[c-nsp] Cisco AV Pairs

James Bensley jwbensley at gmail.com
Thu Dec 4 11:04:48 EST 2014

On 3 December 2014 at 13:50, James Bensley <jwbensley at gmail.com> wrote:
> Hi All,
> I've been working with TAC on some LNS issues and asked if they could
> provide a list of all AVPairs configurable and supported on Cisco
> routers. They couldn't.
> Does anyone know of a list on line or can anyone supply a list they
> have built up, of supported AV Pairs (generic ones such as
> "Framed-IP-Address" and Cisco specific ones such as "ip:ip-unnumbered"
> and older style "lcp:interface-config") ?
> Cheers,
> James.

Hi All,

In response to some off-list replies requesting a copy of what I
find...Well so far I havne't found anything I didn't already have
written down. Perhaps there just aren't that many, or perhaps there
others aren't used becasue there is no use for them, so they're
unpublished....who knows...

Full PPP example user:

Framed-Protocol = PPP,
Framed-IP-Address =,
Framed-IP-Netmask =,
Framed-MTU = 1492,
Framed-Compression = Van-Jacobson-TCP-IP, or "None" # Don't set this
to prevent full VAIs attempting to initiate on ASRs, settign None
isn't enough
Service-Type = Framed-User, or "Framed"
Session-Timeout = 0 # Max time a user may receive service
Idle-Timeout = 300 # Max idle timeout does not include control traffic

Tunnel-Type = L2TP,
Tunnel-Medium-Type = IP, or "IPv4"
Tunnel-Password = password-returned-to-LAC,
Tunnel-Server-Endpoint =, # LNS IP returned to LAC
Tunnel-Client-Auth-ID = LAC-username-returned-to-LAC,
Tunnel-Server-Auth-ID = LNS-username-returned-to-LAC

Multiple tunnel end-points (LNS') using preferences, lowest is higher
priority (more preferred), equal for round-robin:

Tunnel-Type = :1:L2TP,
Tunnel-Medium-Type = :1:IPv4,
Tunnel-Client-Auth-ID = :1:lac-username,
Tunnel-Server-Auth-ID = :1:lns1-username,
Tunnel-Password = :1:lns1-password,
Tunnel-Server-Endpoint = :1:,
Tunnel-Preference = :1:100,
Tunnel-Type += :2:L2TP,
Tunnel-Medium-Type += :2:IPv4,
Tunnel-Client-Auth-ID += :2:lac-username,
Tunnel-Server-Auth-ID += :1:lns2-username,
Tunnel-Password += :1:lns1-password,
Tunnel-Server-Endpoint += :2:
Tunnel-Preference += :1:100

Cisco Specific AV Pairs

Cisco new style ("ip") VSAs

# Push two static routes to the LNS which route via the this PPP
session and another backup path
Cisco-AVPair = "ip:route= 150 tag 150",
Cisco-AVPair += "ip:route= 160 tag 160"

# Static route insite vrf:
Cisco-AVPair = "ip:route=vrf CUST-ABC"

# Set VAI in VRF
Cisco-AVpair = "ip:vrf-id=CUST-ABC"

# Set VAI QoS policy
Cisco-AVPair = "ip:sub-qos-policy-out=PM-ADSL-8M-POLICE"

# Set VAI unnumbered loopback interface
Cisco-AVpair = "ip:ip-unnumbered=Loopback1610"

Cisco old style ("lcp") VSAs The lcp:interface-config command forces
the router to create full VAIs instead of subinterface VAIs. Full VAIs
consume more memory and are less scalable, and they follow a
significantly slower and different path when sessions are established.

# Set VAI in VRF
Cisco-Avpair = "lcp:interface-config=ip vrf forwarding CUST-ABC"

# Set VAI inboud VRF (add the PPP session IP to the VRF table to use with PBR)
Cisco-AVPair = "lcp:interface-config=ip vrf receive CUST-1-VRF"

# Set VAI inbound to multiple VRFs to routes based on PBR
Cisco-AVPair = "lcp:interface-config#1=ip policy route-map CUST-MGMT-PBR",
Cisco-AVPair += "lcp:interface-config#2=ip vrf receive CUST-1-VRF",
Cisco-AVPair += "lcp:interface-config#3=ip vrf receive MGMT-VRF"

# Set VAI keepalive timer
Cisco-AVPair = "lcp:interface-config=keepalive 2 5"

# Set VAI Policy Based Routing route-map
Cisco-AVPair = "lcp:interface-config=ip policy route-map MY-PBR-MAP"

# Set VAI Policer
Cisco-AVPair = "lcp:interface-config=rate-limit input 256000 7500 7500
conform-action transmit exceed-action drop",
Cisco-AVPair += "lcp:interface-config=rate-limit output 1024000 20000
20000 conform-action transmit exceed-action drop"

# Set VAI QoS policy
Cisco-AVPair = "lcp:interface-config=service-policy output PM-ADSL-8M-POLICE"

# Set VAI unnumbered loopback interface
Cisco-AVPair = "lcp:interface-config=ip unnumbered Loopback100"

# Disable IP uRPF on VAI
Cisco-AVPair = "lcp:interface-config=no ip verify unicast reverse-path"

Adding multiple AVPairs in order:

Cisco-AVPair = "lcp:interface-config#1=ip policy route-map MY-PBR-MAP",
Cisco-AVPair += "lcp:interface-config#2=ip vrf receive CUST-ABC",
Cisco-AVPair += "lcp:interface-config#3=ip unnumbered Loopback100"

Kind regards,

More information about the cisco-nsp mailing list