|Applies To||RSA ACE/Server 5.x|
RSA ACE/Server RADIUS
|Issue||ACE/RADIUS: Pass a Vendor-Specific Attribute in a Numeric Format|
Enter vendor-specific attributes as numerically formatted values
|Resolution||In order to pass a Vendor-Specific Attribute formatted as a numeric value (as opposed to a string format), you need to precede the Vendor ID with a pound sign (#). The format for the numeric value is decimal. If the numeric value is an address, the address must be converted to decimal, including the dotted formatting. For example, to pass "The Springtide vendor specific attribute for primary-dns-server and pass the address of 10.1.1.100", use the following format:|
3551 = Springtide ID
5 = Springtide specific attribute ID, in this case, 5 refers to 'primary-dns-server'
10.1.1.100 = IP address of the primary-dns-server
The proper Numeric Format for the vendor-specific attribute is as follows:
#3551 5 167838052
The address must be converted into a decimal value as follows:
Dotted: 10.1.1.100 = Decimal 167838052 = HEX 0a 01 01 64
RSA Security has a utility you can use to perform such conversions, built right into the Admin interface. In the ACE/Administration, select the Profile menu, select a profile, and add or edit. Go to the attribute "Ascend-IP-Direct" and enter the address in dotted format. Then, check the Decimal Format and the format will convert on the fly. Then, take that value and place it in Vendor-Specific Attribute.
I will now attempt to prove the functionality to you using a snoop. On the ACE/Server, perform the following:
snoop -xo hostname hostname
where the hostnames are the server and client.
Perform an authentication with the user who is using the attribute
0: 0005 7495 58fc 0800 201d a376 0800 4500 ..t.X... ..v..E.
16: 0057 2eaf 4000 ff11 df52 0a64 3058 0a64 .W..@....R.d0X.d
32: 2874 066d 0798 0043 106e 0201 003b ac1d (t.m...C.n...;..
48: 3092 e096 43c5 0ab6 acc6 edfd 81bd 1215 0...C...........
64: 5041 5353 434f 4445 2041 6363 6570 7465 PASSCODE Accepte
80: 640d 0a1a 0c00 000d df05 060a 0101 6401 d.............d.
96: 0672 6f6f 74 ======== .root
HEX 0a 0101 64 = 10.1.1.100
Look at the line of Hex above the ======== and you will observe that the Hex address is passed.
|Legacy Article ID||a10086|