Tunnel-Private-Group-ID undefined tag.

Nathan Ward lists+freeradius at daork.net
Tue Jan 22 01:08:10 CET 2019

> On 22/01/2019, at 1:01 PM, Durand fabrice <fdurand at inverse.ca> wrote:
> Le 19-01-21 à 17 h 28, Alan DeKok a écrit :
>> On Jan 21, 2019, at 4:05 PM, Fabrice Durand <fdurand at inverse.ca> wrote:
>>> i am trying to debug an issue with FreerRADIUS and a cisco switch where the attribute Tunnel-Private-Group-ID (81) is understood by the cisco switch as the attribute Ascend-Auth-Type.
>>> Jan 18 07:37:00: RADIUS:  Tunnel-Type         [64]  6 00:VLAN                   [13]
>>> Jan 18 07:37:00: RADIUS: Ascend-Auth-Type [81]  8   1868981865
>>   No... that's *not* a VSA.  There's no Vendor-ID.
> It looks to be a cisco weird attribute (https://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/access_registrar/6-0-1/user/guide/user_guide/a_attrib.pdf)

The documentation there is (as always) rubbish. The quality of these docs from Cisco are the bane of my existence.

There is an Ascend-Auth-Type 81 VSA, but it’s a VSA, not a standard attribute.

See the ascend dictionary file (dictionary.ascend somewhere in your system).

Of course, Cisco may very well be doing it wrong, and treat attribute 81 as that Ascend attribute, but that would be an implementation bug and should be reported if that’s the case.

Nathan Ward

More information about the Freeradius-Users mailing list