Alan DeKok <[email protected]> writes: > Bjørn Mork wrote: >> [email protected] writes: >>> Switch users guide. It will tell you what attributes and what values to >>> return. >> >> Really? That would be most unusual. > > The documentation from normal switch vendors includes instructions on > how to configure the switch. e.g. from the CLI, or from RADIUS.
Yes. But usually that documentation is limited to how you configure radius server address, port and key, and sometimes timeouts and/or failover strategy. VSAs are also usually documented. But the standard RFC attributes and their meaning to the switch/router are rarely documented in my experience. Now, you could argue that those attributes are documented in RFCs which the documentation most often will refer to, which of course is correct. But the fact is that the answer to this particular question isn't very obvious the first time you configure management access to a switch (or router or access point or whatever). And we've all been there. Some of us were lucky and inherited a working configuration a decade ago. Some are not so lucky. I may be wrong (please prove me so!), but I don't think pointing to the switch documentation will ever help if you got the Service-Type wrong. > If the documentation does not contain instructions for how to > configure the switch, you should throw it in the garbage, and by a > switch from a real vendor. Oh, the documentation does contain instructions for how to configure the switch. But in vendor language "configure the switch" means using the CLI or web GUI. Interpretation of standard RADIUS attributes, or any other protocol for that sake, is not considered part of the configuration. So you will know how to configure the switch, but you just don't know how to configure the other end. From the switch vendor's point of view, that is part of the RADIUS server documentation. Bjørn - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
