Extending Dictionary Files with JUNOSe Parameters for the RAD-Series RADIUS Server
In addition to supporting standard RADIUS attributes, the JUNOSe router supports JUNOSe-specific attributes. These attributes must be introduced to RAD-Series RADIUS Server. You must use the RADIUS attributes for both RAD-Series RADIUS Server-JUNOSe router integration and RAD-Series RADIUS Server-JUNOSe router-SDX integration.
The RAD-Series RADIUS Server package still uses the old Unisphere VSAs in their dictionary file. You must edit the dictionary file (located in /opt/aaa/etc) and replace the Unisphere attributes with the following JUNOSe extensions:
# Juniper Networks Inc.# E-series ExtensionsJuniper.attr Virtual-Router-Name 1 string (1, 0, 0)Juniper.attr Address-Pool-Name 2 string (1, 0, 0)Juniper.attr Local-Loopback 3 string (1, 0, 0)Juniper.attr Primary-DNS 4 ipaddr (1, 0, 0)Juniper.attr Secondary-DNS 5 ipaddr (1, 0, 0)Juniper.attr Primary-WINS 6 ipaddr (1, 0, 0)Juniper.attr Secondary-WINS 7 ipaddr (1, 0, 0)Juniper.attr Tunnel-Virtual-Router 8 string (1, 0, 0)Juniper.attr Tunnel-Password 9 string (1, 0, 0)Juniper.attr Ingress-Policy-Name 10 string (1, 0, 0)Juniper.attr Egress-Policy-Name 11 string (1, 0, 0)Juniper.attr Ingress-Statistics 12 integer (1, 0, 0)Juniper.attr Egress-Statistics 13 integer (1, 0, 0)Juniper.attr Atm-Service-Category 14 integer (1, 0, 0)Juniper.attr Atm-PCR 15 integer (1, 0, 0)Juniper.attr Atm-SCR 16 integer (1, 0, 0)Juniper.attr Atm-MBS 17 integer (1, 0, 0)Juniper.attr Cli-Initial-Access-Level 18 string (1, 0, 0)Juniper.attr Cli-Allow-All-VR-Access 19 integer (1, 0, 0)Juniper.attr Alternate-Cli-Access-Level 20 string (1, 0, 0)Juniper.attr Alternate-Cli-Vrouter-Name 21 string (1, 0, 0)Juniper.attr Sa-Validate 22 integer (1, 0, 0)Juniper.attr Igmp-Enable 23 integer (1, 0, 0)Juniper.attr Pppoe-Description 24 string (1, 0, 0)Juniper.attr Redirect-VR-Name 25 string (1, 0, 0)Juniper.attr Qos-Profile-Name 26 string (1, 0, 0)Juniper.attr Pppoe-Max-Sessions 27 integer (1, 0, 0)Juniper.attr Pppoe-Url 28 string (1, 0, 0)Juniper.attr Qos-Profile-Interface-Type 29 integer (1, 0, 0)Juniper.attr Tunnel-Nas-Port-Method 30 integer (1, 0, 0)Juniper.attr Service-Bundle 31 string (1, 0, 0)Juniper.attr Tunnel-Tos 32 integer (1, 0, 0)Juniper.attr Tunnel-Maximum-Sessions 33 integer (1, 0, 0)Juniper.attr Framed-Ip-Route-Tag 34 string (1, 0, 0)Juniper.attr Tunnel-Dialout-Number 35 string (1, 0, 0)Juniper.attr Ppp-Username 36 string (1, 0, 0)Juniper.attr Ppp-Password 37 string (1, 0, 0)Juniper.attr Ppp-Authenticate-Protocol 38 integer (1, 0, 0)Juniper.attr Tunnel-Minimum-Bps 39 integer (1, 0, 0)Juniper.attr Tunnel-Maximum-Bps 40 integer (1, 0, 0)Juniper.attr Tunnel-Bearer-Type 41 integer (1, 0, 0)Juniper.attr Input-Gigapkts 42 integer (1, 0, 0)Juniper.attr Output-Gigapkts 43 integer (1, 0, 0)Juniper.attr Tunnel-Interface-Id 44 string (1, 0, 0)Juniper.attr Ipv6-Virtual-Router 45 string (1, 0, 0)Juniper.attr Ipv6-Local-Interface 46 string (1, 0, 0)Juniper.attr Ipv6-Primary-DNS 47 string (1, 0, 0)Juniper.attr Ipv6-Secondary-DNS 48 string (1, 0, 0)Juniper.attr Sdx-Service-Name 49 string (1, 0, 0)Juniper.attr Sdx-Session-Volume-Quota 50 string (1, 0, 0)Juniper.attr Tunnel-Disconnect-Cause-Info 51 string (1, 0, 0)# Ingress-Statistics ValuesJuniper.value Ingress-Statistics False 0Juniper.value Ingress-Statistics True 1# Egress-Statistics ValuesJuniper.value Egress-Statistics False 0Juniper.value Egress-Statistics True 1# Atm-Service-Category ValuesJuniper.value Atm-Service-Category UBR 1Juniper.value Atm-Service-Category UBRPCR 2Juniper.value Atm-Service-Category nrtVBR 3Juniper.value Atm-Service-Category CBR 4# Cli-Allow-All-VR-Access ValuesJuniper.value Cli-Allow-All-VR-Access False 0Juniper.value Cli-Allow-All-VR-Access True 1# Sa-Validate ValuesJuniper.value Sa-Validate False 0Juniper.value Sa-Validate True 1# Igmp-Enable ValuesJuniper.value Igmp-Enable False 0Juniper.value Igmp-Enable True 1# Qos-Profile-Interface-Type ValuesJuniper.value Qos-Profile-Interface-Type IP 1Juniper.value Qos-Profile-Interface-Type ATM 2Juniper.value Qos-Profile-Interface-Type HDLC 3Juniper.value Qos-Profile-Interface-Type ETHERNET 4Juniper.value Qos-Profile-Interface-Type SERVER-PORT 5Juniper.value Qos-Profile-Interface-Type ATM-1483 6Juniper.value Qos-Profile-Interface-Type FRAME-RELAY 7Juniper.value Qos-Profile-Interface-Type MPLS-MINOR 8Juniper.value Qos-Profile-Interface-Type CBF 9Juniper.value Qos-Profile-Interface-Type IP-TUNNEL 10Juniper.value Qos-Profile-Interface-Type VLAN-SUB 11Juniper.value Qos-Profile-Interface-Type PPPOE-SUB 12# Tunnel-Nas-Port-Method ValuesJuniper.value Tunnel-Nas-Port-Method none 0Juniper.value Tunnel-Nas-Port-Method CISCO-CLID 1# Ppp-Authenticate-ProtocolJuniper.value Ppp-Authenticate-Protocol None 0Juniper.value Ppp-Authenticate-Protocol PAP 1Juniper.value Ppp-Authenticate-Protocol CHAP 2Juniper.value Ppp-Authenticate-Protocol PAP-CHAP 3Juniper.value Ppp-Authenticate-Protocol CHAP-PAP 4# Tunnel-Bearer-TypeJuniper.value Tunnel-Bearer-Type None 0Juniper.value Tunnel-Bearer-Type ANALOG 1Juniper.value Tunnel-Bearer-Type DIGITAL 2The next step defines the JUNOSe router as the network access server (NAS) to be recognized by RAD-Series RADIUS Server. This step involves the extension of the vendor file. The vendor file is located in /opt/aaa/etc.
The vendor file contains a list of zero or more vendor entries. Each vendor entry contains a vendor name and a vendor number. Each entry optionally contains an interim way of mapping external (with respect to the RADIUS server) attribute numbers to internal (with respect to the RADIUS server) vendor-specific attributes. This optional mapping is used on RADIUS requests and responses. Again, RAD-Series RADIUS Server still uses the Unisphere Networks extension. Edit the vendor file and replace Unisphere with Juniper. The ID should remain at 4874.
The modified lines look like the following:
# Juniper NetworksJuniper.attr Juniper.value 4874 Juniper