Sending Avaya-Fabric-Attach-VLAN-ISID and Avaya-Fabric-Attach-VLAN-PVID after successful authentication

Jan Hugo Prins jhp at jhprins.org
Tue Oct 15 21:58:26 CEST 2019 

Hello Alan,

I found the following information in a forum on the Extreme Networking site:

#
# /usr/share/freeradius/dictionary.nortel
#

VENDOR          Nortel                          562
BEGIN-VENDOR    Nortel

ATTRIBUTE       Fabric-Attach-VLAN-Create               170     integer
ATTRIBUTE       Fabric-Attach-VLAN-ISID                 171     string
ATTRIBUTE       Fabric-Attach-VLAN-PVID                 172     integer

VALUE           Fabric-Attach-VLAN-Create               No      0
VALUE           Fabric-Attach-VLAN-Create               Yes     1
VALUE           Fabric-Attach-VLAN-ISID
VALUE           Fabric-Attach-VLAN-PVID


With an example:

# Create and assing Vlan 11 untagged
00-00-70-70-AA-BB
        Fabric-Attach-VLAN-Create       = "Yes",
        Fabric-Attach-VLAN-ISID         = "11:10011",
        Fabric-Attach-VLAN-PVID         = "11"

I'm going to test it tomorrow in my setup, but I would like to know one
thing.
Can I just add the above dictionary information to the
/etc/raddb/dictionary file, or do I need to extend the dictionary.nortel
file with this information?

Thanks in advance,
Jan Hugo Prins



On 10/15/19 3:42 PM, Alan DeKok wrote:
> On Oct 15, 2019, at 8:29 AM, Jan Hugo Prins <jhp at jhprins.org> wrote:
>> I have a cluster of freeradius servers running with an LDAP backend
>> which all works fine. I'm also able to return the correct VLAN
>> information after a successful authentication of a client. That way I
>> can put clients in the correct VLAN based on the authentication /
>> authorization matrix etc. Very nice.
>   That's good.
>
>> In my core network I have Avaya / Extreme VSP 7000 switches in SPBM mode
>> and I would like to configure a port on those switches after successful
>> authentication, but they don't want VLAN information, but they want
>> something else:
>>
>> VSAs
>> • Avaya-Fabric-Attach-VLAN-ISID
>> • Avaya-Auto-VLAN-Create
>> • Avaya-Fabric-Attach-VLAN-PVID
>>
>> Documentation about this states the following:
>   Note: nothing about vendor or attribute numbers.  <sigh>
>
>> Does FreeRadius currently support this anywhere in a version?
>> Is there a way to get this working by correctly filling the dictionary file?
>   Fill in the correct dictionary file with the correct numbers, and it will work.
>
>> The man page for the dictionary file states that the VSA's configured
>> there will never be send in a radius packet, which makes me suspect that
>> this won't work?
>   The man page doesn't say that.  The only attributes which don't get sent in a RADIUS packet are the ones defined in raddb/dictionary.  That file explains this, too.
>
>> Documentation on this can be found in
>> https://downloads.avaya.com/css/P8/documents/101026369
>   If you can find documentation on the attribute numbers, we can add it to the dictionaries.
>
>   I really wish that vendors would just send us their dictionaries.  Or even document them.  But apparently no, they hate their customers.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

More information about the Freeradius-Users mailing list