On 4/26/19 4:23 PM, Alan DeKok wrote:
But if they have ignored the RFC suggestions, it's stupid. That makes it harder for everyone to use their product.
So I heard back from Dell:
The ID the Cx is referencing [in windows NPS this would be the 'Vendor-Assigned attribute number' under 'Configure VSA (RFC Compliant)'] is not listed in the documentation because it genuinely does not matter what number is used, I've tried random #s from 0 to 5000 [in capture packets show "VSA: l=19 t=Unknown-Attribute(255): 7368656c6c3a707269762d6c766c3d3135" where the t=string(#), that # is the OID/Vendor-Assigned attribute number. Any value configured greater than 255 just shows as 255. It really doesn't matter what number you pick.] and any will work so long as the string is present and the line configuration on the switch includes both authENTICATION and authorization
(My root problem was that I had configured the switch for RADIUS authentication, but not RADIUS authorization. Sigh.) I have pointed out to them that they might want to document this wee factoid, since every RADIUS server under the sun is going to want *some* value entered for the vendor type, whether it matters or not. So their VSAs are at least properly formatted ... -- ======================================================================== Ian Pilcher arequipeno@gmail.com -------- "I grew up before Mark Zuckerberg invented friendship" -------- ========================================================================