salt-encrypted VSAs?
Bjørn Mork
bjorn at mork.no
Thu Aug 25 13:08:18 CEST 2005
Hello,
I was hoping to send a few salt-encrypted VSAs to an ERX using
FreeRADIUS Version 1.0.4, but I can't find any examples of how to do
that. Is it possible, and if so, how?
The format of the VSAs is documented on
http://www.juniper.net/techpubs/software/erx/junose700/swconfig-broadband/html/radius-attributes.html#335311
My initial (far fetched) attempt was to modify dictionary.erx like
this:
VENDOR ERX 4874
BEGIN-VENDOR ERX
ATTRIBUTE ERX-Virtual-Router-Name 1 string
[..]
ATTRIBUTE ERX-LI-Action 58 integer encrypt=1
ATTRIBUTE ERX-Med-Dev-Handle 59 string encrypt=1
ATTRIBUTE ERX-Med-Ip-Address 60 ipaddr encrypt=1
ATTRIBUTE ERX-Med-Port-Number 61 integer encrypt=1
END-VENDOR ERX
[..]
VALUE ERX-LI-Action off 0
VALUE ERX-LI-Action on 1
VALUE ERX-LI-Action noop 2
I also tried the other documented encrypt-values, with no success. As
probably should be expected?
The ERX seems to just ignore Access-Accept packets with any of these
attributes. They are not even logged as received. Not much help
there.
Cisco has a bit better documentation with some examples (but not for
FreeRADIUS) here:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t8/ftencvsa.htm
Does anyone have an idea of how to do this with FreeRADIUS?
Bjørn
More information about the Freeradius-Users
mailing list