VSA id's higer than 255
Alan DeKok
aland at ox.org
Tue Aug 2 23:09:22 CEST 2005
Michael Lecuyer <mjl at theorem.com> wrote:
> The format for the long tag VSA is the same as the standard
> Vendor-Specific attribute (8 bit tag, 8 bit length) but the
> sub-attribute tag field has been expanded to 16 bits. The sub-attribute
> length field remains 8 bits.
That doesn't sound too bad.
> All vendor specific attributes are coded using 16-bit attribute type in
> network byte order and Lucent-Vendor-Id (4846) as Vendor-Id.
That makes it easier.
> I believe the support for long Vendor-Specific tags was discussed here
> in the past with limited interest in support.
It's about 40 lines of code to support. The weirdness that I recall
was Nortel, which mixed normal VSA's, and USR-style VSA's in the same
vendor space.
> 192.168.1.1 ... VendorLongTags=Ascend
> - indicating that Ascend VSA's use long tags and all other VSA's like
> Cisco) would be short. Ascend / Lucent VSA's do not always use long tag
> VSAs.
If it's always that the Lucent attributes use 16-bit id's, it's OK.
> This introduction of long tags is a real wart for every RADIUS server.
> There are probably other ways to have avoided 16 bit tags. Naturally the
> offender is too big to ignore and arbitrarily forced the issue. Remember
> that in the past Ascend (pre-Lucent) grabbed unassigned RADIUS
> attributes (from 119 to 255) without thinking there might be a problem
> with that either.
Yup.
I'll add something to the CVS head. Grab a snapshot in a few days,
and see if it works.
Alan DeKok.
More information about the Freeradius-Users
mailing list