Configuring the Dictionary File

Before you can use Extreme Networks VSAs on a RADIUS server, you must define the VSAs.

On the FreeRADIUS server, you define the VSAs in the dictionary file in the /etc/raddb directory. You must define the vendor ID for Extreme Networks, each of the VSAs you plan to use, and the values to send for the VSAs. The following example shows the entries to add to a FreeRADIUS server dictionary file for Extreme Networks VSAs:

VENDOR          Extreme         1916
ATTRIBUTE    Extreme-CLI-Authorization      201  integer     Extreme
ATTRIBUTE    Extreme-Shell-Command          202   string     Extreme
ATTRIBUTE    Extreme-Netlogin-Vlan          203   string     Extreme
ATTRIBUTE    Extreme-Netlogin-Url           204   string     Extreme
ATTRIBUTE    Extreme-Netlogin-Url-Desc      205   string     Extreme
ATTRIBUTE    Extreme-Netlogin-Only          206  integer     Extreme
ATTRIBUTE    Extreme-User-Location          208   string     Extreme
ATTRIBUTE    Extreme-Netlogin-Vlan-Tag      209  integer     Extreme
ATTRIBUTE    Extreme-Netlogin-Extended-Vlan 211   string     Extreme
ATTRIBUTE    Extreme-Security-Profile       212   string     Extreme
VALUE        Extreme-CLI-Authorization   Disabled       0
VALUE        Extreme-CLI-Authorization   Enabled        1
VALUE        Extreme-Netlogin-Only       Disabled       0
VALUE        Extreme-Netlogin-Only       Enabled        1
# End of Dictionary

The lines that begin with VALUE provide the integers that the RADIUS server sends to the switch when the corresponding text is configured in the RADIUS users file. For example, if the Extreme-CLI-Authorization attribute is set to Enabled for a particular user, the RADIUS server sends the value 1 to the switch (which reduces total bytes transferred). The ExtremeXOS software is designed to interpret the integer values as shown above, so be sure to use these values.