Using unlang to customize Tunnel-Medium-Type for 3com switches

Stanisław Kamiński stasheck.fora at gmail.com
Tue Sep 20 13:59:45 CEST 2011 

Hi,
my problem: I use RADA on 2 lines of 3com switches:
- those with ComWare 5 expect Radius to return Tunnel-Medium-Type = 
"IEEE-802"
- those with ComWare 3 expect Tunnel-Medium-Type = "802"

Of course, in users, I can use only one of those values, as follows:

f0-0f-de-ad-f0-01 Cleartext-Password := "f0-0f-de-ad-f0-01"
         Tunnel-Medium-Type = "IEEE-802",
         Tunnel-Private-Group-Id := 3,
         Tunnel-Type = VLAN

Fortunately, after switching Radius mode on Comware3 switches to 
"extended", they started to introduce themselves:

rad_recv: Access-Request packet from host 172.23.30.70 port 41201, 
id=97, length=130
         User-Name = "f0-0f-de-ad-f0-01"
         User-Password = "f0-0f-de-ad-f0-01"
         NAS-IP-Address = 172.23.30.210
         NAS-Identifier = "deadbeef1e02"
         NAS-Port = 16867329
         NAS-Port-Id = "unit=1;subslot=0;port=22;vlanid=1"
         NAS-Port-Type = Ethernet
         Service-Type = Framed-User
         Framed-Protocol = PPP
         Calling-Station-Id = "f00f-dead-f001"
         3Com-Connect_Id = 9
         3Com-Product-ID = "4200G"
         3Com-NAS-Startup-Timestamp = 954636905

I can see 3Com-Product-ID = "4200G", and I would like to change 
Tunnel-Medium-Type to 802 if I see it.

After looking at unlang man page - explains the basics, but show no 
examples; radiusd.conf - still no examples; and googling - some 
examples, but I counted 4 of them (maybe I searched the wrong way, but 
see for yourself what does "unlang examples" yield) I decided to write 
here for help.

 From what I read, I should add the condition in "post-auth" section. As 
I understand it, it should look like this:

if ( "%{request:3Com-Product-ID}" == "4200G" ) {
	update reply {
		Tunnel-Medium-Type = "802"
	}
}

is that about right? (and yes, I should find that by myself, only 
explanation is that test system setup would take ~3-4 hrs and I can't do 
testing on production - whereas I count on you being able to tell right 
from wrong in about ~5 sec).

Thanks in advance,
Stan

More information about the Freeradius-Users mailing list