This chapter describes how to select, edit, and customize the RADIUS data dictionary file.
The data dictionary includes a list of the attribute-value pairs which are used by Oracle Communications Billing and Revenue Management (BRM) RADIUS Manager to perform AAA and other operations. The RADIUS dictionary uses standard attributes prescribed by the RADIUS protocol in Request for Comments (RFC) 2865 and 2866. The default location of the data dictionary file is $BRM_home/apps/radius/dictionary_file, where BRM_home is the directory in which BRM components are installed.
Attribute-value pairs are sent from the NAS to RADIUS Manager as RADIUS requests. Each attribute-value pair consists of an attribute with a value for that attribute.
The syntax for attribute-value pairs:
Syntax: <attribute_declaration> <attribute_name> <attribute_number> <data_type> Examples: ATTRIBUTE NAS-IP-Address 4 ipaddr ATTRIBUTE User-Name 1 string
Important:
Attribute numbers must be unique.Use the dictionary entry in the $CORE section of the RADIUS configuration file (BRM_home/apps/radius/) to set the file name and path of the RADIUS dictionary file. See "Selecting the Data Dictionary".
In special cases where you are using NAS from multiple vendors, or must add vendor specific attributes to the dictionary file, you may need to edit the data dictionary.
Only merge data dictionary files as a last resort. Each attribute value pair in the dictionary must be unique. When you merge data dictionaries review the file carefully to ensure that no two attributes have the same name. If duplicate attributes exist, modify the attribute names so that they are unique.
To use a vendor specific attribute (VSA), you must define the attribute and vendor code size in your dictionary file.
The syntax for defining a vender-specific attribute in your RADIUS dictionary file:
VENDORATTR <vendor_id> <attr_name> <vendor_type> <type> [<struct defn.>] VENDORATTR 9Example_VSA_struct 89 struct ip:ipaddr,vector:data[10],id:short
Number used to identify the NAS or gateway vendor. These numbers are assigned by the Internet Advisory Board (IAB). Check your vendor's documentation for details. Some common vendor identification numbers are:
9 (Cisco)
311 (Microsoft)
429 (3Com/USR)
Name of the attribute, User-Name for example.
Identification number assigned to the attribute in the dictionary.
Any one of several supported data types.
UnsignedInt
32 bit unsigned value in big endian order (high byte first).
Integer
32-bit value in big endian order (high octet first).
String
0-253 octets
Ipaddr
4 octets in network octet order
Binary
0-254 octets
Password
(n * 16) (>= 16) octets. This field is encrypted according to the User-Password definition in RFC 2865.
Short
16-bit value
Octet
8-bit value
Data
0 to 253 octets, whose length is fixed when you define it. This data type must be used inside a struct; it can't be used as a stand-alone data type.
Struct
A composite data type that can use the other supported data types as subfields. A struct cannot contain another struct.
You must also add the VENDOR_CODE_SIZE field to your dictionary file before using a VSA.
The syntax for entering a VENDOR_CODE_SIZE field in your RADIUS dictionary file:
VENDOR_CODE_SIZE <vendor_id> <code_size>
VENDOR_CODE_SIZE
Keyword that specifies the size of the vendor code field in the VSA.
vendor_id
Number used to identify the NAS or gateway vendor. These numbers are assigned by the Internet Advisory Board (IAB). Some common vendor identification numbers are:
Cisco 9
Microsoft 311
3Com/USR 429
code_size
Size of the vendor code contained in the VSA. This value must be 1, 2 or 4 octets.
If you use one of the following NAS vendors, you can copy the appropriate VENDOR_CODE_SIZE entry to your dictionary file. If your NAS vendor isn't listed, check the vendor's documentation for details or use the default size. The default size is 1 octet.
VENDOR_CODE_SIZE 9 1 # Cisco VENDOR_CODE_SIZE 429 4 # 3Com/USR VENDOR_CODE_SIZE 311 1 # MICROSOFT VENDOR_CODE_SIZE DEFAULT 1 # Default vendor code size
When the dictionary is initialized, these values are read and stored in BRM.
Usually a predefined vendor code exists for a VSA. In special cases, where no such vendor code exists, or where you as the administrator require additional flexibility in defining attribute parameters, the struct data type can be used.
Caution:
Only advanced administrators should attempt to use this feature.The format of the first five fields in all VSA definitions are the same for all supported data types. When you use the struct data type, the fields following the data_type field are a comma-separated list of field-name and field-type pairs.
This example shows three subfields in the struct:
IP address field named ip
Field of type data with a length of 16 bits called vector
Field of type short named tunnel
Note:
Each VSA definition must fit on one line. Definitions will not work if they are split over more than one line.VENDORATTR 429 VPN 123 struct ip:ipaddr,vector:data[16],tunnel:short