blob: aa2fec6a4c5fbeb3f6a754717fb8a1bf118bbb56 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
|
#
# Version $Id$
#
# This is derived from the FreeRADIUS dictionary
# http://www.freeradius.org
#
# This file contains dictionary translations for parsing
# radius packets. All transactions are
# composed of Attribute/Value Pairs.
#
#
# Valid data types are:
#
# string - 0-253 octets
# ipaddr - 4 octets in network byte order
# integer - 32 bit value in big endian order (high byte first)
# (wireshark uses this type for non-standard 1-2-3 and 8 byte integers as well)
# date - 32 bit value in big endian order - seconds since
# 00:00:00 GMT, Jan. 1, 1970
# ifid - 8 octets in network byte order
# ipv6addr - 16 octets in network byte order
# ipv6prefix - 18 octets in network byte order
# octets - raw octets, printed as hex strings
# byte - one-octet unsigned integer
# short - two-octet unsigned integer in network byte order
# signed - 4-octet signed integer in network byte order.
# combo-ip - if length 4, is the same as the "ipaddr" type.
# if length 16, is the same as "ipv6addr" type.
# tlv - encapsulated sub-attributes
# i.e. Vendor-Specific -> WiMAX TLV -> WiMAX sub-tlv.
#
$INCLUDE dictionary.3com
$INCLUDE dictionary.3gpp
$INCLUDE dictionary.3gpp2
$INCLUDE dictionary.acc
$INCLUDE dictionary.alcatel
$INCLUDE dictionary.alteon
$INCLUDE dictionary.altiga
$INCLUDE dictionary.aptis
$INCLUDE dictionary.aruba
$INCLUDE dictionary.bay
$INCLUDE dictionary.bintec
$INCLUDE dictionary.cablelabs
$INCLUDE dictionary.cabletron
$INCLUDE dictionary.cisco
$INCLUDE dictionary.cisco.vpn3000
$INCLUDE dictionary.cisco.vpn5000
$INCLUDE dictionary.cisco.bbsm
$INCLUDE dictionary.cosine
$INCLUDE dictionary.colubris
$INCLUDE dictionary.columbia_university
$INCLUDE dictionary.ericsson
$INCLUDE dictionary.erx
$INCLUDE dictionary.extreme
$INCLUDE dictionary.freeradius
$INCLUDE dictionary.foundry
$INCLUDE dictionary.gandalf
$INCLUDE dictionary.garderos
$INCLUDE dictionary.gemtek
$INCLUDE dictionary.itk
$INCLUDE dictionary.juniper
$INCLUDE dictionary.karlnet
$INCLUDE dictionary.livingston
$INCLUDE dictionary.localweb
$INCLUDE dictionary.merit
$INCLUDE dictionary.microsoft
$INCLUDE dictionary.mikrotik
$INCLUDE dictionary.navini
$INCLUDE dictionary.nomadix
$INCLUDE dictionary.netscreen
$INCLUDE dictionary.propel
$INCLUDE dictionary.quintum
$INCLUDE dictionary.redback
$INCLUDE dictionary.redcreek
$INCLUDE dictionary.shasta
$INCLUDE dictionary.shiva
$INCLUDE dictionary.sonicwall
$INCLUDE dictionary.springtide
$INCLUDE dictionary.t_systems_nova
$INCLUDE dictionary.telebit
$INCLUDE dictionary.trapeze
$INCLUDE dictionary.tunnel
$INCLUDE dictionary.unisphere
$INCLUDE dictionary.valemount
$INCLUDE dictionary.versanet
$INCLUDE dictionary.wispr
$INCLUDE dictionary.xedia
# nokia an ascend use non-vendor avps
# activate either one or the other as some attributes have common codes
#$INCLUDE dictionary.nokia
$INCLUDE dictionary.ascend
# we do not support 16bit attribute codes yet
$INCLUDE dictionary.usr
$INCLUDE dictionary.starent
$INCLUDE dictionary.wimax
#
# The following are the proper new names. Use these.
#
# http://www.iana.org/assignments/radius-types
#
ATTRIBUTE User-Name 1 string
ATTRIBUTE User-Password 2 string encrypt=1
ATTRIBUTE CHAP-Password 3 octets
ATTRIBUTE NAS-IP-Address 4 ipaddr
ATTRIBUTE NAS-Port 5 integer
ATTRIBUTE Service-Type 6 integer
ATTRIBUTE Framed-Protocol 7 integer
ATTRIBUTE Framed-IP-Address 8 ipaddr
ATTRIBUTE Framed-IP-Netmask 9 ipaddr
ATTRIBUTE Framed-Routing 10 integer
ATTRIBUTE Filter-Id 11 string
ATTRIBUTE Framed-MTU 12 integer
ATTRIBUTE Framed-Compression 13 integer
ATTRIBUTE Login-IP-Host 14 ipaddr
ATTRIBUTE Login-Service 15 integer
ATTRIBUTE Login-TCP-Port 16 integer
ATTRIBUTE Reply-Message 18 string
ATTRIBUTE Callback-Number 19 string
ATTRIBUTE Callback-Id 20 string
ATTRIBUTE Framed-Route 22 string
ATTRIBUTE Framed-IPX-Network 23 ipaddr
ATTRIBUTE State 24 octets
ATTRIBUTE Class 25 octets
ATTRIBUTE Vendor-Specific 26 octets
ATTRIBUTE Session-Timeout 27 integer
ATTRIBUTE Idle-Timeout 28 integer
ATTRIBUTE Termination-Action 29 integer
ATTRIBUTE Called-Station-Id 30 string
ATTRIBUTE Calling-Station-Id 31 string
ATTRIBUTE NAS-Identifier 32 string
ATTRIBUTE Proxy-State 33 octets
ATTRIBUTE Login-LAT-Service 34 string
ATTRIBUTE Login-LAT-Node 35 string
ATTRIBUTE Login-LAT-Group 36 octets
ATTRIBUTE Framed-AppleTalk-Link 37 integer
ATTRIBUTE Framed-AppleTalk-Network 38 integer
ATTRIBUTE Framed-AppleTalk-Zone 39 string
ATTRIBUTE Acct-Status-Type 40 integer
ATTRIBUTE Acct-Delay-Time 41 integer
ATTRIBUTE Acct-Input-Octets 42 integer
ATTRIBUTE Acct-Output-Octets 43 integer
ATTRIBUTE Acct-Session-Id 44 string
ATTRIBUTE Acct-Authentic 45 integer
ATTRIBUTE Acct-Session-Time 46 integer
ATTRIBUTE Acct-Input-Packets 47 integer
ATTRIBUTE Acct-Output-Packets 48 integer
ATTRIBUTE Acct-Terminate-Cause 49 integer
ATTRIBUTE Acct-Multi-Session-Id 50 string
ATTRIBUTE Acct-Link-Count 51 integer
ATTRIBUTE Acct-Input-Gigawords 52 integer
ATTRIBUTE Acct-Output-Gigawords 53 integer
ATTRIBUTE Event-Timestamp 55 date
ATTRIBUTE Egress-VLANID 56 integer
ATTRIBUTE Ingress-Filters 57 integer
ATTRIBUTE Egress-VLAN-Name 58 string
ATTRIBUTE User-Priority-Table 59 octets # 8
ATTRIBUTE CHAP-Challenge 60 octets
ATTRIBUTE NAS-Port-Type 61 integer
ATTRIBUTE Port-Limit 62 integer
ATTRIBUTE Login-LAT-Port 63 integer
ATTRIBUTE Tunnel-Type 64 integer
ATTRIBUTE Tunnel-Medium-Type 65 integer
ATTRIBUTE Tunnel-Client-Endpoint 66 string
ATTRIBUTE Tunnel-Server-Endpoint 67 string
ATTRIBUTE Acct-Tunnel-Connection 68 string
ATTRIBUTE ARAP-Password 70 string
ATTRIBUTE ARAP-Features 71 string
ATTRIBUTE ARAP-Zone-Access 72 integer
ATTRIBUTE ARAP-Security 73 integer
ATTRIBUTE ARAP-Security-Data 74 string
ATTRIBUTE Password-Retry 75 integer
ATTRIBUTE Prompt 76 integer
ATTRIBUTE Connect-Info 77 string
ATTRIBUTE Configuration-Token 78 string
ATTRIBUTE EAP-Message 79 octets
ATTRIBUTE Message-Authenticator 80 octets
ATTRIBUTE ARAP-Challenge-Response 84 string # 10 octets
ATTRIBUTE Acct-Interim-Interval 85 integer
ATTRIBUTE Acct-Tunnel-Packets-Lost 86 integer
ATTRIBUTE NAS-Port-Id 87 string
ATTRIBUTE Framed-Pool 88 string
ATTRIBUTE Chargeable-User-Identity 89 string
ATTRIBUTE Tunnel-Server-Auth-Id 91 string
ATTRIBUTE NAS-Filter-Rule 92 string
ATTRIBUTE NAS-IPv6-Address 95 ipv6addr
ATTRIBUTE Framed-Interface-Id 96 ifid
ATTRIBUTE Framed-IPv6-Prefix 97 ipv6prefix
ATTRIBUTE Login-IPv6-Host 98 ipv6addr
ATTRIBUTE Framed-IPv6-Route 99 string
ATTRIBUTE Framed-IPv6-Pool 100 string
# As defined in RFC 3576
ATTRIBUTE Error-Cause 101 integer
ATTRIBUTE EAP-Key-Name 102 string
# As defined in RFC 4590
ATTRIBUTE Digest-Response 103 string
ATTRIBUTE Digest-Realm 104 string
ATTRIBUTE Digest-Nonce 105 string
ATTRIBUTE Digest-Nextnonce 106 string
ATTRIBUTE Digest-Response-Auth 107 string
ATTRIBUTE Digest-Method 108 string
ATTRIBUTE Digest-URI 109 string
ATTRIBUTE Digest-Qop 110 string
ATTRIBUTE Digest-Algorithm 111 string
ATTRIBUTE Digest-Entity-Body-Hash 112 string
ATTRIBUTE Digest-CNonce 113 string
ATTRIBUTE Digest-Nonce-Count 114 string
ATTRIBUTE Digest-Username 115 string
ATTRIBUTE Digest-Opaque 116 string
ATTRIBUTE Digest-Auth-Param 117 string
ATTRIBUTE Digest-AKA-Auts 118 string
ATTRIBUTE Digest-Domain 119 string
ATTRIBUTE Digest-Stale 120 string
ATTRIBUTE Digest-HA1 121 string
ATTRIBUTE SIP-AOR 122 string
# http://www.iana.org/assignments/radius-types 2009-04-24
#123 Delegated-IPv6-Prefix [RFC4818]
#124 MIP6-Feature-Vector [RFC5447]
#125 MIP6-Home-Link-Prefix [RFC5447]
#126-191 Unassigned
#192-223 Experimental Use [RFC3575]
#224-240 Implementation Specific [RFC3575]
#241-255 Reserved [RFC3575]
# As defined in RFC 4818
ATTRIBUTE Delegated-IPv6-Prefix 123 ipv6prefix
# As defined in draft-sterman-aaa-sip-00.txt
ATTRIBUTE Digest-Response 206 string
ATTRIBUTE Digest-Attributes 207 octets # stupid format
#
# Integer Translations
#
# User Types
VALUE Service-Type Login-User 1
VALUE Service-Type Framed-User 2
VALUE Service-Type Callback-Login-User 3
VALUE Service-Type Callback-Framed-User 4
VALUE Service-Type Outbound-User 5
VALUE Service-Type Administrative-User 6
VALUE Service-Type NAS-Prompt-User 7
VALUE Service-Type Authenticate-Only 8
VALUE Service-Type Callback-NAS-Prompt 9
VALUE Service-Type Call-Check 10
VALUE Service-Type Callback-Administrative 11
VALUE Service-Type Voice 12
VALUE Service-Type Fax 13
VALUE Service-Type Modem-Relay 14
VALUE Service-Type IAPP-Register 15
VALUE Service-Type IAPP-AP-Check 16
VALUE Service-Type Authorize-Only 17
# Framed Protocols
VALUE Framed-Protocol PPP 1
VALUE Framed-Protocol SLIP 2
VALUE Framed-Protocol ARAP 3
VALUE Framed-Protocol Gandalf-SLML 4
VALUE Framed-Protocol Xylogics-IPX-SLIP 5
VALUE Framed-Protocol X.75-Synchronous 6
VALUE Framed-Protocol GPRS-PDP-Context 7
# Framed Routing Values
VALUE Framed-Routing None 0
VALUE Framed-Routing Broadcast 1
VALUE Framed-Routing Listen 2
VALUE Framed-Routing Broadcast-Listen 3
# Framed Compression Types
VALUE Framed-Compression None 0
VALUE Framed-Compression Van-Jacobson-TCP-IP 1
VALUE Framed-Compression IPX-Header-Compression 2
VALUE Framed-Compression Stac-LZS 3
# Login Services
VALUE Login-Service Telnet 0
VALUE Login-Service Rlogin 1
VALUE Login-Service TCP-Clear 2
VALUE Login-Service PortMaster 3
VALUE Login-Service LAT 4
VALUE Login-Service X25-PAD 5
VALUE Login-Service X25-T3POS 6
VALUE Login-Service TCP-Clear-Quiet 7
# Login-TCP-Port (see /etc/services for more examples)
VALUE Login-TCP-Port Telnet 23
VALUE Login-TCP-Port Rlogin 513
VALUE Login-TCP-Port Rsh 514
# Status Types
VALUE Acct-Status-Type Start 1
VALUE Acct-Status-Type Stop 2
VALUE Acct-Status-Type Interim-Update 3
VALUE Acct-Status-Type Alive 3
VALUE Acct-Status-Type Accounting-On 7
VALUE Acct-Status-Type Accounting-Off 8
# RFC 2867 Additional Status-Type Values
VALUE Acct-Status-Type Tunnel-Start 9
VALUE Acct-Status-Type Tunnel-Stop 10
VALUE Acct-Status-Type Tunnel-Reject 11
VALUE Acct-Status-Type Tunnel-Link-Start 12
VALUE Acct-Status-Type Tunnel-Link-Stop 13
VALUE Acct-Status-Type Tunnel-Link-Reject 14
VALUE Acct-Status-Type Failed 15
# Authentication Types
VALUE Acct-Authentic RADIUS 1
VALUE Acct-Authentic Local 2
VALUE Acct-Authentic Remote 3
VALUE Acct-Authentic Diameter 4
VALUE Ingress-Filters Enabled 1
VALUE Ingress-Filters Disabled 2
# Tunnel Type
VALUE Tunnel-Type PPTP 1
VALUE Tunnel-Type L2F 2
VALUE Tunnel-Type L2TP 3
VALUE Tunnel-Type ATMP 4
VALUE Tunnel-Type VTP 5
VALUE Tunnel-Type AH 6
VALUE Tunnel-Type IP 7
VALUE Tunnel-Type MIN-IP 8
VALUE Tunnel-Type ESP 9
VALUE Tunnel-Type GRE 10
VALUE Tunnel-Type DVS 11
VALUE Tunnel-Type IP-in-IP 12
VALUE Tunnel-Type VLAN 13
# Tunnel Medium Type
VALUE Tunnel-Medium-Type IPv4 1
VALUE Tunnel-Medium-Type IPv6 2
VALUE Tunnel-Medium-Type NSAP 3
VALUE Tunnel-Medium-Type HDLC 4
VALUE Tunnel-Medium-Type BBN-1822 5
VALUE Tunnel-Medium-Type IEEE-802 6
VALUE Tunnel-Medium-Type E.163 7
VALUE Tunnel-Medium-Type E.164 8
VALUE Tunnel-Medium-Type F.69 9
VALUE Tunnel-Medium-Type X.121 10
VALUE Tunnel-Medium-Type IPX 11
VALUE Tunnel-Medium-Type Appletalk 12
VALUE Tunnel-Medium-Type DecNet-IV 13
VALUE Tunnel-Medium-Type Banyan-Vines 14
VALUE Tunnel-Medium-Type E.164-NSAP 15
# ARAP Zone Access
VALUE ARAP-Zone-Access Default-Zone 1
VALUE ARAP-Zone-Access Zone-Filter-Inclusive 2
VALUE ARAP-Zone-Access Zone-Filter-Exclusive 4
# Prompt
VALUE Prompt No-Echo 0
VALUE Prompt Echo 1
# Termination Options
VALUE Termination-Action Default 0
VALUE Termination-Action RADIUS-Request 1
# NAS Port Types
VALUE NAS-Port-Type Async 0
VALUE NAS-Port-Type Sync 1
VALUE NAS-Port-Type ISDN 2
VALUE NAS-Port-Type ISDN-V120 3
VALUE NAS-Port-Type ISDN-V110 4
VALUE NAS-Port-Type Virtual 5
VALUE NAS-Port-Type PIAFS 6
VALUE NAS-Port-Type HDLC-Clear-Channel 7
VALUE NAS-Port-Type X.25 8
VALUE NAS-Port-Type X.75 9
VALUE NAS-Port-Type G.3-Fax 10
VALUE NAS-Port-Type SDSL 11
VALUE NAS-Port-Type ADSL-CAP 12
VALUE NAS-Port-Type ADSL-DMT 13
VALUE NAS-Port-Type IDSL 14
VALUE NAS-Port-Type Ethernet 15
VALUE NAS-Port-Type xDSL 16
VALUE NAS-Port-Type Cable 17
VALUE NAS-Port-Type Wireless-Other 18
VALUE NAS-Port-Type Wireless-802.11 19
VALUE NAS-Port-Type Token-Ring 20
VALUE NAS-Port-Type FDDI 21
VALUE NAS-Port-Type Wireless-CDMA2000 22
VALUE NAS-Port-Type Wireless-UMTS 23
VALUE NAS-Port-Type Wireless-1X-EV 24
VALUE NAS-Port-Type IAPP 25
VALUE NAS-Port-Type FTTP 26
# Acct Terminate Causes
VALUE Acct-Terminate-Cause User-Request 1
VALUE Acct-Terminate-Cause Lost-Carrier 2
VALUE Acct-Terminate-Cause Lost-Service 3
VALUE Acct-Terminate-Cause Idle-Timeout 4
VALUE Acct-Terminate-Cause Session-Timeout 5
VALUE Acct-Terminate-Cause Admin-Reset 6
VALUE Acct-Terminate-Cause Admin-Reboot 7
VALUE Acct-Terminate-Cause Port-Error 8
VALUE Acct-Terminate-Cause NAS-Error 9
VALUE Acct-Terminate-Cause NAS-Request 10
VALUE Acct-Terminate-Cause NAS-Reboot 11
VALUE Acct-Terminate-Cause Port-Unneeded 12
VALUE Acct-Terminate-Cause Port-Preempted 13
VALUE Acct-Terminate-Cause Port-Suspended 14
VALUE Acct-Terminate-Cause Service-Unavailable 15
VALUE Acct-Terminate-Cause Callback 16
VALUE Acct-Terminate-Cause User-Error 17
VALUE Acct-Terminate-Cause Host-Request 18
VALUE Acct-Terminate-Cause Supplicant-Restart 19
VALUE Acct-Terminate-Cause Reauthentication-Failure 20
VALUE Acct-Terminate-Cause Port-Reinit 21
VALUE Acct-Terminate-Cause Port-Disabled 22
VALUE Prompt No-Echo 0
VALUE Prompt Echo 1
#
# Error causes
#
VALUE Error-Cause Residual-Context-Removed 201
VALUE Error-Cause Invalid-EAP-Packet 202
VALUE Error-Cause Unsupported-Attribute 401
VALUE Error-Cause Missing-Attribute 402
VALUE Error-Cause NAS-Identification-Mismatch 403
VALUE Error-Cause Invalid-Request 404
VALUE Error-Cause Unsupported-Service 405
VALUE Error-Cause Unsupported-Extension 406
VALUE Error-Cause Invalid-Attribute-Value 407
VALUE Error-Cause Administratively-Prohibited 501
VALUE Error-Cause Proxy-Request-Not-Routable 502
VALUE Error-Cause Session-Context-Not-Found 503
VALUE Error-Cause Session-Context-Not-Removable 504
VALUE Error-Cause Proxy-Processing-Error 505
VALUE Error-Cause Resources-Unavailable 506
VALUE Error-Cause Request-Initiated 507
VALUE Error-Cause Multiple-Session-Selection-Unsupported 508
|
