Freeradius authentication for VSP VOSS Switch

shamsher singh mr.shamshersingh at gmail.com
Fri Mar 24 04:11:47 UTC 2023 

The Radius Server needs to send the VSP switch Vendor Specific Attribute
(VSA) identified as Attribute 26


   - The Vendor Code value for the Vendor Specific Attribute is: 1584.
   - The Vendor Assigned Attribute Number for the Vendor Specific Attribute
   is 192.
   - The Attribute Format for the Vendor Specific Attribute is: decimal.
   - The Attribute Value for the Vendor Specific Attribute is 6.


I need to know how to define VSA in Freeradius, the way the windows radius
server defines it, please see the link it shows how its defined on the
windows radius

https://extremeportal.force.com/ExtrArticleDetail?an=000057339

Shamsher

On Thu, Mar 23, 2023 at 5:39 PM Igor Smitran <sigor at blic.net> wrote:

> Look at the freeradius dictionary files:
>
> dictionary.nortel (VENDOR id 562) or dictionary.bay (Vendor ID 1584 -
> Bay-Networks is now Nortel)
>
> I don't know what do you want to accomplish with attribute 26?
>
> In case you don't have needed attributes you can add them to files
> mentioned above.
>
>
> For example:
>
> to dictionary.bay (id 1584) add lines:
>
> ATTRIBUTE Access-Priority 192 integer
>
> ATTRIBUTE Cli-Commands 193 string
>
> ATTRIBUTE Command-Access 194 integer
>
> ATTRIBUTE Commands 195 string
>
> ATTRIBUTE EAP-Port-Priority 196 integer
>
>
> In your freeradius dictionary config file add include line for your bay
> dictionary:
>
> $INCLUDE /usr/share/freeradius/dictionary.bay
>
>
> Igor
>
>
> On 23.3.23. 23:01, shamsher singh wrote:
> > How would I configure the following on the Freeradius, the following
> works
> > on the Windows server 2016 radius client.
> >
> > The following are the default RADIUS Vendor Specific Attribute values
> > supported by VOSS switches. The same attribute values need to be
> configured
> > on RADIUS server.
> >
> > The RADIUS server needs to be configured to send the Vendor Specific
> > Attribute (VSA), identified as Attribute 26, back to the VSP containing
> the
> > following values:
> >
> >     - The Vendor Code value for the Vendor Specific Attribute is: 1584.
> >     - The Vendor Assigned Attribute Number for the Vendor Specific
> Attribute
> >     is 192.
> >     - The Attribute Format for the Vendor Specific Attribute is: decimal.
> >     - The Attribute Value for the Vendor Specific Attribute is 6.
> >
> > Attribute 26 which is the Vendor-Specific attribute (VSA) within RADIUS
> > which encapsulates vendor specific attributes. Attribute 26 allows
> vendors
> > to support their own custom attributes.
> >
> > Shamsher
> >
> > On Sat, Mar 4, 2023 at 6:02 AM Igor Smitran<sigor at blic.net>  wrote:
> >
> >> It looks like you are sending attribute that your switch doesn't
> recognize.
> >>
> >> Maybe you should send something like
> >>
> >> Access-Priority = 6
> >>
> >> instead of
> >>
> >> Service-Type = Administrative-User
> >>
> >> Maybe your switch rejects all access requests that contain unrecognized
> >> attributes.
> >>
> >> Also, you should include freeradius dictionary in freeradius in case you
> >> didn't.
> >>
> >>
> >> Igor
> >>
> >> On 4.3.23. 02:18, Alan DeKok wrote:
> >>> On Mar 3, 2023, at 7:48 PM, shamsher singh<mr.shamshersingh at gmail.com>
> >> wrote:
> >>>> As per the Extreme support
> >>>     Copying web pages to the mailing list won't help.
> >>>
> >>>> eg : "Free Radius" Script :
> >>>     That's a dictionary.  We know what it is.  We already have copies.
> >>>
> >>>> I am not sure what else to configure on the switch or on the
> Freeradius.
> >>>     It's a networking issue, or a shared secret issue.
> >>>
> >>>     FreeRADIUS sends an Access-Accept.  FreeRADIUS is working fine.
> >>>
> >>>     Something else in the network is broken.  We don't know what it is.
> >> But we do know that it's not FreeRADIUS.
> >>>     This is not a problem we can help with.
> >>>
> >>>     Alan DeKok.
> >>>
> >>> -
> >>> List info/subscribe/unsubscribe? Seehttp://
> >> www.freeradius.org/list/users.html
> >> -
> >> List info/subscribe/unsubscribe? See
> >> http://www.freeradius.org/list/users.html
> >>
> > -
> > List info/subscribe/unsubscribe? Seehttp://
> www.freeradius.org/list/users.html
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>

More information about the Freeradius-Users mailing list