Freeradius authentication for VSP VOSS Switch

Jonathan Davis jonathan at prioritycolo.com
Fri Mar 24 11:52:37 UTC 2023 

Where are you getting stuck, or what part are you having trouble with ?

> On Mar 24, 2023, at 12:12 AM, shamsher singh <mr.shamshersingh at gmail.com> wrote:
> 
> The Radius Server needs to send the VSP switch Vendor Specific Attribute
> (VSA) identified as Attribute 26
> 
> 
>   - The Vendor Code value for the Vendor Specific Attribute is: 1584.
>   - The Vendor Assigned Attribute Number for the Vendor Specific Attribute
>   is 192.
>   - The Attribute Format for the Vendor Specific Attribute is: decimal.
>   - The Attribute Value for the Vendor Specific Attribute is 6.
> 
> 
> I need to know how to define VSA in Freeradius, the way the windows radius
> server defines it, please see the link it shows how its defined on the
> windows radius
> 
> https://extremeportal.force.com/ExtrArticleDetail?an=000057339
> 
> Shamsher
> 
>> On Thu, Mar 23, 2023 at 5:39 PM Igor Smitran <sigor at blic.net> wrote:
>> 
>> Look at the freeradius dictionary files:
>> 
>> dictionary.nortel (VENDOR id 562) or dictionary.bay (Vendor ID 1584 -
>> Bay-Networks is now Nortel)
>> 
>> I don't know what do you want to accomplish with attribute 26?
>> 
>> In case you don't have needed attributes you can add them to files
>> mentioned above.
>> 
>> 
>> For example:
>> 
>> to dictionary.bay (id 1584) add lines:
>> 
>> ATTRIBUTE Access-Priority 192 integer
>> 
>> ATTRIBUTE Cli-Commands 193 string
>> 
>> ATTRIBUTE Command-Access 194 integer
>> 
>> ATTRIBUTE Commands 195 string
>> 
>> ATTRIBUTE EAP-Port-Priority 196 integer
>> 
>> 
>> In your freeradius dictionary config file add include line for your bay
>> dictionary:
>> 
>> $INCLUDE /usr/share/freeradius/dictionary.bay
>> 
>> 
>> Igor
>> 
>> 
>>> On 23.3.23. 23:01, shamsher singh wrote:
>>> How would I configure the following on the Freeradius, the following
>> works
>>> on the Windows server 2016 radius client.
>>> 
>>> The following are the default RADIUS Vendor Specific Attribute values
>>> supported by VOSS switches. The same attribute values need to be
>> configured
>>> on RADIUS server.
>>> 
>>> The RADIUS server needs to be configured to send the Vendor Specific
>>> Attribute (VSA), identified as Attribute 26, back to the VSP containing
>> the
>>> following values:
>>> 
>>>    - The Vendor Code value for the Vendor Specific Attribute is: 1584.
>>>    - The Vendor Assigned Attribute Number for the Vendor Specific
>> Attribute
>>>    is 192.
>>>    - The Attribute Format for the Vendor Specific Attribute is: decimal.
>>>    - The Attribute Value for the Vendor Specific Attribute is 6.
>>> 
>>> Attribute 26 which is the Vendor-Specific attribute (VSA) within RADIUS
>>> which encapsulates vendor specific attributes. Attribute 26 allows
>> vendors
>>> to support their own custom attributes.
>>> 
>>> Shamsher
>>> 
>>>> On Sat, Mar 4, 2023 at 6:02 AM Igor Smitran<sigor at blic.net>  wrote:
>>> 
>>>> It looks like you are sending attribute that your switch doesn't
>> recognize.
>>>> 
>>>> Maybe you should send something like
>>>> 
>>>> Access-Priority = 6
>>>> 
>>>> instead of
>>>> 
>>>> Service-Type = Administrative-User
>>>> 
>>>> Maybe your switch rejects all access requests that contain unrecognized
>>>> attributes.
>>>> 
>>>> Also, you should include freeradius dictionary in freeradius in case you
>>>> didn't.
>>>> 
>>>> 
>>>> Igor
>>>> 
>>>> On 4.3.23. 02:18, Alan DeKok wrote:
>>>>> On Mar 3, 2023, at 7:48 PM, shamsher singh<mr.shamshersingh at gmail.com>
>>>> wrote:
>>>>>> As per the Extreme support
>>>>>    Copying web pages to the mailing list won't help.
>>>>> 
>>>>>> eg : "Free Radius" Script :
>>>>>    That's a dictionary.  We know what it is.  We already have copies.
>>>>> 
>>>>>> I am not sure what else to configure on the switch or on the
>> Freeradius.
>>>>>    It's a networking issue, or a shared secret issue.
>>>>> 
>>>>>    FreeRADIUS sends an Access-Accept.  FreeRADIUS is working fine.
>>>>> 
>>>>>    Something else in the network is broken.  We don't know what it is.
>>>> But we do know that it's not FreeRADIUS.
>>>>>    This is not a problem we can help with.
>>>>> 
>>>>>    Alan DeKok.
>>>>> 
>>>>> -
>>>>> List info/subscribe/unsubscribe? Seehttp://
>>>> www.freeradius.org/list/users.html
>>>> -
>>>> List info/subscribe/unsubscribe? See
>>>> http://www.freeradius.org/list/users.html
>>>> 
>>> -
>>> List info/subscribe/unsubscribe? Seehttp://
>> www.freeradius.org/list/users.html
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list