Ask Your Question
0

how do I add a compound vendor specific attribute to a radius dictionary

asked 2019-10-24 22:52:19 +0000

adrian gravatar image

updated 2019-10-25 09:25:36 +0000

grahamb gravatar image

Hi, I'm trying to add the starent VSA #216 - SN1-NAT-Bind-Record and am having problems trying to sort out how to do so

I've narrowed it down to the dictionary.starent.vsa1 and have tried a number of permutations including

ATTRIBUTE   SN1-NAT-Bind-Record             216 tlv
ATTRIBUTE   NAT-IP-Address                  216.1   integer
ATTRIBUTE   NAT-Port-Block-Start            216.2   short
ATTRIBUTE   NAT-Port-Block-End              216.3   short
ATTRIBUTE   Alloc-Flag                      216.4   byte

VALUE Alloc-Flag                        De-Allocated            0
VALUE Alloc-Flag                        Allocated               1

ATTRIBUTE   Correlation-Id                  216.5   string
ATTRIBUTE   Loading-Factor                  216.6   byte
ATTRIBUTE   Binding-Timer                   216.7   integer

and

ATTRIBUTE SN1-NAT-Bind-Record 216 tlv 
BEGIN-TLV SN1-NAT-Bind-Record
    SUBTYPE SN1-NAT-Bind-Record NAT-IP-Address 216.1 ipaddr
    SUBTYPE SN1-NAT-Bind-Record  NAT-Port-Block-Start 2 short
    SUBTYPE SN1-NAT-Bind-Record  NAT-Port-Block-End 3 short
    SUBTYPE SN1-NAT-Bind-Record  NAT-Port-Chunk-Alloc 4 byte
    SUBTYPE SN1-NAT-Bind-Record  Correlation-Id 5 string
    SUBTYPE SN1-NAT-Bind-Record  Loading-Factor 6 byte
    SUBTYPE SN1-NAT-Bind-Record  Binding-Timer-Value 7 integer
END-TLV SN1-NAT-Bind-Record

And other permutations that don't work.

From the Cisco Docs

SN1-NAT-Bind-Record
This attribute contains the NAT Binding Record.
Type 26
Vendor ID 8164
VSA Type 216
Syntax Compound.

Contains the following sub-attribute(s).

NAT IP address
Syntax IPv4 Address
Length 4
Type 1

NAT-Port-Block-Start   Start port of the port chunk
Syntax Unsigned Integer
Length 2
Type 2


NAT-Port-Block-End   End port of the port chunk.
Syntax Unsigned Integer
Length 2
Type 3


Alloc-Flag   Port chunk status. Accepted Values are 0(De-Allocated) and 1(Allocated).
Syntax Unsigned Integer
Length 1
Type 4


Correlation-Id   Correlation ID.
Syntax String
Length 1-253
Type 5


Loading-Factor  Indicates maximum number of users per NAT IP address.
Syntax Unsigned Integer
Length 2
Type 6


Binding-Timer   Port chunk hold timer.
Syntax Unsigned Integer
Length 4
Type 7

Has anyone managed to get this VSA decoded in wireshark?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2019-10-24 23:26:22 +0000

adrian gravatar image

updated 2019-10-24 23:27:59 +0000

The best questions are the ones you answer yourself. This is close enough to working for me

ATTRIBUTE SN1-NAT-Bind-Record 216 tlv 
BEGIN-TLV SN1-NAT-Bind-Record
    ATTRIBUTE NAT-IP-Address 1 ipaddr
    ATTRIBUTE NAT-Port-Block-Start 2 integer16
    ATTRIBUTE NAT-Port-Block-End 3 integer16
    ATTRIBUTE NAT-Port-Chunk-Alloc 4 integer8
    ATTRIBUTE NAT-Correlation-Id 5 string
    ATTRIBUTE NAT-Loading-Factor 6 integer16
    ATTRIBUTE NAT-Binding-Timer-Value 7 integer
END-TLV SN1-NAT-Bind-Record
edit flag offensive delete link more

Comments

I massaged it a little more and this works well - I'm seeing human readable values in the UI now.

ATTRIBUTE SN1-NAT-Bind-Record 216 tlv #string none both single
BEGIN-TLV SN1-NAT-Bind-Record
    ATTRIBUTE NAT-IP-Address 1 ipaddr
    ATTRIBUTE NAT-Port-Block-Start 2 byte
    ATTRIBUTE NAT-Port-Block-End 3 byte
    ATTRIBUTE NAT-Port-Chunk-Alloc 4 short
    ATTRIBUTE NAT-Correlation-Id 5 string
    ATTRIBUTE NAT-Loading-Factor 6 byte
    ATTRIBUTE NAT-Binding-Timer-Value 7 byte
END-TLV SN1-NAT-Bind-Record
adrian gravatar imageadrian ( 2019-10-25 05:36:10 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2019-10-24 22:52:19 +0000

Seen: 117 times

Last updated: Oct 25 '19