ATTRIBUTE Definitions

The ATTRIBUTE definition consists of a single line of text with four or five fields, as shown below.

  • ATTRIBUTE

    • The keyword that indicates the format of this entry.

  • attribute-name

    • The local name given to this attribute, for printing to output files or reading from configuration files.

  • number

    • The number to which the name maps.

  • type

    • The type of this attribute, which must be one of a set of pre-defined types.

  • options

    • A string (which may be empty) containing modifiers for this attribute.

The following is an example of an ATTRIBUTE entry in the dictionary file:

ATTRIBUTE    User-Name    1    string

This entry defines an attribute called User-Name, which is mapped to number 1 and is of type string.

The attribute-name field is a name taken from the RFCs (Request For Comment) for standardized attributes or from vendor documentation for VSAs (Vendor Specific Attribute). This name cannot contain spaces or other special characters. A good rule of thumb is to keep this name to a three to four word description of the purpose of the attribute, separated by a dash (-) character (e.g., User-Name or Framed-IP-Address).

The number field is a decimal number, or in some cases a hex number, starting with 0x. Again, usually taken from the RFCs for standardized attributes or from vendor documentation for VSAs. In almost all cases this number will be between 1 and 255.

The type field is one of the following strings integer, ipaddr, date, string, octets, abinary, ifid, ipv6addr, pv6prefix, byte, or short. The meaning of most of these types is clear, with the few exceptions described below.

The options field consists of a comma-separated string of optional modifiers for this attribute. These options either define whether or not an attribute has a tag (RFC 2868) or else they define the encryption method if the attribute contains a password. Historically, this option also contained the vendor name when defining this attribute as a VSA, but that use is deprecated; thus, it is recommended to use BEGIN-VENDOR and END-VENDOR instead.

The options have the following meanings:

  • name

    • The name of a particular vendor (e.g. Cisco). This name defines the attribute as being a VSA. We recommend using BEGIN-VENDOR and END-VENDOR instead.

  • has_tag

    • Defines whether or not the attribute has an RFC 2868 style tag. The tag provides a simple way to group related attributes.

  • encrypt=…​

    • Defines the attribute encryption (or obfuscation) method. There are three possible variations:

      1. encrypt=1 User-Password style encryption.

      2. encrypt=2 Tunnel-Password style encryption.

      3. encrypt=3 Ascend’s proprietary encryption method.