Freeradius authentication for VSP VOSS Switch

Igor Smitran sigor at blic.net
Thu Mar 23 23:38:49 UTC 2023 

Look at the freeradius dictionary files:

dictionary.nortel (VENDOR id 562) or dictionary.bay (Vendor ID 1584 - 
Bay-Networks is now Nortel)

I don't know what do you want to accomplish with attribute 26?

In case you don't have needed attributes you can add them to files 
mentioned above.


For example:

to dictionary.bay (id 1584) add lines:

ATTRIBUTE Access-Priority 192 integer

ATTRIBUTE Cli-Commands 193 string

ATTRIBUTE Command-Access 194 integer

ATTRIBUTE Commands 195 string

ATTRIBUTE EAP-Port-Priority 196 integer


In your freeradius dictionary config file add include line for your bay 
dictionary:

$INCLUDE /usr/share/freeradius/dictionary.bay


Igor


On 23.3.23. 23:01, shamsher singh wrote:
> How would I configure the following on the Freeradius, the following works
> on the Windows server 2016 radius client.
>
> The following are the default RADIUS Vendor Specific Attribute values
> supported by VOSS switches. The same attribute values need to be configured
> on RADIUS server.
>
> The RADIUS server needs to be configured to send the Vendor Specific
> Attribute (VSA), identified as Attribute 26, back to the VSP containing the
> following values:
>
>     - The Vendor Code value for the Vendor Specific Attribute is: 1584.
>     - The Vendor Assigned Attribute Number for the Vendor Specific Attribute
>     is 192.
>     - The Attribute Format for the Vendor Specific Attribute is: decimal.
>     - The Attribute Value for the Vendor Specific Attribute is 6.
>
> Attribute 26 which is the Vendor-Specific attribute (VSA) within RADIUS
> which encapsulates vendor specific attributes. Attribute 26 allows vendors
> to support their own custom attributes.
>
> Shamsher
>
> On Sat, Mar 4, 2023 at 6:02 AM Igor Smitran<sigor at blic.net>  wrote:
>
>> It looks like you are sending attribute that your switch doesn't recognize.
>>
>> Maybe you should send something like
>>
>> Access-Priority = 6
>>
>> instead of
>>
>> Service-Type = Administrative-User
>>
>> Maybe your switch rejects all access requests that contain unrecognized
>> attributes.
>>
>> Also, you should include freeradius dictionary in freeradius in case you
>> didn't.
>>
>>
>> Igor
>>
>> On 4.3.23. 02:18, Alan DeKok wrote:
>>> On Mar 3, 2023, at 7:48 PM, shamsher singh<mr.shamshersingh at gmail.com>
>> wrote:
>>>> As per the Extreme support
>>>     Copying web pages to the mailing list won't help.
>>>
>>>> eg : "Free Radius" Script :
>>>     That's a dictionary.  We know what it is.  We already have copies.
>>>
>>>> I am not sure what else to configure on the switch or on the Freeradius.
>>>     It's a networking issue, or a shared secret issue.
>>>
>>>     FreeRADIUS sends an Access-Accept.  FreeRADIUS is working fine.
>>>
>>>     Something else in the network is broken.  We don't know what it is.
>> But we do know that it's not FreeRADIUS.
>>>     This is not a problem we can help with.
>>>
>>>     Alan DeKok.
>>>
>>> -
>>> List info/subscribe/unsubscribe? Seehttp://
>> www.freeradius.org/list/users.html
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
> -
> List info/subscribe/unsubscribe? Seehttp://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list