AW: (RADIATOR) Airespace
Hugh Irvine
hugh at open.com.au
Wed Aug 10 16:00:05 CDT 2005
Hello Steve -
Your VSA definitions below look correct.
Thanks for sending them through - I'll add them to the standard
dictionary today.
Radiator attributes are both "in" and "out", and EAP is specified in
the configuration file rather than the dictionary.
regards
Hugh
On 11 Aug 2005, at 01:39, scap wrote:
> Below is what I got from the TAC. I also created, what I think should
> be, the dictionary entries but would like your input as to if I did
> this correctly.
> Does Radiator care if the profile type is "in" or "out" and how do I
> specify in the dictionary?
>
> I am not sure how, or even if, I should have an entry for this;
> RadiusExtensionPoints=EAP which is shown in the 'ini' syntax part
> below.
>
> My entries are:
> #
> # Airespace dictionary IETF Code=14179
> #
>
> VENDORATTR 14179 Airespace-WLAN-Id 1 integer
> VENDORATTR 14179 Airespace-QoS-Level 2 integer
> VENDORATTR 14179 Airespace-DSCP 3 integer
> VENDORATTR 14179 Airespace-802.1p-Tag 4 integer
> VENDORATTR 14179 Airespace-Interface-Name 5 string
> VENDORATTR 14179 Airespace-ACL-Name 6 string
>
> VALUE Airespace-QoS-Level Silver 0
> VALUE Airespace-QoS-Level Gold 1
> VALUE Airespace-QoS-Level Platinum 2
> VALUE Airespace-QoS-Level Bronze 3
>
> **********************************************************************
> ***********
>
>
>> From the TAC:
>>
>
> ---------------------------
> ---------------------------
> airespace.dct (may be Funk):
> http://64.233.187.104/search?q=cache:bzEprlKXdzUJ:lists.cistron.nl/
> archives/freeradius-devel/2004/06/msg00058.html+Airespace
> +VSA&hl=ja&client=firefox-a
>
> ---------------------------
> ---------------------------
> Cisco Access Registrar syntax:
> ---------------------------
> Description = str:[0]
> Name = str:[0]Airespace
> Type = str:[0]SUB_ATTRIBUTES
> VendorID = int32:[0]14179
> VendorTypeSize = str:[0]8-bit
>
> Description = str:[0]
> Max = int32:[0]4294967295
> Min = int32:[0]0
> Name = str:[0]Airespace-WLAN-Id
> SubAttribute = int32:[0]1
> Type = str:[0]UINT32
>
> Description = str:[0]
> Max = int32:[0]3
> Min = int32:[0]0
> Name = str:[0]Airespace-QoS-Level
> SubAttribute = int32:[0]2
> Type = str:[0]ENUM
> 0 = str:[0]Silver
> 1 = str:[0]Gold
> 2 = str:[0]Platinum
> 3 = str:[0]Bronze
>
> Description = str:[0]
> Max = int32:[0]4294967295
> Min = int32:[0]0
> Name = str:[0]Airespace-DSCP
> SubAttribute = int32:[0]3
> Type = str:[0]UINT32
>
> Description = str:[0]
> Max = int32:[0]4294967295
> Min = int32:[0]0
> Name = str:[0]Airespace-802.1P-Tag
> SubAttribute = int32:[0]4
> Type = str:[0]UINT32
>
> Description = str:[0]
> Max = int32:[0]253
> Min = int32:[0]0
> Name = str:[0]Airespace-Interface-Name
> SubAttribute = int32:[0]5
> Type = str:[0]STRING
>
> Description = str:[0]
> Max = int32:[0]253
> Min = int32:[0]0
> Name = str:[0]Airespace-ACL-Name
> SubAttribute = int32:[0]6
> Type = str:[0]STRING
>
> ---------------------------
> ---------------------------
> 'ini' syntax (may be Freeradius):
> ---------------------------
> ;[User Defined Vendor]
> ;
> ; The Name and IETF vendor code and any VSAs MUST be unique.
> ; Name=Acme 7000
> ; IETF Code=9999
> ; RadiusExtensionPoints=list of comma separated Radius extension
> points
> ; The only available option at this moment is EAP (This
> field is optional)
> ;
> ; One or more VSAs named (max 255)
> ; VSA 1=acme-7000-encryption
> ; VSA 6=acme-7000-group
> ;
> ;
> ; Each named VSA requires a definition section?c
> ;
> ; [acme-7000-encryption]
> ;
> ; Types are STRING, INTEGER, IPADDR
> ; Type=INTEGER
> ;
> ; The profile specifies usage, IN for accounting, OUT for
> authorisation, MULTI if more
> ; than a single instance is allowed per RADIUS message.
> Combinations are allowed
> ; eg "IN", "MULTI OUT", "MULT IN OUT"
> ; Profile=IN OUT ;
> ; Enumerations are optional for INTEGER attribute types
> ; Enums=Acme-7000-Encryption-Types
> ;
> ; [Acme-7000-Encryption-Types]
> ;
> ; 0=56-bit
> ; 1=128-bit
> ;
> ;
> ; [acme-7000-group]
> ;
> ; Type=STRING
> ; Profile=OUT
>
>
>
>
> [User Defined Vendor]
>
> Name=Airespace
> IETF Code=14179
> VSA 1=Airespace-WLAN-Id
> VSA 2=Airespace-QoS-Level
> VSA 3=Airespace-DSCP
> VSA 4=Airespace-802.1p-Tag
> VSA 5=Airespace-Interface-Name
> VSA 6=Airespace-ACL-Name
> RadiusExtensionPoints=EAP
>
> [Airespace-WLAN-Id]
>
> Type=INTEGER
> Profile=IN
>
> [Airespace-QoS-Level]
>
> Type=INTEGER
> Profile=OUT
> Enums=QOS-VALUES
>
> [QOS-VALUES]
>
> 0=Silver
> 1=Gold
> 2=Platinum
> 3=Bronze
>
> [Airespace-DSCP]
>
> Type=INTEGER
> Profile=OUT
>
> [Airespace-802.1p-Tag]
>
> Type=INTEGER
> Profile=OUT
>
> [Airespace-Interface-Name]
>
> Type=STRING
> Profile=OUT
>
> [Airespace-ACL-Name]
>
> Type=STRING
> Profile=OUT
>
> Thanks,
> Steve
>
> On 8/9/05, Hugh Irvine <hugh at open.com.au> wrote:
>
>>
>> Hello Martin, Hello Steve -
>>
>> The best answer to both points is to send us any new vendors/VSA's so
>> we can add them to the standard Radiator dictionary. Unfortunately
>> the vendors don't send us their VSA definitions so we have to rely on
>> Radiator users to send them to us.
>>
>> Of course you can add VSA's to the dictionary yourself with any text
>> editor.
>>
>> regards
>>
>> Hugh
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list