Creating Vendor-Specific Attributes
Many vendors use the server for interoperability testing when writing new NAS software or defining new VSAs. While giving advice to NAS vendors is a little out of the scope of a FreeRADIUS book, this advice is included in the hope that doing so will help vendors to create simple and inter-operable specifications. Whenever a vendor chooses non-standard formats or data types for their attributes, it becomes nearly impossible for any RADIUS server to understand those attributes.
The VSA format should be the format defined in RFC 2865, Section 5.26. This type is automatically used by the server when a new vendor dictionary is defined.
The data types for each attribute should be one of the well-known data types defined above. Any other data type will not be understood by most RADIUS servers.
The attribute names should be prefixed with the name of the vendor
in order to avoid global naming conflicts. For example, an attribute
name such as
Cisco-AVPair is a good name, whereas
not be a good name.
Vendor dictionaries should also avoid any attribute options. That is, tagged and/or encrypted VSAs are not recommended.
The attribute numbers should be assigned at the discretion of the
vendor, starting from one and going to 255. Taking care when assigning
numbers is recommended, as the space is limited. Some vendors have
chosen to pack new attributes into strings, such as with
Cisco-AVPair. This practice is useful, but alternatives that do not pack integers or
IP addresses in ASCII form are preferable.