Tunnel-Private-Group-ID undefined tag.
Durand fabrice
fdurand at inverse.ca
Tue Jan 22 01:01:15 CET 2019
Le 19-01-21 à 17 h 28, Alan DeKok a écrit :
> On Jan 21, 2019, at 4:05 PM, Fabrice Durand <fdurand at inverse.ca> wrote:
>> i am trying to debug an issue with FreerRADIUS and a cisco switch where the attribute Tunnel-Private-Group-ID (81) is understood by the cisco switch as the attribute Ascend-Auth-Type.
>>
>> Jan 18 07:37:00: RADIUS: Tunnel-Type [64] 6 00:VLAN [13]
>> Jan 18 07:37:00: RADIUS: Ascend-Auth-Type [81] 8 1868981865
> No... that's *not* a VSA. There's no Vendor-ID.
It looks to be a cisco weird attribute
(https://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/access_registrar/6-0-1/user/guide/user_guide/a_attrib.pdf)
>
>> Jan 18 07:37:00: RADIUS: Tunnel-Medium-Type [65] 6 00:ALL_802 [6]
>> Jan 18 07:37:00: RADIUS(00000000): Received from id 1645/16
>> Jan 18 07:37:00: RADIUS: unsupported value 1868981865 in attribute 81
>> Jan 18 07:37:00: RADIUS/DECODE: Ascend auth type; FAIL
>> Jan 18 07:37:00: RADIUS/DECODE: decoder; FAIL
>> Jan 18 07:37:00: RADIUS/DECODE: attribute Ascend-Auth-Type; FAIL
>>
>> The issue is related to a configuration parameter (non-standard) defined in the radius configuration section (switch side).
>>
>> So if i remove this configuration parameter it works.
> Call Cisco and tell them that their switch is buggy. The kind of bug which of the kind: "How the HECK did you do something that ridiculous"?
>
> Ask them to provide a fix. RFC 2868 is from 2000. i.e. it's 20 years old. There's just no excuse for this kind of incompatibility.
Completely agree.
>
>> Is it a bug in FreeRADIUS or is it something normal ?
> The RFCs make it clear that (a) tagged integers are special, there's no real "tag" field and (b) tags of 0 are special.
Thanks for the reply, i was unsure what the radius reply was supposed to
be (tag versus no tag).
Regards
Fabrice
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list