. The unit then compares the unmasked portion of the packet with the value specified by the value argument.
mask	Indicates which bits to compare in a segment of the packet. The mask cannot exceed 6 bytes (12 hexadecimal digits). A one-bit in the mask indicates a bit to compare. A zero-bit indicates a bit to ignore. The length of the mask specifies the length of the comparison.
value	Indicates the value to compare to the packet contents at the specified offset in the packet. The length of the value must be the same as the length of the mask. Otherwise, the MAX ignores the filter.
compare	Indicates how the MAX compares a packet's contents to the value specified by value. You can specify == (for Equal) or != (for NotEqual). The default value is Equal.
more	If present, specifies whether the MAX applies the next filter definition in the profile to the current packet before deciding whether to forward or drop the packet. The dir and action values for the next entry must be the same as the dir and action values for the current entry. Otherwise, the MAX ignores the more flag.

Example: These are examples of IP call filter entries:

Ascend-Call-Filter="ip in drop"

Ascend-Call-Filter="ip out forward tcp"

Ascend-Call-Filter="ip out forward tcp dstip 10.0.200.3/16 srcip 
10.0.200.25/16 dstport!=telnet"

Ascend-Call-Filter="ip out forward tcp dstip 10.0.200.3/16 srcip 
10.0.200.25/16 icmp"

Ascend-Call-Filter="generic in drop 0 ffff 0080"

Ascend-Call-Filter="generic in drop 0 ffff != 0080 more"

Ascend-Call-Filter="generic in drop 16 ff aa"

Ascend-Call-Type (177)

Usage: You can specify one of these values:

• Nailed (1)

  This setting indicates a link that consists entirely of nailed-up channels. Nailed (1) is the default.

• Nailed/Mpp (2)

  This setting indicates a link that consists of both nailed-up and switched channels. The MAX establishes this connection whenever any of its nailed-up or switched channels are linked end-to-end. If a Nailed/Mpp link is down and the nailed-up channels are down, the link cannot re-establish itself until the MAX brings up one or more of the nailed-up channels, or dials one or more switched channels.

  Typically, the MAX dials a call when it receives a packet whose destination is the unit at the remote end of the Nailed/Mpp connection. The packet initiating the switched call must come from the caller side of the connection.

  If a failed channel is in the group specified by the Ascend-Group attribute, the MAX replaces that channel with a switched channel, even if the call is online with more than the minimum number of channels. The MAX replaces failed nailed-up channels with switched channels, regardless of the Min Ch Count setting.

• Perm/Switched (3)

  This setting indicates a permanent switched connection-an outbound call that attempts to remain up at all times. If the unit or central switch resets, or if the link goes down, the permanent switched connection attempts to restore the link at ten-second intervals.

  Use this setting if your telephone company charges for each incoming and outgoing connection attempt, but does not charge for connection time on local calls. Ascend's regular bandwidth-on-demand feature conserves connection time but causes many connection attempts. A permanent switched connection performs the opposite function-it conserves connection attempts but causes a long connection time.

  For the answering device at the remote end of the permanent switched connection, we recommend that you configure the Connection profile to answer calls but not to originate them. If the remote device initiates a call, the MAX simply does not answer it. This situation could result in repeated charges for calls that have no purpose. To keep the remote device from originating calls, set AnsOrig=Ans Only for that device.

The DO Hangup command works only from the caller side of the connection when you choose Nailed/Mpp.

Ascend-CBCP-Enable (112)

Usage: Specify one of the following settings:

• CBCP-Enabled (0)-Specifies that the MAX will positively acknowledge, during LCP negotiations, support for CBCP.

• CBCP-Not-Enabled (1)-Specifies that the MAX will reject any request to support CBCP.

Ascend-CBCP-Mode (113)

Usage: Specify one of the following values:

• CBCP-No-Callback (1)-Applies for Windows NT or Windows 95 clients who must not be called back. Because CBCP has been negotiated initially, the Windows clients must have validation from the MAX that no callback is used for this connection.

• CBCP-User-Callback (2)-Specifies that the caller will supply the number the MAX uses for the callback.

• CBCP-Profile-Callback (3)-Specifies that the MAX will use the number in Ascend-Dial-Number for the callback

• CBCP-User-Or-No (7)-Specifies that the caller has the option of either supplying the number to dial or specifying that no callback is used for the call. If no callback is chosen, the call will not be disconnected by the MAX.

See Also: Ascend-CBCP-Enable, Ascend-CBCP-Trunk-Group

Ascend-CBCP-Trunk-Group (115)

Usage: You can specify a number between 4 and 9, inclusive. The default is 9.

Dependencies: Ascend-CBCP-Trunk-Group applies only if CBCP is negotiated for a connection.

See Also: Ascend-CBCP-Enable, Ascend-CBCP-Mode

Ascend-Client-Gateway (132)

Usage: Specify the IP address of the next hop router in dotted decimal notation. The default value is 0.0.0.0. If you accept this value, the Ascend unit routes packets as specified in the routing table, using the system-wide default route if it cannot find a more specific route.

The Ascend unit must have a direct route to the address you specify. The direct route can take place via a profile or an Ethernet connection. If the Ascend unit does not have a direct route, it drops the packets on the connection. When you diagnose routing problems with a profile using this feature, an error in a per-user gateway address is not apparent from inspection of the global routing table.

Example: If you specify Ascend-Client-Gateway=10.0.0.3 in the RADIUS user profile
Berkeley, IP packets from the user with destinations through the default route goes through the router at 10.0.0.3.

Ascend-Connect-Progress (196)

The MAX includes Ascend-Connect-Progress in an Accounting-Request packet when both of these conditions are true:

• The session has ended or has failed to authenticate (Acct-Status-Type=Stop).

• The Auth parameter is not set to RADIUS/LOGOUT.

Table 9-6. Ascend-Connect-Progress codes

Ascend-Data-Filter (242)

Unlike the Filter profiles in the MAX configuration interface, RADIUS filters are part of the outgoing or incoming RADIUS user profile. The MAX uses a RADIUS filter only when the MAX places or answers a call with a RADIUS profile that includes the filter specification.

Usage: Filter entries apply on a first-match basis. Therefore, the order in you specify filter entries is significant. If you make changes to a filter in a RADIUS user profile, the changes do not take effect until a call uses that profile.

IP data filter entries

Ascend-Data-Filter="ip dir action 

[dstip dest_ipaddr\subnet_mask][srcip src_ipaddr\subnet_mask] 

[proto [dstport cmp value] [srcport cmp value] [est]]"

Table 9-7 describes each element of the syntax.

Table 9-7. IP data filter syntax elements

Keyword or argument	Description
ip	Indicates an IP filter.
dir	Indicates filter direction. You can specify in (to filter packets coming into the MAX) or out (to filter packets going out of the MAX).
action	Indicates what action the MAX should take with a packet that matches the filter. You can specify either forward or drop.
dstip dest_ipaddr	dstip is a keyword indicating destination IP address. The filter applies to packets whose destination address matches the value of dest_ipaddr. If a subnet mask portion of the address is present, the MAX compares only the masked bits. If you set dest_ipaddr to 0.0.0.0, or if this keyword and its IP address specification are not present, the filter matches all IP packets.
srcip src_ipaddr	srcip is a keyword indicating source IP address. The filter applies to packets whose source address matches the value of src_ipaddr. If a subnet mask portion of the address is present, the MAX compares only the masked bits. If you set src_ipaddr to 0.0.0.0, or if this keyword and its IP address specification are not present, the filter matches all IP packets.
proto	Indicates a protocol that you can specify as a name or a number. The filter applies to packets whose protocol field matches this value.The supported names and numbers are icmp (1), tcp (6), udp (17), and ospf (89). If you set proto to 0 (zero), the filter matches any protocol.
dstport cmp value	dstport is a keyword indicating destination port. This argument is valid only when the protocol is tcp (6) or udp (17). If you do not specify a destination port, the filter matches any port. cmp is an argument indicating how to compare the specified value to the actual destination port. It can have the value <, =, >, or !=. value can be a number or a name. Supported names and numbers are ftp-data (20), ftp (21), telnet (23), smtp (25), nameserver (42), domain (53), tftp (69), gopher (70), finger (79), www (80), kerberos (88), hostname (101), nntp (119), ntp (123), exec (512), login (513), cmd (514), and talk (517).
srcport cmp value	srcport is a keyword indicating source port. It is valid only when the protocol is tcp (6) or udp (17). If you do not specify a source port, the filter matches any port. cmp is an argument indicating how to compare the specified value to the actual source port. It can have the value <, =, >, or !=. value can be a number or a name. Supported names and numbers are ftp-data (20), ftp (21), telnet (23), smtp (25), nameserver (42), domain (53), tftp (69), gopher (70), finger (79), www (80), kerberos (88), hostname (101), nntp (119), ntp (123), exec (512), login (513), cmd (514), and talk (517).
est	If you set this argument to 1, the filter matches a packet only if a TCP session is already established. It is valid only when the proto specification is tcp (6).

None of the keywords are case sensitive.

IPX data filter entries

Ascend-Data-Filter="ipx <dir> <action>

   [srcipxnet <srcipxnet> srcipxnode <srcipxnode>

   [srcipxsoc <cmp> <value> ]]

   [dstipxnet <dstipxnet> dstipxnode <dstipxnode>

   [dstipxsoc <cmp> <value> ]]

Table 9-8 lists each keyword and argument.

Table 9-8. IPX filter syntax elements

Syntax element	Description
ipx	Designates an IPX filter.
<dir>	Indicates filter direction. You can specify "in" (to filter packets coming into the MAX) or "out" (to filter packets going out of the MAX).
<action>	Indicates the action the MAX should take with a packet that matches the filter. You can specify either "forward" or "drop".
srcipxnet	Designates that a source IPX network number appears after this keyword.
<srcipxnet>	Specifies the source IPX network number-the unique internal network number assigned to the NetWare server. You must specify the network number in hexadecimal format. Specifying 0x or 0X is optional.
srcipxnode	Designates that a source IPX node number appears after this keyword.
<srcipxnode>	Specifies the source IPX node number-the node number of the NetWare server. A valid IPX node number must accompany the IPX network number. You must specify the node number in hexadecimal format. Specifying 0x or 0X is optional. The IPX node number 0xffffffffffff is allowed and matches all IPX packets with the same node number.
srcipxsoc	Designates that a source IPX socket number specification appears after this keyword.
<cmp>	Indicates how to compare the socket number specified by <value> to the actual socket number in the packet. The <cmp> argument can have the value <, =, >, or !=.
<value>	Specifies the socket number of the NetWare server. Following the srcipxsoc keyword, the <value> argument specifies the source socket number; following the dstipxsoc keyword, the <value> argument specifies the destination socket number. You must specify the socket number in hexadecimal format. Specifying 0x or 0X is optional.
dstipxnet	Designates that a destination IPX network number appears after this keyword.
<dstipxnet>	Specifies the destination IPX network number-the unique internal network number assigned to the NetWare server. You must specify the network number in hexadecimal format. Specifying 0x or 0X is optional.
dstipxnode	Designates that a destination IPX node number appears after this keyword.
<dstipxnode>	Specifies the destination IPX node number-the node number of the NetWare server. A valid IPX node number must accompany the IPX network number. You must specify the node number in hexadecimal format. Specifying 0x or 0X is optional. The IPX node number 0xffffffffffff is allowed and matches all IPX packets with the same node number.
dstipxsoc	Designates that a source IPX socket number specification appears after this keyword.

Generic data filter entries

Ascend-Data-Filter="generic dir action offset mask value 
compare [more]"

Table 9-9 describes each element of the syntax. None of the keywords are case sensitive.

Table 9-9. Generic data filter syntax elements

Keyword or argument	Description
generic	Indicates a generic filter.
dir	Indicates filter direction. You can specify in (to filter packets coming into the MAX) or out (to filter packets going out of the MAX).
action	Indicates what action the MAX should take with a packet that matches the filter. You can specify either forward or drop.
offset	Indicates the number of bytes masked from the start of the packet. The byte position specified by offset is called the byte-offset. Starting at the position specified by offset, the MAX applies the value of the mask argument. A mask hides the part of a number that appears behind the binary zeroes in the mask. For example, if you set mask to ffff0000 in hexadecimal format, the filter uses only the first 16 binary digits in the comparison, since f=1111 in binary format. The unit then compares the unmasked portion of the packet with the value specified by the value argument.
mask	Indicates which bits to compare in a segment of the packet. The mask cannot exceed 6 bytes (12 hexadecimal digits). A one-bit in the mask indicates a bit to compare. A zero-bit indicates a bit to ignore. The length of the mask specifies the length of the comparison.
value	Indicates the value to compare to the packet contents at the specified offset in the packet. The length of the value must be the same as the length of the mask. Otherwise, the MAX ignores the filter.
compare	Indicates how the MAX compares a packet's contents to the value specified by value. You can specify == (for Equal) or != (for NotEqual). The default value is Equal.
more	If present, specifies whether the MAX applies the next filter definition in the profile to the current packet before deciding whether to forward or drop the packet. The dir and action values for the next entry must be the same as the dir and action values for the current entry. Otherwise, the MAX ignores the more flag.

Example: These are examples of IP data filter entries:

Ascend-Data-Filter="ip in drop"

Ascend-Data-Filter="ip out forward tcp"

Ascend-Data-Filter="ip out forward tcp dstip 10.0.200.3/16 srcip 
10.0.200.25/16 dstport!=telnet"

Ascend-Data-Filter="ip out forward tcp dstip 10.0.200.3/16 srcip 
10.0.200.25/16 icmp"

Ascend-Data-Filter="generic in drop 0 ffff 0080"

Ascend-Data-Filter="generic in drop 0 ffff != 0080 more"

Ascend-Data-Filter="generic in drop 16 ff aa"

Ascend-Data-Rate (197)

The MAX includes Ascend-Data-Rate in an Accounting-Request packet when both of these conditions are true:

• The session has ended or has failed to authenticate (Acct-Status-Type=Stop).

• The Auth parameter is not set to RADIUS/LOGOUT.

Ascend-Data-Svc (247)

Usage: The data service you specify must be available end-to-end. You can set the Ascend- Data-Svc attribute to one of the values listed in

Table 9-10. Ascend-Data-Svc settings

Setting	Description
Switched-Voice-Bearer (0)	This value applies only to calls made over an ISDN BRI or T1 PRI line. When you specify this setting, the MAX enables the network to place an end-to-end digital voice call for transporting data when a switched data service is not available.
Switched-56KR (1)	The call contains restricted data, guaranteeing that the data the MAX transmits meets the density restrictions of D4-framed T1 lines. D4 specifies the D4 format, also known as the Superframe format, for framing data at the physical layer. This format consists of 12 consecutive frames, separated by framing bits. The call connects to the Switched-56 data service. The only services available to lines using inband signaling (T1 access lines containing one or more switched channels, and Switched-56 lines) are Switched-56K and Switched-56KR.
Switched-64K (2)	The call contains any type of data and connects to the Switched-64 data service.
Switched-64KR (3)	The call contains restricted data and connects to the Switched-64 data service.
Switched-56K (4)	The call contains any type of data and connects to the Switched-56 data service. The only services available to lines using inband signaling (T1 access lines containing one or more switched channels, and Switched-56 lines) are Switched-56K and Switched- 56KR. For most T1 PRI lines, select Switched-56K.
Nailed-56KR (1)	The call contains restricted data and connects to the Nailed-56 data service.
Nailed-64K (2)	The call contains any type of data and connects to the Nailed-64 data service.
Switched-384KR	The call contains restricted data, and connects to MultiRate or GloBanD data services at 384 kbps.
Switched-384K	The call contains any type of data and connects to the Switched-384 data service. This AT&T data service does not require MultiRate or GloBanD.
Switched-1536K	The call contains any type of data and connects to the Switched-1536 data service at 1536 kbps. This setting is valid only for a MAX that supports ISDN D-channel signaling, and that connects to two or more T1 PRI lines using Non-Facility Associated Signaling (NFAS).
Switched-1536KR	The call contains restricted data, and connects to the Switched-1536 data service at 1536 kbps. This setting is valid only for a MAX that supports ISDN D-channel signaling, and that connects to two or more T1 PRI lines using Non-Facility Associated Signaling (NFAS).
Switched-128K	This value is available on a T1 PRI line with MultiRate or GloBanD data services.
Switched-192K	This value is available on a T1 PRI line with MultiRate or GloBanD data services.
Switched-256K	This value is available on a T1 PRI line with MultiRate or GloBanD data services.
Switched-320K	This value is available on a T1 PRI line with MultiRate or GloBanD data services.
Switched-384K-MR	This value is available on a T1 PRI line with the MultiRate data service.
Switched-448K	This value is available on a T1 PRI line with MultiRate or GloBanD data services.
Switched-512K	This value is available on a T1 PRI line with MultiRate or GloBanD data services.
Switched-576K	This value is available on a T1 PRI line with MultiRate or GloBanD data services.
Switched-640K	This value is available on a T1 PRI line with MultiRate or GloBanD data services.
Switched-704K	This value is available on a T1 PRI line with MultiRate or GloBanD data services.
Switched-768K	This value is available on a T1 PRI line with MultiRate or GloBanD data services.
Switched-832K	This value is available on a T1 PRI line with MultiRate or GloBanD data
Switched-896K	This value is available on a T1 PRI line with MultiRate or GloBanD data
Switched-960K	This value is available on a T1 PRI line with MultiRate or GloBanD data
Switched-1024K	This value is available on a T1 PRI line with MultiRate or GloBanD data
Switched-1088K	This value is available on a T1 PRI line with MultiRate or GloBanD data
Switched-1152K	This value is available on a T1 PRI line with MultiRate or GloBanD data
Switched-1216K	This value is available on a T1 PRI line with MultiRate or GloBanD data
Switched-1280K	This value is available on a T1 PRI line with MultiRate or GloBanD data
Switched-1344K	This value is available on a T1 PRI line with MultiRate or GloBanD data
Switched-1408K	This value is available on a T1 PRI line with MultiRate or GloBanD data
Switched-1472K	This value is available on a T1 PRI line with MultiRate or GloBanD data
Switched-1600K	This value is available on a T1 PRI line with MultiRate or GloBanD data
Switched-1664K	This value is available on a T1 PRI line with MultiRate or GloBanD data
Switched-1728K	This value is available on a T1 PRI line with MultiRate or GloBanD data
Switched-1792K	This value is available on a T1 PRI line with MultiRate or GloBanD data
Switched-1856K	This value is available on a T1 PRI line with MultiRate or GloBanD data
Switched-1920K	This value is available on a T1 PRI line with MultiRate or GloBanD data
Switched-inherited	This setting applies to calls placed by a device connected to a local ISDN BRI line supplied by a Host/BRI module. The call connects with the data service as requested by the caller on the local ISDN BRI line.
Switched-restricted-bearer-x30	This setting specifies the 56-kbps X.30 switched data service available from DPNSS and DASS 2 switches.
Switched-clear-bearer-v110	This setting specifies the 64-kbps V.110 switched data service available from DPNSS and DASS 2 switches.
Switched-restricted-64-x30	This setting specifies the 64-kbps X.30 switched data service available from DPNSS and DASS 2 switches. For most DASS 2 and DPNSS installations, select Switched-restricted-64-x30.
Switched-clear-56-v110	This setting specifies the 56-kbps V.110 switched data service available from DPNSS and DASS 2 switches.
Switched-modem	This setting places an outgoing call on any available digital modem. If no digital modems are available, the MAX does not place the call. The data rate depends upon the quality of the connections between modems and the types of modems in use. The Switched-modem setting requires that your MAX have digital modems. Modem applies only for PPP, MP+, and X.25/PAD calls. Currently, the MAX does not support multichannel modem calls. When you need to set up a dial-out profile in RADIUS for the MAX 4000, MAX 2000, MAX 1800, or Pipeline 400, set Ascend-Data-Svc=Switched-modem.
Switched-atmodem	This setting applies only to the MAX 200 and is equivalent to

Table 9-10.

Dependencies: Keep this additional information in mind:

• You can determine the base bandwidth of a call by multiplying the value of the Ascend-Base-Channel-Count attribute by the value of the Ascend-Data-Svc attribute.

• Either party can request a data service that is unavailable.

  In this case, the MAX cannot connect the call.

Ascend-DBA-Monitor (171)

Usage: You can specify one of these values:

• DBA-Transmit (0)

  This setting indicates that the MAX adds or subtracts bandwidth based on the amount of data it transmits.

  DBA-Transmit is the default.

• DBA-Transmit-Recv (1)

  This setting indicates that the MAX adds or subtracts bandwidth based on the amount of data it transmits and receives.

• DBA-None (2)

  This setting indicates that the MAX does not monitor traffic over the link.

• The MAX supports Ascend-DBA-Monitor only on MP+ calls.

• If both sides of the link have Ascend-DBA-Monitor set to DBA-None, Dynamic Bandwidth Allocation is disabled.

Ascend-Dec-Channel-Count (237)

Usage: Specify a number between 1 and 32. The default value is 1.

Dependencies: Keep this additional information in mind:

• Ascend-Dec-Channel-Count does not apply if all channels of a link are nailed up
  (Ascend-Call-Type=Nailed).

• Ascend-Dec-Channel-Count applies only when the link is using MP+ encapsulation (Framed-Protocol=MPP).

• You cannot clear a call by decrementing channels.

Ascend-DHCP-Maximum-Leases

Usage: Specify a value between 1 and 254. The default is 4.

See Also: Ascend-DHCP-Pool-Number (148)
Ascend-DHCP-Reply (147)

Ascend-DHCP-Pool-Number (148)

Usage: Specify an integer between 1 and the number of address pools defined on the MAX. The default value is 0 (zero), which specifies that the MAX uses the first defined IP address pool.

Dependencies: When the DHCP client requests an address, the MAX allocates an IP address from one of its IP address pools and assigns it to the client for 30 minutes. The client must renew the IP address assignment after the 30-minute period expires.

In its local memory, the MAX keeps track of all the IP addresses it has assigned. Therefore, it loses the entries for current, unexpired IP address assignments when you reset it. If a client holds an unexpired IP address assignment when you reset the MAX, the MAX may assign the same address to a new client. These duplicate IP addresses cause network problems until the first assignment expires or one of the clients reboots.

See Also: Ascend-DHCP-Maximum-Leases
Ascend-DHCP-Reply (147)

Ascend-DHCP-Reply (147)

Usage: You can specify one of these settings:

• DHCP-Reply-Yes indicates that the MAX processes DHCP packets.

  • For a bridged connection, the MAX responds to all DHCP requests.

  • For a non-bridged connection, the MAX responds only to Network Address Translation (NAT) for LAN DHCP packets.

• DHCP-Reply-No indicates that the MAX does not process DHCP packets, but routes or bridges DHCP packets as any other packet.

  The default value is DHCP-Reply-No.

Ascend-Dialout-Allowed (131)

Usage: You can specify one of these settings:

• Dialout-Not-Allowed (0) indicates that the RADIUS user profile does not allow modem dialout.

  The default value is Dialout-Not Allowed.

• Dialout-Allowed (1) indicates that the RADIUS user profile allows modem dialout.

Ascend-Dial-Number (227)

Usage: Specify a telephone number. You can enter up to 21 characters, and you must limit those characters to the following:

1234567890()[]!z-*#|

If Use Trunk Grps=Yes in the System\>Sys Config menu, the first digits in the Ascend-Dial-Number attribute have the meanings listed in Table 9-11.

Table 9-11. Ascend-Dial-Number digits

Digit	Explanation
First digit is between 4 and 9.	The MAX places the call over the corresponding trunk group listed in the Ch n Trnk Grp, B1 Trnk Grp, or B2 Trnk Grp parameters in the Line profile. If Dial Plan=Trunk Grp, the digits following the first digit constitute an ordinary phone number. If Dial Plan=Extended, the next two digits specify the Dial Plan profile containing the parameters the MAX uses when making the call. These parameters constitute the extended dial plan. An ordinary phone number follows these two digits.
First digit is 3.	The MAX places the call to a destination listed in a Destination profile. In this case, the second and third digits indicate the number of the Destination profile.
First digit is 2.	The MAX places the call between host ports on the same MAX, or between Terminal Equipment (TEs) on a local ISDN BRI line on the same MAX. The first type of call is a port-to-port call. The latter type of call is a TE-to-TE call. In a port-to-port call, the second digit indicates the slot of an AIM/6 module. In a TE-to-TE call, the second digit indicates the slot of a Host/BRI module. If you enter 0 (zero) for the second digit, the call connects to any available AIM port and ignores the third digit. If you enter a nonzero value for the second digit, the third digit selects the AIM port (for a port-to-port call) or a local ISDN BRI port (for a TE-to-TE call). If you enter 0 (zero) for the third digit, the call connects to any available AIM port or local ISDN BRI line in the module selected by the second digit.

Ascend-Disconnect-Cause (195)

The MAX includes Ascend-Disconnect-Cause in an Accounting-Request packet when both of these conditions are true:

• The session has ended or has failed to authenticate (Acct-Status-Type=Stop).

• The Auth parameter is not set to RADIUS/LOGOUT.

Table 9-12. Ascend-Disconnect-Cause codes

Ascend-Event-Type (150)

In a coldstart notification, the MAX sends values for NAS-Identifier, Ascend-Event-Type, and Ascend-Number-Sessions in an Ascend-Event-Request packet (code 33). The RADIUS accounting server must send back an Ascend-Event-Response packet (code 34) with the correct identifier to the MAX.

In a session event, the MAX sends values for Password, NAS-Identifier, Ascend-Event-Type, and Ascend-Number-Sessions in an Ascend-Event-Request packet (code 33) when Auth=RADIUS/LOGOUT in Ethernet>Mod Config>Auth. The authentication server must send back an Ascend-Event-Response packet (code 34) with the correct identifier to the MAX.

Usage: For a coldstart notification, Ascend-Event-Type=Ascend-Coldstart (1). For a session event, Ascend-Event-Type=Ascend-Session-Event (2)

See Also: Ascend-Number-Sessions (202)
NAS-Identifier (4)

Ascend-Expect-Callback (149)

When the remote device is set to call back (Ascend-Callback=Callback-Yes or Callback=Yes) and CLID authentication is not required, the remote device answers the call, verifies a name and password against a user profile, hangs up, and dials back to the caller using these values:

• The phone number specified by Ascend-Dial-Number

• The password specified by Ascend-Send-Secret or Ascend-Send-Passwd

• Any other relevant attributes in the user profile that authenticated the call

When you set Ascend-Expect-Callback=Expect-Callback-Yes, calls that dial out and do not connect (for any reason) appear on a list that disallows any further calls to that destination for 90 seconds. This delay gives the remote device an opportunity to complete the callback.

Usage: You can specify one of these values:

• Expect-Callback-No (0) indicates that the caller does not wait for a callback after placing a call that does not connect.

• Expect-Callback-Yes (1) indicates that the caller waits 90 seconds after placing a call that does not connect before attempting to place another call to the same number.

Ascend-First-Dest (189)

The MAX includes Ascend-First-Dest in an Accounting-Request packet when all of these conditions are true:

• The session has been authenticated.

• The session has ended (Acct-Status-Type=Stop).

• The Auth parameter is not set to RADIUS/LOGOUT.

Dependencies: This attribute only applies if the session routes IP.

Ascend-Force-56 (248)

Usage: You can specify one of these values:

• Force-56-No

  This setting indicates that the MAX should use the entire 64 kbps (when available). Force-56-No is the default.

• Force-56-Yes

  This setting specifies that the MAX should use only the 56-kbps portion of a channel.

  Set Ascend-Force-56=Force=56-Yes when you place calls to European or Pacific Rim countries from within North America and the complete path cannot distinguish between the Switched-56 and Switched-64 data services. This feature is not required if you are placing calls only within North America.

Ascend-FR-Circuit-Name (156)

Usage: Specify a text string containing up to 15 characters. The default value is null.

Dependencies: Keep this additional information in mind:

• You can specify Ascend-FR-Circuit-Name only when Framed-Protocol=FR-CIR.

• The MAX requires two profiles for a single PVC.

  You can use two RADIUS user profiles, two Connection profiles, or one RADIUS user profile and one Connection profile. The two DLCIs can use the same Frame Relay profile or different ones.

• The MAX switches pairs of links with matching Ascend-FR-Circuit-Name attributes to each other.

  Therefore, make sure that you specify the exact same name for Ascend-FR-Circuit-Name (in RADIUS) or Circuit (in a Connection profile) for the profiles that supply the endpoints of the PVC.

Ascend-FR-DCE-N392 (162)

Usage: Specify an integer between 1 and 10. The default value is 3.

Dependencies: Keep this additional information in mind:

• Set Ascend-FR-DCE-N392 to a value less than Ascend-FR-DCE-N393.

• Ascend-FR-DCE-N392 does not apply if Ascend-FR-Type=Ascend-FR-DTE.

Ascend-FR-DCE-N393 (164)

Usage: Specify a number between 1 and 10. The default value is 4.

Dependencies: This attribute does not apply if Ascend-FR-Type=Ascend-FR-DTE.

See Also: Ascend-FR-Type (159)

Ascend-FR-Direct (219)

When the MAX receives IP packets from a caller that has a redirect specified in its local Connection profile or RADIUS user profile, it simply forwards the data stream out to the Frame Relay switch using the specified DLCI, effectively passing on the responsibility of routing those packets to a later hop on the Frame Relay network. The MAX never examines the destination address of redirect packets. This feature enables you to accept traffic from one link and send all traffic to a predetermined destination, eliminating any user concerns over security.

Usage: You can specify one of these values:

• FR-Direct-No (0) indicates that the MAX does not use a redirect connection.

  FR-Direct-No is the default.

• FR-Direct-Yes (1) indicates that the MAX uses a redirect connection.

Ascend-FR-Direct-DLCI (221)

Usage: Specify an integer between 16 and 991. The default value is 16. Many redirect connections can use the same DLCI.

Dependencies: Ascend-FR-Direct-DLCI applies only if Ascend-FR-Direct=FR-Direct-Yes.

Example: This portion of a user profile shows a redirect connection that uses DLCI 21 and the Frame Relay profile called Montgomery.

Permconn-MAX-1 Password="Ascend", User-Service=Dialout-Framed-User

        User-Name="Matt",

        Ascend-FR-Direct=FR-Direct-Yes,

        Ascend-FR-Direct-Profile="Montgomery",

        Ascend-FR-Direct-DLCI=21,

        Metric=2,

        ...

Ascend-FR-Direct-Profile (220)

Usage: Indicate the name of a Frame Relay profile that connects to the Frame Relay switch handling the Data Link Connection Indicator (DLCI) specified by Ascend-FR-Direct-DLCI. You can specify up to 15 alphanumeric characters. The default value is null. Make sure that you enter the name exactly as it appears in the Name parameter of the Frame Relay profile.

Dependencies: Ascend-FR-Direct-Profile applies only if Ascend-FR-Direct=FR-Direct-Yes.

Example: This portion of a user profile shows a redirect connection that uses DLCI 21 and the Frame Relay profile called Montgomery.

Permconn-MAX-1 Password="Ascend", User-Service=Dialout-Framed-User

        User-Name="Matt",

        Ascend-FR-Direct=FR-Direct-Yes,

        Ascend-FR-Direct-Profile="Montgomery",

        Ascend-FR-Direct-DLCI=21,

        Metric=2,

        ...

Ascend-FR-DLCI (179)

Usage: Specify an integer between 16 and 991. The default value is 16. You must assign each gateway connection its own DLCI.

Dependencies: Ascend-FR-DLCI applies only if Ascend-FR-Direct=FR-Direct-No.

Example: This portion of a user profile shows a gateway connection that uses DLCI 21 and the Frame Relay profile called Florence.

Permconn-MAX-1 Password="Ascend", User-Service=Dialout-Framed-User

        User-Name="Matt",

Ascend-FR-Direct=FR-Direct-No,

Ascend-FR-Profile-Name="Florence",

Ascend-FR-DLCI=21,

Metric=2,

...

Ascend-FR-DTE-N392 (163)

Usage: Specify an integer between 1 and 10. The default value is 3.

Dependencies: Keep this additional information in mind:

• Set Ascend-FR-DTE-N392 to a value less than Ascend-FR-DTE-N393.

• Ascend-FR-DTE-N392 does not apply if Ascend-FR-Type=Ascend-FR-DCE.

Ascend-FR-DTE-N393 (165)

Usage: Specify a number between 1 and 10. The default value is 4.

Dependencies: This attribute does not apply if Ascend-FR-Type=Ascend-FR-DCE.

See Also: Ascend-FR-Type (159)

Ascend-FR-Link-Mgt (160)

Usage: You can specify one of these values:

• Ascend-FR-No-Link-Mgt (0)

  This setting indicates no link management, and is the default. The MAX always considers a link active if no link management functions are performed.

• Ascend-FR-T1-617D (1)

  This setting indicates T1.617 Annex D link management.

• Ascend-FR-Q-933A (2)

  This setting indicates Q.933 Annex A link management.

Ascend-FR-LinkUp (157)

Usage: You can specify one of these values:

• Ascend-LinkUp-Default (0)

  This setting indicates that the datalink does not come up unless a DLCI brings it up, and shuts down after the last DLCI has been removed. This value is the default.

• Ascend-LinkUp-AlwaysUp (1)

  This setting indicates that the datalink comes up automatically and stays up even when the last DLCI has been removed.

Ascend-FR-N391 (161)

If you configure the Frame Relay link for link management, it regularly request updates on the status of the link. The Frame Relay unit at the other end of the link must respond to these requests. Otherwise, the MAX considers the link inactive. Furthermore, if the response to these requests indicates a DLCI failure, the MAX considers the link inactive.

Usage: Specify an integer between 1 and 255. The default value is 6.

Dependencies: This attribute does not apply if Ascend-FR-Type=Ascend-FR-DCE.

See Also: Ascend-FR-Type (159)

Ascend-FR-Nailed-Grp (158)

Usage: Specify a number between 1 and the maximum number of nailed-up channels that your MAX allows. The default value is 1.

Dependencies: Do not associate a group with more than one active Frame Relay profile.

Ascend-FR-Profile-Name (180)

Usage: Indicate the name of a Frame Relay profile that connects to the Frame Relay switch handling the Data Link Connection Indicator (DLCI) specified by Ascend-FR-DLCI. You can specify up to 15 alphanumeric characters. The default value is null. Make sure that you enter the name exactly as it appears in the Name parameter of the Frame Relay profile.

Dependencies: Ascend-FR-Profile-Name applies only if Ascend-FR-Direct=FR-Direct-No.

Example: This portion of a user profile shows a gateway connection that uses DLCI 21 and the Frame Relay profile called Florence.

Permconn-MAX-1 Password="Ascend", User-Service=Dialout-Framed-User

        User-Name="Matt",

        Ascend-FR-Direct=FR-Direct-No,

        Ascend-FR-Profile-Name="Florence",

        Ascend-FR-DLCI=21,

        Metric=2,

        ...

Ascend-FR-T391 (166)

Usage: You can specify a number of seconds between 5 and 30. The default value is 10.

Dependencies: This attribute does not apply if Ascend-FR-Type=Ascend-FR-DCE.

See Also: Ascend-FR-Type (159)

Ascend-FR-T392 (167)

Usage: Specify a number of seconds between 5 and 30. The default value is 10.

Dependencies: This attribute does not apply if Ascend-FR-Type=Ascend-FR-DTE.

See Also: Ascend-FR-Type (159)

Ascend-FR-Type (159)

Usage: You can specify one of these values:

• Ascend-FR-DTE (0)

  This setting indicates a UNI-DTE interface (the default). When you specify this value, the MAX acts as a DTE that can connect to a Frame Relay switch.

• Ascend-FR-DCE (1)

  This setting indicates a UNI-DCE interface. When you specify this value, the MAX acts as a DCE that can connect to a Frame Relay DTE unit-that is, to the user's Customer Premises Equipment (CPE).

• Ascend-FR-NNI (2)

  This setting indicates an NNI interface. When you specify this value, the MAX can connect to another NNI unit (a Frame Relay switch).

Ascend-FT1-Caller (175)

Usage: You can specify one of these values:

• FT1-No (0) specifies that the MAX waits for the remote end to initiate the call.

  FT1-No is the default.

• FT1-Yes (1) specifies that the MAX initiates the call.

  If you choose this setting, the MAX dials to bring online any switched circuits that are part of the call.

• If the remote end has set Ascend-FT1-Caller=FT1-No in a RADIUS user profile (or FT1 Caller=No in a Connection profile), set Ascend-FT1-Caller=FT1-Yes for the local MAX.

• If the remote end has set Ascend-FT1-Caller=FT1-Yes in a RADIUS user profile (or FT1 Caller=Yes in a Connection profile), set Ascend-FT1-Caller=FT1-No for the local MAX.

Ascend-Group (178)

If you set the Ascend-Group attribute to a value that matches the settings of a Ch n Prt/Grp, B1 Prt/Grp, or B2 Prt/Grp parameter in a Line profile, the MAX uses the specified channels for this profile's link across the WAN. Similarly, if Ascend-Group has the same value as Nailed Grp in the Serial WAN profile, the MAX uses the serial WAN circuit for this profile's link.

Usage: Your usage depends upon the value you specify for the Ascend-Call-Type attribute:

• If you set Ascend-Call-Type=Nailed, you can specify a number between 1 and 60 for Ascend-Group.

  The default value is 1.

• If you set Ascend-Call-Type=Nailed/Mpp, you can use the Ascend-Group attribute to assign multiple nailed-up groups to the profile.

  Specify a single number, or specify a list of numbers between 1 and 60, separated by commas. Do not include spaces. The default value is 1.

• The Ascend-Group attribute does not apply if the link consists entirely of switched channels.

• If you add channels for the Ascend-Group attribute, the MAX adds the additional channels to any online connection that uses the group.

• Do not duplicate group numbers in active profiles-that is, choose a value for Ascend-Group that no active Connection profile, Call profile, Frame Relay profile, or RADIUS user profile is using.

• Although you can assign multiple groups to a user profile, do not mix the Serial WAN circuit with nailed-up BRI or T1/E1 channels.

Ascend-Handle-IPX (222)

Usage: You can specify one of these values:

• Handle-IPX-None (0)

  This setting indicates that special IPX behavior does not take place. Choose this setting when the LAN on each side of the bridge has one or more IPX servers.

  Handle-IPX-None is the default.

• Handle-IPX-Client (1)

  This setting indicates that the MAX discards Routing Information Protocol (RIP) and Service Advertising Protocol (SAP) periodic broadcasts at its WAN interface, but forwards RIP and SAP queries.

  The WAN interface is the port on the MAX that connects to a WAN line. RIP and SAP queries enable a client workstation to locate a NetWare server across the network. Choose Handle-IPX-Client when both these conditions are true:

  • The local LAN has IPX clients but no servers.

  • The MAX is acting as a bridge to another LAN containing only IPX servers, or a combination of IPX servers and clients.

• Handle-IPX-Server (2)

  This setting indicates that the MAX discards all Routing Information Protocol (RIP) and Service Advertising Protocol (SAP) periodic broadcasts and queries at its WAN interface.

  This mode enables the MAX to bring down calls during idle periods without breaking
  client/server or peer-to-peer connections.

  Ordinarily, when a NetWare server does not receive a reply to the watchdog session
  keepalive packets it sends to a client, it closes the connection. When you specify Handle-IPX-Server, however, the MAX replies to NCP watchdog requests on behalf of clients on the other side of the bridge. In other words, the MAX tricks the server watchdog process into believing that the link is still active. This process is called watchdog spoofing.

  Choose this setting when both these conditions are true:

  • The MAX is acting as a bridge to a remote LAN with IPX clients, but no servers.

  • The local LAN contains only IPX servers, or a combination of IPX clients and
    servers.

• If you specify Ascend-Handle-IPX=Handle-IPX-Server, you must also specify a value for the Ascend-Netware-timeout attribute, indicating the maximum length of idle time during which the MAX performs watchdog spoofing for NetWare connections.

• If the connection does not bridge (Ascend-Bridge=Bridge-No), the Ascend-Handle-IPX attribute does not apply.

• If the MAX on one LAN sets Ascend-Handle-IPX=Handle-IPX-Server, and the LAN on the other side of the connection has only NetWare clients, the MAX on the client-only LAN should set Ascend-Handle IPX=Handle-IPX-Client.

  If both LANs contain servers, both sides of the connection should set Ascend-Handle- IPX=Handle-IPX-None.

• Although Ascend-Handle-IPX does not apply if Ascend-Bridge=Bridge-No, the MAX automatically performs watchdog spoofing just as though you had set Ascend-Handle-IPX=Handle-IPX-Server.

  However, the MAX does not filter as though you had set Ascend-Handle-IPX=Handle-IPX-Server.

MAX1 Password="m2dan", User-Service=Framed-User

Framed-Protocol=PPP,

Ascend-Route-IPX=Route-IPX-No,

Ascend-Bridge=Bridge-Yes,

     Ascend-Handle-IPX=Handle-IPX-Client,

See Also: Ascend-Bridge (230)
Ascend-Netware-timeout (223)

Ascend-History-Weigh-Type (239)

Usage: Figure 9-1 illustrates the differences among the algorithms you can choose.

Figure 9-1. Bandwidth algorithms for MP+ calls

• History-Constant (0) gives equal weight to all samples taken during the historical time period specified by Ascend-Seconds-Of History.

  When you select this option, older historical samples have as much impact on the decision to change bandwidth allocation as more recent samples.

• History-Linear (1) gives more weight to recent samples of bandwidth usage than to older samples taken during the historical period specified by Ascend-Seconds-Of-History.

  The weighting grows at a linear rate.

• History-Quadratic (2) gives more weight to recent samples of bandwidth usage than to older samples taken during the historical period specified by Ascend-Seconds-Of-History.

  The weighting grows at a quadratic rate. History-Quadratic is the default.

Ascend-Home-Agent-IP-Addr

Example: The following is an example of a RADIUS accounting STOP record that includes the Ascend-Home-Agent-IP-Addr attribute:

Mon Apr 21 02:41:38 1997

User-Name = "JacobP75"

NAS-Identifier = 1.1.1.1

NAS-Port = 10105

Acct-Status-Type = Stop

Acct-Delay-Time = 0

Acct-Session-Id = "111111111"

Acct-Authentic = RADIUS

Acct-Session-Time = 0

Acct-Input-Octets = 215

Acct-Output-Octets = 208

Acct-Input-Packets = 10

Acct-Output-Packets = 10

Ascend-Disconnect-Cause = 1

Ascend-Connect-Progress = 60

Ascend-Data-Rate = 56000

Ascend-PreSession-Time = 1

Ascend-Pre-Input-Octets = 215

Ascend-Pre-Output-Octets = 208

Ascend-Pre-Input-Packets = 10

Ascend-Pre-Output-Packets = 10

Framed-Protocol = PPP

Framed-Address = 2.2.2.2

Tunneling-Protocol = ATMP

Ascend-Home-Agent-IP-Addr = 3.3.3.3

Ascend-Home-Agent-UDP-Port = 5150

Ascend-Home-Network-Name = homenet

• The Accounting-Request packet includes Acct-Status-Type=Stop.

• The session was authenticated and encapsulated by means of Ascend Tunnel Management Protocol (ATMP).

Ascend-Home-Agent-Password (184)

The RADIUS server passes the attributes in the mobile node's RADIUS user profile to the foreign agent. The foreign agent sends these attributes when connecting with the home agent.

A mobile node can also connect directly to the home agent. An ATMP-based RADIUS profile that is local to the home agent enables the mobile node to bypass a foreign agent connection, but does not preclude a foreign agent. If both the home agent and the foreign agent have local RADIUS profiles for the mobile node, the node can choose between a direct connection or a tunneled connection through the foreign agent.

Usage: Specify a text string containing up to 20 characters. The default value is null.

Example: The following RADIUS profile authenticates a mobile NetWare client that connects directly to the home agent. In this example, the home agent is in gateway mode. It forwards packets from the mobile node across a nailed-up WAN link to the home IPX network.

Mobile-IPX Password="unit"

     User-Service=Framed-User,

     Ascend-Route-IPX=Route-IPX-Yes,

     Framed-Protocol=PPP,

     Ascend-IPX-Peer-Mode=IPX-Peer-Dialin,

     Framed-IPX-Network=40000000,

     Ascend-IPX-Node-Addr=12345678,

     Ascend-Primary-Home-Agent="max1.home.com:6001",

     Ascend-Secondary-Home-Agent="max2.home.com:6001",

     Ascend-Home-Network-Name="Dave's MAX",

     Ascend-Home-Agent-Password="Pipeline"

Ascend-Home-Agent-UDP-Port (186)

Usage: Specify a UDP port number between 0 and 65535. The default value is 5150.

Dependencies: If you specify a value for the udp_port argument of Ascend-Primary-Home- Agent or Ascend-Secondary-Home-Agent, or if you accept the default of 5150 for udp_port, you need not specify the Ascend-Home-Agent-UDP-Port attribute.

See Also: Ascend-Home-Agent-Password (184)
Ascend-Home-Network-Name (185)
Ascend-Primary-Home-Agent (129)
Ascend-Secondary-Home-Agent (130)

Ascend-Home-Network-Name (185)

The RADIUS server passes the attributes in the mobile node's RADIUS user profile to the foreign agent. The foreign agent sends these attributes when connecting with the home agent.

A mobile node can also connect directly to the home agent. An ATMP-based RADIUS profile that is local to the home agent enables the mobile node to bypass a foreign agent connection, but does not preclude a foreign agent. If both the home agent and the foreign agent have local RADIUS profiles for the mobile node, the node can choose between a direct connection or a tunneled connection through the foreign agent.

Usage: Specify the name of the home agent's Connection profile. The default value is null.

Dependencies: You must specify a value for this attribute only if the home agent is a gateway (that is, only if Type=Gateway in the Ethernet>Mod Config>ATMP Options menu).

Example: The following RADIUS profile authenticates a mobile NetWare client that connects directly to the home agent. In this example, the home agent is in gateway mode. It forwards packets from the mobile node across a nailed-up WAN link to the home IPX network.

Mobile-IPX Password="unit"

     User-Service=Framed-User,

     Ascend-Route-IPX=Route-IPX-Yes,

     Framed-Protocol=PPP,

     Ascend-IPX-Peer-Mode=IPX-Peer-Dialin,

     Framed-IPX-Network=40000000,

     Ascend-IPX-Node-Addr=12345678,

     Ascend-Primary-Home-Agent="max1.home.com:6001",

     Ascend-Secondary-Home-Agent="max2.home.com:6001",

     Ascend-Home-Network-Name="Dave's MAX",

     Ascend-Home-Agent-Password="Pipeline"

Ascend-Host-Info (252)

Usage: You can specify up to 10 Ascend-Host-Info entries in a user profile. Enter your attribute settings in this format:

Ascend-Host-Info="IP_address text"

• IP_address specifies the IP address of each host.

  Specify an IP address in dotted decimal notation. An IP address consists of four numbers between 0 and 255, separated by periods. The default value is 0.0.0.0.

• text describes each host.

  You can enter up to 31 characters for text. The default value is null. The RADIUS server assigns the text a number. When the user selects the number, the terminal server initiates a Telnet session with the host at the specified IP address.

• Set Initial Scrn=Menu or Toggle Scrn=Yes.

• Set Remote Conf=Yes.

Initial-Banner-Cal Password="Ascend", User-Service=Dialout-Framed-User

     Reply-Message="Up to 16 lines of up to 80 characters each",

     Reply-Message="will be accepted. Long lines will be 
truncated",

     Reply-Message="Additional lines will be ignored.",

     Reply-Message="",

Ascend-Host-Info="1.2.3.5 Alameda",

Ascend-Host-Info="1.2.36 San Francisco",

...

See Also: Reply-Message (18)

Ascend-Idle-Limit (244)

Usage: Specify a number between 0 and 65535. If you specify 0 (zero), the MAX always clears a call when a session is inactive. The default value is 120 seconds. If you accept the default and an existing Answer profile specifies a value for the analogous Idle parameter, the MAX ignores the Idle value and uses the Ascend-Idle-Limit default.

Dependencies: Keep this additional information in mind:

• If the time set by the Ascend-Idle-Limit expires, the call disconnects whether or not bandwidth utilization falls below the Ascend-MPP-Idle-Percent setting.

• When bandwidth utilization falls below the Ascend-MPP-Idle-Percent setting, the call disconnects regardless of whether the time specified by the Ascend-Idle-Limit attribute has expired.

• Because the Ascend-MPP-Idle-Percent attribute is dependent on traffic levels on both sides of the connection, we recommend that you use the Ascend-Idle-Limit attribute in preference to it.

• The Ascend-Idle-Limit attribute does not apply to nailed-up links.

Ascend-IF-Netmask (154)

Usage: Specify a subnet mask consisting of four numbers between 0 and 255, separated by periods. The default value is 0.0.0.0.

Ascend-Inc-Channel-Count (236)

Usage: Specify a number between 1 and 32. The default value is 1.

Dependencies: Keep this additional information in mind:

• Ascend-Inc-Channel-Count does not apply if all channels of a link are nailed up (Ascend-Call-Type=Nailed).

• Ascend-Inc-Channel-Count applies only if the link is using MP+ encapsulation (Framed-Protocol=MPP).

• MP+ calls cannot exceed 32 channels.

• The sum of Ascend-Base-Channel-Count and Ascend-Inc-Channel-Count cannot exceed the maximum number of channels available.

Ascend-IP-Direct (209)

Usage: Specify an IP address in dotted decimal notation. An IP address consists of four numbers between 0 and 255, separated by periods. The default value is 0.0.0.0. If you accept the default, the MAX does not redirect IP traffic.

Dependencies: Keep this additional information in mind:

• You can specify the Ascend-IP-Direct attribute only under these conditions:

  • IP routing is in use.

  • The user profile contains the specification Ascend-Bridge=Bridge-No.

  • Framed-Protocol is not set to COMB or FR.

• Do not set Ascend-IP-Direct and Ascend-FR-Direct in the same user profile.

  If you do, an error occurs.

• Ascend-IP-Direct connections typically turn off RIP.

  If you configure the connection to receive RIP, the MAX keeps all RIP packets from the remote end and forwards them to the IP address you specify. To turn off RIP, set Framed-Routing=None.

Emma Password="m2dan", User-Service=Framed-User

          Framed-Protocol=PPP,

          Framed-Address=10.8.9.10,

          Ascend-Route-IP=Route-IP-Yes,

          Ascend-Bridge=Bridge-No,

          Ascend-IP-Direct=10.2.3.11,

          Ascend-Metric=2,

          Framed-Routing=None,

          ...

Ascend-IP-Pool-Definition (217)

Usage: The Ascend-IP-Pool-Definition attribute has this format:

Ascend-IP-Pool-Definition="num first_ipaddr max_entries"

Table 9-13. Ascend-IP-Pool-Definition arguments

Dependencies: You specify one or more Ascend-IP-Pool-Definition attributes in a pseudo- user profile. You create a pseudo-user to store information that the MAX can query-in this case, in order to store IP address pool information. Specify the first line of a pseudo-user profile in this format:

Pools-unit_name Password="Ascend", User-Service=Dialout-Framed-User

Example: In this example, the pseudo-user profile creates two IP address pools for the MAX to use. Address pool #1 contains a block of 7 IP addresses from 10.1.0.1 to 10.1.0.7. Address pool #2 contains a block of 48 IP addresses from 10.2.0.1 to 10.2.0.48.

Pools-MAX Password="Ascend", User-Service=Dialout-Framed-User

    Ascend-IP-Pool-Definition="1 10.1.0.1 7",

    Ascend-IP-Pool-Definition="2 10.2.0.1 48"

Ascend-IPX-Alias (224)

Usage: Specify an IPX network number. The default value is 0 (zero). RADIUS requires that this attribute have a decimal value (base 10), but IPX network numbers generally have hexadecimal values (base 16). In order to give this attribute a value, you must convert the hexadecimal IPX network number to a decimal value for use in the user profile.

See Also: Ascend-IPX-Peer-Mode (216)
Ascend-IPX-Route (174)
Ascend-Route-IPX (229)

Ascend-IPX-Node-Addr (182)

Usage: Specify a 12-digit ASCII string enclosed in double-quotes. The RADIUS server passes the attributes in the mobile node's profile to the foreign agent. The foreign agent sends these attributes when connecting with the home agent.

See Also: Framed-IPX-Network (23)

Ascend-IPX-Peer-Mode (216)

Dial-in clients do not belong to an IPX network, so you must assign them an IPX network number. When you do so, a dial-in client can establish a routing connection with the MAX. To provide an IPX network number, you must define a virtual IPX network using the IPX Pool# parameter in the MAX configuration interface. The MAX advertises the route to this virtual network and assigns it as the network address for dial-in clients.

Usage: For the Ascend-IPX-Peer-Mode attribute, you can specify one of these values:

• IPX-Peer-Router (0) indicates that the caller is on the Ethernet network and has its own IPX address.

  IPX-Peer-Router is the default.

• IPX-Peer-Dialin (1) indicates that the caller is a dial-in NetWare client that incorporates PPP software and dial-out hardware, but does not have an Ethernet interface.

  This setting causes the MAX to assign the caller an IPX address derived from the value of IPX Pool#. If the client does not supply its own unique node number, the MAX assigns a unique node number to the client as well. The MAX does not send IPX RIP and SAP advertisements across the connection, and ignores IPX RIP and SAP advertisements it receives from the remote end. However, it does respond to IPX RIP and SAP queries it receives from dial-in clients.

Ascend-IPX-Route (174)

Usage: To configure a static IPX route to an internal network, use the following format:

Ascend-IPX-Route="profile_name network# [node#] [socket#] 
[server_type] [hop_count] [tick_count] [server_name]"

Table 9-14. Ascend-IPX-Route arguments

When you define a static route to an external network, the Ascend-IPX-Route attribute has the following format:

Ascend-IPX-Route="route-only [network #] [transit_network #]"

Table 9-15 describes each Ascend-IPX-Route argument.

Table 9-15. Ascend-IPX-Route arguments

Argument	Description
network #	Indicates the unique external network number. The default value is 00000000.
transit_network #	Indicates an intermediate network: Between the MAX and the destination network. To which the MAX knows how to route.

Dependencies: Each static route must appear in a pseudo-user profile. You create a pseudo- user to store information that the MAX can query-in this case, in order to store IPX routing information. You can configure pseudo-users for both global and MAX-specific configuration control of IPX dialout routes. The MAX loads the unit-specific dialout routes in addition to the global dialout routes.

For a unit-specific IPX dialout route, specify the first line of a pseudo-user profile in this format:

IPXRoute-unit_name-num Password="Ascend", User-Service=Dialout-Framed-
User

IPXRoute-num Password="Ascend", User-Service=Dialout-Framed-User

In each pseudo-user profile, you can specify one or more routes using the Ascend-IPX-Route attribute. Limit each pseudo-user profile to about 25 routes. The MAX fetches information from each pseudo-user profile in order to gather routing information. Whenever you power on or reset the MAX, or when you select the Upd Rem Cfg command from the Sys Diag menu, RADIUS adds IPX dialout routes to the routing table in this way:

1. RADIUS looks for profiles having the format IPXRoute-unit_name-1, where
   unit_name is the system name.

2. If at least one profile exists, RADIUS loads all existing profiles having the format
   IPXRoute-unit_name-num to initialize the IPX routing table.

   The variable num is a number in a sequential series, starting with 1.

3. The MAX queries IPXRoute-unit_name-1, then IPXRoute-unit_name-2, and so on, until it receives an authentication reject from RADIUS.

4. RADIUS loads the global configuration profiles.

   These configurations have the form IPXRoute-num.

5. The MAX queries IPXRoute-1, then IPXRoute-2, and so on, until it receives an authentication reject from RADIUS.

IPXRoute-CA-1 Password="Ascend", User-Service=Dialout-Framed-User

        Ascend-IPX-Route="def 6 7 8 9 10"

IPXRoute-1 Password="Ascend", User-Service=Dialout-Framed-User

        Ascend-IPX-Route="abc 1 2 3 4 5 "

Ascend-Link-Compression (233)

Usage: You can specify one of these values:

• Link-Comp-None (0) disables data compression.

  Link-Comp-None in the default.

• Link-Comp-Stac (1) enables Ascend's modified version of the STACKER LZS compression/decompression algorithm.

• Link-Comp-Stac-Draft-9 (2) enables STACKER LZS compression/decompression algorithm, as specified in draft 9 of the IETF draft "PPP Stac LZS Compression Protocol".

• Link-Comp-MS-Stac (3) enables Microsoft's modified version of the STACKER LZS compression/decompression algorithm.

See Also: Framed-Compression (13)

Ascend-Maximum-Call-Duration (125)

Usage: You can specify an integer between 0 and 1440. The MAX checks the connection once per minute, so the actual time the call is connected is slightly longer than the actual time you set.

The default value is 0 (zero). If you accept the default, the MAX does not set a limit on the duration of an incoming call.

Ascend-Maximum-Channels (235)

Usage: Specify an integer between 1 and the maximum number of channels your system supports. The default value is 1.

Dependencies: This attribute applies only to MP+ calls.

For optimum MP+ performance, both sides of a connection must set these values to the same number:

• The base channel count, as specified by Base Ch Count (in the Connection profile) or Ascend-Base-Channel-Count (in RADIUS)

• The minimum channel count, as specified by Min Ch Count (in the Answer profile or Connection profile) or Ascend-Minimum-Channels (in RADIUS)

• The maximum channel count, as specified by Max Ch Count (in the Answer profile or Connection profile) or Ascend-Maximum-Channels (in RADIUS)

Ascend-Maximum-Time (194)

Usage: Specify an integer between 0 and 4,294,967,295. The default value is 0 (zero). When you accept the default, the MAX does not enforce a time limit.

Ascend-Menu-Item (206)

Using this attribute, you can configure a profile to give the terminal server user a custom menu of items from which to choose. The server uses the custom menu to present the user with a subset of terminal server commands. The user does not have access to the regular menu or to the terminal server command line.

Usage: Enter your specifications using this format:

Ascend-Menu Item=command;text;match

• command is the string that the MAX sends to the terminal server when the user selects the menu item.

• text is the text that displays to the user.

• match is the pattern the user must type to select the item.

• The first semi-colon (;) that appears acts as the delimiter between command and text.

• The second semi-colon that appears acts as the delimiter between text and match.

Example: Suppose you set these attributes:

Emma Password="m2dan", User-Service=Login-User

      Ascend-Menu-Item="show ip stats;Display IP Stats",

      Ascend-Menu-Item="ping 1.2.3.4;Ping server",

      Ascend-Menu-Item="telnet 10.2.4.5;Telnet to Ken's machine",

      Ascend-Menu-Item="show arp;Display ARP Table",

      Ascend-Menu-Selector="                              Option:",

      ...

1. Display IP Stats     3. Telnet to Ken's machine

2. Ping server          4. Display ARP Table.

                              Option:

Emma Password="m2dan", User-Service=Login-User

Ascend-Menu-Item="show ip stats;ip=Display ip stats;ip",

Ascend-Menu-Item="ping 1.2.3.4;p=Ping server. Ctrl-C stops ping;p",

Ascend-Menu-Item="telnet 10.2.4.5;t=Telnet to Ken's machine;t",

Ascend-Menu-Item="show arp;dsp=Display arp table;dsp ",

      Ascend-Menu-Selector="                              Option:",

      ...

ip=Display ip stats p=Ping server. Ctrl-C stops ping

t=Telnet to Ken's machine dsp=Display arp table

                              Option:

Emma Password="m2dan", User-Service=Login-User

Ascend-Menu-Item="show ip stats;ip=Display ip stats",

Ascend-Menu-Item="ping 1.2.3.4;p=Ping server. Ctrl-C stops ping;p",

Ascend-Menu-Item="telnet 10.2.4.5;t=Telnet to Ken's machine;t",

Ascend-Menu-Item="show arp;dsp=Display arp table;dsp ",

Ascend-Menu-Selector=" Option:",

...

If you mix numbered selections and pattern matching, as in this example, the terminal server screen displays the following text:

1. ip=Display ip stats 3. t=Telnet to Ken's machine

2. p=Ping server. Ctrl-C stops ping 4. dsp=Display arp table

Option:

See Also: Ascend-Menu-Selector (205)

Ascend-Menu-Selector (205)

By default, when you create a custom menu with the Ascend-Menu-Item attribute, the terminal server displays this string when prompting the user to make a selection:

Enter Selection (1-num, q) 

However, you can specify a different string for prompting the user to make a selection. The Ascend-Menu-Selector attribute enables you to specify a string that the terminal server displays when prompting a user for a menu selection. If you define this attribute, its value overrides the default of Enter Selection (1-num, q).

Usage: Specify a text string containing up to 31 characters. The terminal server displays this string when prompting the user for a menu selection.

Example: Suppose you set these attributes:

Emma Password="m2dan", User-Service=Login-User

      Ascend-Menu-Item="show ip stats;Display IP Stats",

      Ascend-Menu-Item="ping 1.2.3.4;Ping server",

      Ascend-Menu-Item="telnet 10.2.4.5; Telnet to Ken's machine",

      Ascend-Menu-Item="show arp;Display ARP Table"

      Ascend-Menu-Selector="                              Option:"

1. Display IP Stats     3. Telnet to Ken's machine

2. Ping server          4. Display ARP Table.

                              Option:

See Also: Ascend-Menu-Item (206)

Ascend-Metric (225)

If there are two routes available to a single destination network, you can ensure that the MAX uses any available nailed-up channel before using a switched channel. Simply set the Ascend-Metric attribute to a value higher than the metric of any nailed-up route. The higher the value you enter, the less likely that the MAX will bring the link online. The MAX uses the lowest metric.

Usage: You can specify a number between 1 and 15. This value is the virtual hop count. The default value is 7.

Dependencies: Keep this additional information in mind:

• The Ascend-Metric attribute does not apply to bridged connections, such as Combinet links.

• The hop count includes the metric of each switched link in the route.

See Also: Ascend-Route-IP (228)
Framed-Route (22)

Ascend-Minimum-Channels (173)

Usage: You can specify a number between 1 and 32. The default value is 1.

Dependencies: This attribute applies only to MP+ calls.

For optimum MP+ performance, both sides of a connection must set these values to the same number:

• The base channel count, as specified by Base Ch Count (in the Connection profile) or Ascend-Base-Channel-Count (in RADIUS)

• The minimum channel count, as specified by Min Ch Count (in the Answer profile or Connection profile) or Ascend-Minimum-Channels (in RADIUS)

• The maximum channel count, as specified by Max Ch Count (in the Answer profile or Connection profile) or Ascend-Maximum-Channels (in RADIUS)

Ascend-Modem-PortNo (120)

Usage: The MAX sends Ascend-Modem-PortNo as part of an accounting Stop record. The attribute does no appear in a user profile.

Dependencies: Because the MAX designates a modem by slot card and port, you must consider the value of Ascend-Modem-SlotNo.

See Also: Ascend-Modem-SlotNo

Ascend-Modem-SlotNo (Attribute 121)

Usage: The MAX sends Ascend-Modem-SlotNo as part of an accounting Stip record. The attribute does not appear in a user profile.

Dependencies: Because the MAX designates a modem by slot card and port, you must consider the value of Ascend-Modem-PortNo

See Also: Ascend-Modem-PortNo

Ascend-MPP-Idle-Percent (254)

Usage: Specify an integer between 0 and 99. The default value is 0 (zero). This setting causes the MAX to ignore bandwidth utilization when determining whether to clear a call.

Dependencies: Keep this additional information in mind:

• MP+ must be the selected encapsulation method for the profile (Framed-Protocol=MPP).

• If either end of a connection sets the Ascend-MPP-Idle-Percent attribute or Idle Pct parameter to 0 (zero), the MAX ignores bandwidth utilization when determining when to clear a call.

• Bandwidth utilization must fall below this percentage on both sides of the connection before the MAX clears the call.

• If the device at the remote end of the link enters an Ascend-MPP-Idle-Percent setting lower than the value you specify, the MAX does not clear the call until bandwidth utilization falls below the lower percentage.

• If the time set by the Ascend-Idle-Limit expires, the call disconnects whether or not bandwidth utilization falls below the Ascend-MPP-Idle-Percent setting.

• When bandwidth utilization falls below the Ascend-MPP-Idle-Percent setting, the call disconnects regardless of whether the time specified by the Ascend-Idle-Limit attribute has expired.

• Because the Ascend-MPP-Idle-Percent attribute is dependent on traffic levels on both sides of the connection, we recommend that you use the Ascend-Idle-Limit attribute in preference to it.

Ascend-Multicast-Client (152)

Usage: You can specify one of these values:

• Multicast-No (0)

  This setting indicates that the user is not a multicast client of the MAX.

• Multicast-Yes (1)

  This setting indicates that the user is a multicast client of the MAX.

See Also: Ascend-Multicast-Rate-Limit (153)

Ascend-Multicast-Rate-Limit (153)

Usage: Specify an integer. If you set the attribute to 0 (zero), the MAX does not apply rate limiting. The default value is 100. The MAX discards any subsequent packets it receives in the window you specify.

Dependencies: This attribute applies solely to the IP-only release of the MAX 4000.

See Also: Ascend-Multicast-Client (152)

Ascend-Multilink-ID (187)

The MAX sends Ascend-Multilink-ID in an Accounting-Request packet when all of these conditions are true:

• The session was authenticated.

• The session has ended (Acct-Status-Type=Stop).

• The Auth parameter is not set to RADIUS/LOGOUT.

See Also: Ascend-Num-In-Multilink (188)

Ascend-Netware-timeout (223)

Usage: Specify an integer between 0 and 65535. The default value is 0 (zero). This default allows the MAX to respond to watchdog requests without a time limit.

The timer begins counting down as soon as the WAN bridging link goes offline. At the end of the selected time, the MAX releases the client-server connections. If there is a reconnection of the WAN session, the MAX cancels the timeout.

Dependencies: Ascend-Netware-timeout applies to IPX bridging connections when the MAX is on the server LAN and not on the client LAN-that is, when Ascend-Handle-IPX=
Handle-IPX-Server.

See Also: Ascend-Handle-IPX (222)

Ascend-Number-Sessions (202)

Usage: The Ascend-Number-Sessions attribute has a compound value. The first part specifies a user-session class. The second part reports the number of active sessions in that class.

In the MAX, you can set the Sess Timer parameter in the Ethernet>Mod Config>Accounting menu to send accounting requests at regular intervals. At the specified interval, the MAX reports the number of open sessions by sending an Ascend-Event-Request packet (code 33). This packet contains an NAS-Identifier attribute, an Ascend-Event-Type attribute, and one or more Ascend-Number-Sessions attributes. The authentication server must send back an Ascend-Event-Response packet (code 34) with the correct identifier to the MAX.

In addition, you can set the Sess Timer parameter in the Ethernet>Mod Config>Auth menu to send requests to the authentication server at regular intervals. In a session event when Auth=RADIUS/LOGOUT, the MAX sends values for Password, NAS-Identifier, Ascend-Event-Type, and Ascend-Number-Sessions in an Ascend-Event-Request packet (code 33). The authentication server must send back an Ascend-Event-Response packet (code 34) with the correct identifier to the MAX.

Dependencies: The MAX sends the Ascend-Number-Sessions attribute in Ascend-Event- Request packets. Only RADIUS daemons you customize to recognize this packet code respond these request packets from the MAX. Other daemons ignore it. Therefore, both the standard Livingston RADIUS daemon and the Ascend daemon ignore this attribute.

When modifying the daemon, make sure that it recognizes an Ascend-Event-Request packet in this format:

Code (8-bit)=33

Identifier (8-bit) 

Length (16-bit)

Authenticator (48-bit for an accounting server, 64-bit for an 

authentication server)

List of attributes

See Also: Ascend-Event-Type (150)
Class (25)

Ascend-Num-In-Multilink (188)

The MAX sends Ascend-Num-In-Multilink in an Accounting-Request packet when all of these conditions are true:

• The session was authenticated.

• The session has ended (Acct-Status-Type=Stop).

• The Auth parameter is not set to RADIUS/LOGOUT.

See Also: Ascend-Multilink-ID (187)

Ascend-PPP-Address (253)

Usage: Specify an IP address in dotted decimal notation. An IP address consists of four numbers between 0 and 255, separated by periods. The default value is 0.0.0.0. If you accept the default, IPCP negotiates with the value of the IP Adrs parameter in the Ethernet\>Mod Config\>Ether Options menu.

If you specify a valid IP address, IPCP negotiates with that IP address. If you specify 255.255.255.255, IPCP negotiates with the address 0.0.0.0.

Dependencies: You can assign Ascend-PPP-Address a value different from the MAX unit's true IP address, as long as the user requesting access understands that limitation.

Ascend-PPP-Async-Map (212)

Usage: Specify a 4-byte bitmap to one or more control characters. The async control character map is defined in RFC 1548 and specifies that each bit position represents its ASCII equivalent. The bits are ordered with the lowest bit of the lowest byte being 0. For example, bit 19 corresponds to Control-S (DC3) or ASCII 19.

Example: Your specification might look like this one:

Emma Password="m2dan", User-Service=Login-User

          Ascend-PPP-Async-Map=19,

          ...

Ascend-PPP-VJ-1172 (211)

RFC 1172 section 5.2 contains an erroneous statement that the VJ compression type value is 0x0037. It should be 0x002d. However, many older PPP implementations use the 0x0037 value when negotiating VJ compression. If you do not specify a value for Ascend-PPP-VJ-1172, the VJ compression type is 0x002d.

Usage: Enter your specification using this format:

Ascend-PPP-VJ-1172=PPP-VJ-1172

Ascend-PPP-VJ-Slot-Comp (210)

When you turn on VJ compression, the MAX removes the TCP/IP header, and associates a TCP/IP packet with a connection by giving it a slot ID. The first packet coming into a connection must have a slot ID, but succeeding packets need not have one. If the packet does not have a slot ID, the MAX assumes that it uses the last slot ID. This scenario uses slot ID compression, because the slot ID does not appear in any packet but the first in a stream.

However, there may be times when you want each VJ-compressed packet to have a slot ID. The Ascend-PPP-VJ-Slot-Comp attribute exists for this purpose.

Usage: To specify that no slot compression occurs, set the Ascend-PPP-VJ-Slot-Comp attribute to VJ-Slot-Comp-No (1). If you do not specify a value for Ascend-PPP-VJ-Slot- Comp, and Framed-Compression=Van-Jacobson-TCP-IP, slot compression occurs.

See Also: Framed-Compression (13)

Ascend-Pre-Input-Octets (190)

The MAX includes Ascend-Pre-Input-Octets in an Accounting-Request packet when all of these conditions are true:

• The session was authenticated.

• The session has ended (Acct-Status-Type=Stop).

• The Auth parameter is not set to RADIUS/LOGOUT.

Ascend-Pre-Input-packets (192)

The MAX includes Ascend-Pre-Input-packets in an Accounting-Request packet when all of these conditions are true:

• The session was authenticated.

• The session has ended (Acct-Status-Type=Stop).

• The Auth parameter is not set to RADIUS/LOGOUT.

Ascend-Pre-Output-Octets (191)

The MAX includes Ascend-Pre-Output-Octets in an Accounting-Request packet when all of these conditions are true:

• The session was authenticated.

• The session has ended (Acct-Status-Type=Stop).

• The Auth parameter is not set to RADIUS/LOGOUT.

Ascend-Pre-Output-packets (193)

The MAX includes Ascend-Pre-Output-packets in an Accounting-Request packet when all of these conditions are true:

• The session was authenticated.

• The session has ended (Acct-Status-Type=Stop).

• The Auth parameter is not set to RADIUS/LOGOUT.

Ascend-Preempt-Limit (245)

Usage: Specify an integer between 0 and 65535. The MAX never preempts a call if you enter 0 (zero). The default value is 60.

Dependencies: The Ascend-Preempt-Limit attribute does not apply to nailed-up links.

See Also: Ascend-Idle-Limit (244)
Ascend-MPP-Idle-Percent (254)

Ascend-Preference (126)

Usage: Specify an integer. The default value is 60. We recommend that you accept this default for dial-in and dial-out user profiles.

Dependencies: Make sure that more desirable routes have a lower preference number. In particular, make sure that routes for connections that are down have a higher preference number than routes for connections that are up. The following table lists the factory default values for route preferences.

Route type	Default value
Interface	0
ICMP	30
RIP	100
OSPF ASE	150
OSPF Internal	10
Static	60
Down-WAN	120
Infinite	225

Ascend-PreSession-Time (198)

The MAX includes Ascend-PreSession-Time in an Accounting-Request packet when both of these conditions are true:

• The session has ended or has failed to authenticate (Acct-Status-Type=Stop).

• The Auth parameter is not set to RADIUS/LOGOUT.

Ascend-Primary-Home-Agent (129)

The RADIUS server passes the attributes in the mobile node's RADIUS user profile to the foreign agent. The foreign agent sends these attributes when connecting with the home agent.

A mobile node can also connect directly to the home agent. An ATMP-based RADIUS profile that is local to the home agent enables the mobile node to bypass a foreign agent connection, but does not preclude a foreign agent. If both the home agent and the foreign agent have local RADIUS profiles for the mobile node, the node can choose between a direct connection or a tunneled connection through the foreign agent.

Usage: Specify the primary home agent using this syntax:

Ascend-Primary-Home-Agent="hostname | ip_address [:udp_port]"

• The hostname argument indicates the home agent's symbolic hostname.

• The ip_address argument indicates the home agent's IP address in dotted decimal notation.

  Specify an IP address if a DNS server is not set up for the home agent. You can specify a hostname or an IP address, but not both.

• The optional udp_port argument indicates the UDP port on which the foreign agent communicates with the home agent.

  The default value is 5150.

• The colon (:) separates the hostname or IP address from the UDP port specification.

Ascend-Primary-Home-Agent="max1.home.com:6001"

Ascend-Primary-Home-Agent="10.0.0.1:6001"

Mobile-IPX Password="unit"

     User-Service=Framed-User,

     Ascend-Route-IPX=Route-IPX-Yes,

     Framed-Protocol=PPP,

     Ascend-IPX-Peer-Mode=IPX-Peer-Dialin,

     Framed-IPX-Network=40000000,

     Ascend-IPX-Node-Addr=12345678,

     Ascend-Primary-Home-Agent="max1.home.com:6001",

     Ascend-Secondary-Home-Agent="max2.home.com:6001",

     Ascend-Home-Network-Name="Dave's MAX",

     Ascend-Home-Agent-Password="Pipeline"

• If you specify the Ascend-Home-Agent-UDP-Port attribute on the line immediately following the Ascend-Primary-Home-Agent attribute, you need not specify a value for udp_port.

  By the same token, if you specify a value for the udp_port argument of Ascend-Secondary-Home-Agent, or if you accept the default of 5150, you need not specify the Ascend-Home-Agent-UDP-Port attribute.

• It is preferable to use Ascend-Primary-Home-Agent in place of the Ascend-Home-Agent-IP-Addr attribute in the RADIUS user profile. However, the Stop record will include Ascend-Home-Agent-IP-Addr and not Ascend-Primary-Home-Agent.

• To specify a secondary home agent for use if the primary home agent is unavailable, use the Ascend-Secondary-Home-Agent attribute.

See Also: Ascend-Home-Agent-Password (184)
Ascend-Home-Agent-UDP-Port (186)
Ascend-Home-Network-Name (185)
Ascend-Secondary-Home-Agent (130)

Ascend-PRI-Number-Type (226)

Usage: You can specify one of these values:

• Unknown-Number (0)

  This setting indicates that the MAX can dial any type of number.

• Intl-Number (1)

  This setting indicates that the MAX dials a number outside the U.S.

• National-Number (2)

  This setting indicates that the MAX dials a number inside the U.S. National-Number is the default.

• Local-Number (4)

  This setting indicates that the MAX dials a number within your Centrex group.

• Abbrev-Number (5)

  This setting indicates that the MAX dials an abbreviated phone number.

Ascend-PW-Expiration (21)

When the MAX makes an authentication request, the RADIUS server checks the current date against the value of Ascend-PW-Expiration. If the date of the authentication request is the same date or a later date than the value of Ascend-PW-Expiration, the user receives a message saying that the password has expired.

You must specify Ascend-PW-Expiration when you first create a user.

Usage: Specify a month, day, and year.

• For the month specification, enter the first three letters of the month in which you want the password to expire, or specify the entire name of the month.

  The month must begin with a capital letter.

• For the day specification, enter one or more digits indicating a valid day of the month.

  The values 2, 02, 002, and 0021 are all valid, but 32 is not.

• For the year specification, enter a four-digit year.

  The year must start with the number 19.

• Separate each part of the date specification using one or more spaces, tabs, or commas.

Dependencies: Keep this additional information in mind:

• If a password expires and the user resets it, the RADIUS server adds the value of
  Ascend-PW-Lifetime to the date on which the user resets the password.

  The resulting date becomes the new value for Ascend-PW-Expiration.

  For example, suppose that Ascend-PW-Lifetime=30, Ascend-PW-Expiration=January 1, 1997, and today's date is March 1, 1997. If the user resets the password today, the value of Ascend-PW-Expiration becomes today's date + Ascend-PW-Lifetime, or March 31, 1997.

• If the password has not expired, the value of Ascend-PW-Expiration overrides the value of Ascend-PW-Lifetime.

  For example, if on January 1, 1997 you set Ascend-PW-Lifetime=30 and
  Ascend-PW-Expiration=January 15, 1997, the password expires on January 15, 1997.
  In other words, if the password has not expired, the value of Ascend-PW-Lifetime is
  irrelevant.

Emma Password="m2dan", User-Service=Login-User, Ascend-PW-
Expiration="January 1, 1997"

...

Ascend-PW-Lifetime (208)

Usage: Specify an integer to indicate the number of days for which the user's password is valid. You can set the Ascend-PW-Lifetime attribute on any line other than the first line of the user profile.

Dependencies: Keep this additional information in mind:

• If a password expires and the user resets it, the RADIUS server adds the value of
  Ascend-PW-Lifetime to the date on which the user resets the password.

  The resulting date becomes the new value for Ascend-PW-Expiration. For example, suppose that Ascend-PW-Lifetime=30, Ascend-PW-Expiration=January 1, 1997, and today's date is March 1, 1997. If the user resets the password today, the value of Ascend-PW-Expiration becomes today's date + Ascend-PW-Lifetime, or March 31, 1997.

• If the password has not expired, the value of Ascend-PW-Expiration overrides the value of Ascend-PW-Lifetime.

  For example, if on January 1, 1997 you set Ascend-PW-Lifetime=30 and
  Ascend-PW-Expiration=January 15, 1997, the password expires on January 15, 1997.
  In other words, if the password has not expired, the value of Ascend-PW-Lifetime is
  irrelevant.

• If Ascend-PW-Lifetime is absent, the value of Lifetime-In-Days determines the password duration.

  The Lifetime-In-Days value in the RADIUS dictionary is the default value for
  Ascend-PW-Lifetime. By default, Lifetime-In-Days is 0 (zero). This value means that passwords do not expire.

Emma Password="m2dan", User-Service=Login-User, Ascend-PW-
Expiration="Jan 1, 1997"

          Ascend-PW-Lifetime=30

Ascend-Receive-Secret (215)

Usage: You can use the Ascend-Receive-Secret attribute for CACHE-TOKEN or PAP- TOKEN-CHAP authentication. In either case, you can specify up to 20 characters. The default value is null.

• CACHE-TOKEN authentication uses a shared secret, and simplifies the authentication process by caching the user's token for the fixed length of time specified by the Ascend-Token-Expiry attribute.

  During the lifetime of the token, subsequent calls by the user require only CHAP authentication without the use of a hand-held security card. For this type of authentication, set the Ascend-Receive-Secret attribute to the same password as the Send PW parameter in the Connection profile that places the incoming call. The RADIUS server uses this value to authenticate incoming calls from a user while his or her token is cached and alive. The cached token resides on the MAX during the initial security-card authentication process.

• PAP-TOKEN-CHAP authentication uses an encrypted CHAP password with which the answering unit authenticates second and subsequent channels of an MP+ call.

  For this type of authentication, set Ascend-Receive-Secret to the value of the Aux Send PW parameter in the Connection profile at the remote end.

  In PAP-TOKEN-CHAP authentication, you need to verify only the initial connection using a hand-held security card. CHAP verifies any additional channels. That is, whenever the MAX adds channels to a PPP or MP+ call using PAP-TOKEN-CHAP, the calling unit sends the encrypted value of Aux Send PW, and the answering unit checks this password against Ascend-Receive-Secret. The answering unit receives Ascend-Receive-Secret from the RADIUS server when the first channel of the call connects.

John    Password="SAFEWORD", Ascend-Token-Expiry=90, Ascend-
Token-Idle=80, Ascend-Token-Immediate=Tok-Imm-Yes

            Ascend-Receive-Secret="shared-secret",

            User-Service=Framed-User,

            Framed-Protocol=MPP, 

            Framed-Address=200.0.5.1,

            Framed-Netmask=255.255.255.0

Emma    Password="SAFEWORD"

            User-Service=Framed-User,

            Framed-Protocol=MPP, 

            Framed-Address=200.0.5.1,

            Framed-Netmask=255.255.255.0,

            Ascend-Receive-Secret="b5XSAM"

Ascend-Remote-Addr (155)

Usage: Specify the IP address of the numbered interface. An IP address consists of four numbers between 0 and 255, separated by periods. The default value is 0.0.0.0.

Dependencies: For Ascend-Remote-Addr to apply, you must enable IP for the user profile (Ascend-Route-IP=Route-IP-Yes).

See Also: Ascend-Route-IP (228)

Ascend-Remove-Seconds (241)

When utilization falls below the threshold for a period of time greater than the value of the Ascend-Remove-Seconds attribute, the MAX attempts to remove the number of channels specified by the Ascend-Dec-Channel-Count attribute. Using the Ascend-Remove-Seconds attribute prevents the system from continually subtracting bandwidth, and can slow down the process of removing bandwidth.

Usage: Specify a number between 1 and 300. The default value is 10.

Dependencies: Keep this additional information in mind:

• One channel must be up at all times.

• Removing bandwidth cannot cause the ALU to exceed the threshold specified by the Ascend-Target-Util attribute.

• The number of channels remaining cannot fall below the amount specified by the Ascend-Minimum-Channels attribute.

• Ascend-Add-Seconds and Ascend-Remove-Seconds have little or no effect on a system with a high Ascend-Seconds-Of-History value.

  If the value of Ascend-Seconds-Of-History is low, the Ascend-Add-Seconds and Ascend-Remove-Seconds attributes provide an alternative way to ensure that spikes must persist for a certain period of time before the system responds.

Ascend-Require-Auth (201)

Usage: You can specify one of these values:

• Not-Require-Auth (0) specifies that additional authentication is not required.

  Not-Require-Auth is the default.

• Require-Auth (1) specifies that additional authentication is required.

  If you require additional authentication, you must configure a two-tiered dial-in setup.

  For additional authentication after CLID authentication, the first-tier dial-in user profile has the following two-line format:

phonenum Password="Ascend-CLID"

                      Ascend-Require-Auth=Require-Auth