Tunnel-Private-Group-ID undefined tag.

Durand fabrice fdurand at inverse.ca
Tue Jan 22 01:01:15 CET 2019


Le 19-01-21 à 17 h 28, Alan DeKok a écrit :
> On Jan 21, 2019, at 4:05 PM, Fabrice Durand <fdurand at inverse.ca> wrote:
>> i am trying to debug an issue with FreerRADIUS and a cisco switch where the attribute Tunnel-Private-Group-ID (81) is understood by the cisco switch as the attribute Ascend-Auth-Type.
>>
>> Jan 18 07:37:00: RADIUS:  Tunnel-Type         [64]  6 00:VLAN                   [13]
>> Jan 18 07:37:00: RADIUS: Ascend-Auth-Type [81]  8   1868981865
>    No... that's *not* a VSA.  There's no Vendor-ID.
It looks to be a cisco weird attribute 
(https://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/access_registrar/6-0-1/user/guide/user_guide/a_attrib.pdf)
>
>> Jan 18 07:37:00: RADIUS:  Tunnel-Medium-Type  [65]  6 00:ALL_802                [6]
>> Jan 18 07:37:00: RADIUS(00000000): Received from id 1645/16
>> Jan 18 07:37:00: RADIUS: unsupported value 1868981865 in attribute 81
>> Jan 18 07:37:00: RADIUS/DECODE: Ascend auth type; FAIL
>> Jan 18 07:37:00: RADIUS/DECODE: decoder; FAIL
>> Jan 18 07:37:00: RADIUS/DECODE: attribute Ascend-Auth-Type; FAIL
>>
>> The issue is related to a configuration parameter (non-standard) defined in the radius configuration section (switch side).
>>
>> So if i remove this configuration parameter it works.
>    Call Cisco and tell them that their switch is buggy.  The kind of bug which of the kind: "How the HECK did you do something that ridiculous"?
>
>    Ask them to provide a fix.  RFC 2868 is from 2000.  i.e. it's 20 years old.  There's just no excuse for this kind of incompatibility.
Completely agree.
>
>> Is it a bug in FreeRADIUS or is it something normal ?
>    The RFCs make it clear that (a) tagged integers are special, there's no real "tag" field and (b) tags of 0 are special.

Thanks for the reply, i was unsure what the radius reply was supposed to 
be (tag versus no tag).

Regards

Fabrice


>    Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list