RADIUS Vendor-Specific Attributes (VSAs) for Fabric Attach

To aid the proper authentication attributes sent from the RADIUS server to the device, several vendor-specific attributes (VSAs) exist to provide client-specific information from the device and information received from the Fabric Attach client at the time it connects to the network. ExtremeXOS provides support in Fabric Attach for the following VSAs.
Note

Note

Attributes are sent only for NetLogin MAC- and Dot1x-based authentications.
Table 1. VSA Information
VSA Vendor Type Description
Switch Mode (FA-Switch-Mode) 180 Defines the configuration of the FA device itself. It can take on 6 different values.
  • 0 or not sent—Switch has no concept of SPB/Fabric Attach.
  • 1—Switch is a FA server with SPB disabled and FA Enabled.
  • 2—Switch is a FA server with SPB enabled.
  • 3—Switch is a FA proxy connected to a FA Server with SPB disabled and FA enabled.
  • 4—Switch is a FA proxy connected to a FA Server with SPB enabled.
  • 5—Switch is a FA proxy standalone.
Client Identifer (FA-Client-ID) 181 Contains the MAC address of the FA Client received from the FA LLDP messaging.
Client Type (FA-Client-Type) 182 Informs the RADIUS server of what the user requesting authentication‘s primary purpose is. This can allow the RADIUS server to return a consistent set of attributes for clients who have a similar purpose. Accepted values are in the range of 6–17 (client types, not server or proxy types) for this attribute, though values 1–17 are defined.
  • 1—FA Element Type Other
  • 2—FA Server
  • 3—FA Proxy
  • 4—FA-Server No Authentication
  • 5—FA Proxy No Authentication
  • 6—FA Client Wireless AP Type 1 [ clients direct network attachment] (for example: AP 9100)
  • 7—FA Client Wireless AP Type 2 [clients tunneled to controller]
  • 8—FA Client FA Switch
  • 9—FA Client FA Router
  • 10—FA Client IP Phone
  • 11—FA Client IP Camera
  • 12 - FA Client IP Video
  • 13—FA Client Security Device (13) [FW, IPD/IDS etc.]
  • 14—FA Client Virtual Switch
  • 15—FA Client Server/Endpoint
  • 16—FA Client ONA SDN
  • 17—FA Client ONA SPBoIP
Pre-shared Key (PSK) Status (FA-Client-PSK) 183 Used to inform the RADIUS server of the Pre-shared Key status of the client being authenticated. If sent, it can take one of 5 binary values, 0,10,11,100,101.
  • Not Sent—Pre-share Key (PSK) used unknown.
  • 0—FA PSK not enabled on Fabric Attach Switch Port
  • 10—Failed. FA PSK used is default key
  • 11—Passed. FA PSK used is default key
  • 100—Failed. FA PSK used is user-defined
  • 101—Passed. FA PSK used is user-defined