Sending Avaya-Fabric-Attach-VLAN-ISID and Avaya-Fabric-Attach-VLAN-PVID after successful authentication
Jan Hugo Prins
jhp at jhprins.org
Tue Oct 15 22:05:27 CEST 2019
Hello Alan,
Some more information, a GTAC with Extreme Networking gave me the
following information:
Fabric-Attach-VLAN-Create - 170, unsigned 32-bit
Fabric-Attach-VLAN-ISID - 171, string
Fabric-Attach-VLAN-PVID - 172, unsigned 32-bit
Fabric-Attach-Switch-Mode - 180,unsigned 32-bit
Fabric-Attach-Client-Id - 181,string
Fabric-Attach-Client-Type - 182,string
With the mail I send earlier, it looks like we have all information now,
just need to know where to put it exactly.
Could you add this to the Nortel dictionary in FreeRadius?
Thank you very much.
Jan Hugo Prins
On 10/15/19 3:42 PM, Alan DeKok wrote:
> On Oct 15, 2019, at 8:29 AM, Jan Hugo Prins <jhp at jhprins.org> wrote:
>> I have a cluster of freeradius servers running with an LDAP backend
>> which all works fine. I'm also able to return the correct VLAN
>> information after a successful authentication of a client. That way I
>> can put clients in the correct VLAN based on the authentication /
>> authorization matrix etc. Very nice.
> That's good.
>
>> In my core network I have Avaya / Extreme VSP 7000 switches in SPBM mode
>> and I would like to configure a port on those switches after successful
>> authentication, but they don't want VLAN information, but they want
>> something else:
>>
>> VSAs
>> • Avaya-Fabric-Attach-VLAN-ISID
>> • Avaya-Auto-VLAN-Create
>> • Avaya-Fabric-Attach-VLAN-PVID
>>
>> Documentation about this states the following:
> Note: nothing about vendor or attribute numbers. <sigh>
>
>> Does FreeRadius currently support this anywhere in a version?
>> Is there a way to get this working by correctly filling the dictionary file?
> Fill in the correct dictionary file with the correct numbers, and it will work.
>
>> The man page for the dictionary file states that the VSA's configured
>> there will never be send in a radius packet, which makes me suspect that
>> this won't work?
> The man page doesn't say that. The only attributes which don't get sent in a RADIUS packet are the ones defined in raddb/dictionary. That file explains this, too.
>
>> Documentation on this can be found in
>> https://downloads.avaya.com/css/P8/documents/101026369
> If you can find documentation on the attribute numbers, we can add it to the dictionaries.
>
> I really wish that vendors would just send us their dictionaries. Or even document them. But apparently no, they hate their customers.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list