Add VSA in pre-proxy stage

Bjørn Mork bjorn at
Fri Sep 11 20:41:21 CEST 2020

Alan DeKok <aland at> writes:
> On Sep 11, 2020, at 10:06 AM, Arnaud LAURIOU <arnaud.lauriou at> wrote:
>> Hello,
>> I'm trying to add a VSA in an Access-Request before proxing it to an authentification RADIUS server.
>> I use this attribute definition :
>> BEGIN-VENDOR    FreeRADIUS      format=Extended-Vendor-Specific-1
>> ATTRIBUTE       FreeRADIUS-Eduroam-Prevent-Loop         1 integer
>   Please don't use VSAs you don't control.  We will likely add our own
>   definitions which conflict with this one.
>   If you do need custom VSAs, just use a custom vendor number, and
>   create your own dictionary.  i.e. use a vendor number like 32000.
>   Which is used by someone, but 99.99% not for RADIUS.  So it's mostly
>   OK.

Note that a vendor number is cheap.  Actually, free.  As in free beer
Just fill in the form at

Then you can create as many RADIUS VSAs as you like without worrying
about dictionary collisions.  Or at least a couple of hundred :-)

32000 belongs to Ekstrem Bir Bilgisayar, BTW.  


More information about the Freeradius-Users mailing list