AW: User Problem with Cisco Nexus 4.x

[Jan.Gnepper at t-systems.com]

>> test Auth-Type := Pap, Huntgroup-Name == "nexus", MD5-Password := "098f6bcd4621d373cade4e832627b4f6"
>>         Login-Service = Telnet,
>>         Vendor-Specific = Cisco,
>
> What the HECK is that last line?  Why is it there?  What do you think
>it's doing?
>
>  *Nothing* in any of the documentation leads you to believe that line
>is necessary.
>
>  Delete it.
>
>>         Cisco-AVPair = "shell:roles*\"network-admin\" \"vdc-admin\""
>> ==========================
>> dump_notok_2.cap
>> 
>> test Auth-Type := Pap, Huntgroup-Name == "nexus", MD5-Password := "098f6bcd4621d373cade4e832627b4f6"
>>         Login-Service = Telnet,
>>         Vendor-Specific = 9,
>
>  Delete that line, too.
>
>>         Cisco-AVPair = "shell:roles*\"network-admin\" \"vdc-admin\""
>> ==========================
>> 
>> On Cisco Nexus older NXOS Version 4.2 login is possible with the last config (dump_notok_2.cap",
>> But roles within the av-pairs are ignored. Newer devices (NXOS 4.2 and up) will ignore the "AVP too short"
>> And takeover the roles from the radius paket. Seems that there was an update in the radius implementaion
>> to make it more robust.
>> 
>> And as you can see in the dump_ok.cap, "Vendor-Specific=9" was send, even if it was not in the config.
>> But there is an other cisco av-pair in the config, is this the reason why the vendor-id was added to the reply?
>
>  Don't add "Vendor-Specific" to the reply.  It's not needed.
>
>  Alan DeKok.

Thanks for your answer.
That is exactly what i meaned with "was added automatically".
I found this line in the existing radius configuration of the system i took over.
But i found nowhere in any documentation if this line was realy needed or not.
Googleing shows examples with and without this line. :-(
>From my side this thread is completed now.

Would you please be so kind to answer my other question?
"Devices in more than one huntgroup"