Name
Vendor-Specific
Synopsis
Attribute Number |
26 |
Length |
7 or more octets |
Value |
STRING |
Allowed in |
Access-Accept, Access-Request, Access-Challenge |
Prohibited in |
Access-Reject |
Presence in Packet |
Not required |
Maximum Iterations |
Unlimited |
This attribute is used to carry attributes that are not specified in the RADIUS RFC. Vendors, NAS manufacturers, and others may want to transmit various implementation-specific information to the client and server and, thus, need a way to pass that information. However, this vendor information passed in addition to the standard global attributes absolutely cannot affect the operation of the base RADIUS protocol in any way. In Chapter 2, I discussed the format of a vendor-specific AVP and how one is carried inside this attribute.
Of particular interest is the type of this attribute. It is listed as a STRING type, but effectively it is seen as a pattern of undistinguished octets—this is to ensure the parts of the implementation that are not aware of the vendor-specific values do not misconfigure themselves or otherwise do detriment to the connection. Further, the value of the VSA within the vendor-specific AVP actually has several specification fields—think of them as “microfields” that further qualify the VSA. This eliminates any confusion and conflict between attributes specific to a vendor’s implementation and attributes generally available per the RADIUS RFC.
Get RADIUS now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.