Sending Avaya-Fabric-Attach-VLAN-ISID and Avaya-Fabric-Attach-VLAN-PVID after successful authentication
Alan DeKok
aland at deployingradius.com
Tue Oct 15 15:42:14 CEST 2019
On Oct 15, 2019, at 8:29 AM, Jan Hugo Prins <jhp at jhprins.org> wrote:
> I have a cluster of freeradius servers running with an LDAP backend
> which all works fine. I'm also able to return the correct VLAN
> information after a successful authentication of a client. That way I
> can put clients in the correct VLAN based on the authentication /
> authorization matrix etc. Very nice.
That's good.
> In my core network I have Avaya / Extreme VSP 7000 switches in SPBM mode
> and I would like to configure a port on those switches after successful
> authentication, but they don't want VLAN information, but they want
> something else:
>
> VSAs
> • Avaya-Fabric-Attach-VLAN-ISID
> • Avaya-Auto-VLAN-Create
> • Avaya-Fabric-Attach-VLAN-PVID
>
> Documentation about this states the following:
Note: nothing about vendor or attribute numbers. <sigh>
> Does FreeRadius currently support this anywhere in a version?
> Is there a way to get this working by correctly filling the dictionary file?
Fill in the correct dictionary file with the correct numbers, and it will work.
> The man page for the dictionary file states that the VSA's configured
> there will never be send in a radius packet, which makes me suspect that
> this won't work?
The man page doesn't say that. The only attributes which don't get sent in a RADIUS packet are the ones defined in raddb/dictionary. That file explains this, too.
> Documentation on this can be found in
> https://downloads.avaya.com/css/P8/documents/101026369
If you can find documentation on the attribute numbers, we can add it to the dictionaries.
I really wish that vendors would just send us their dictionaries. Or even document them. But apparently no, they hate their customers.
Alan DeKok.
More information about the Freeradius-Users
mailing list