Deprecate the X-Ascend-* attributes in dictionary.ascend?
The dictionary.ascend file contains both Ascend VSAs and some historical
Ascend specific extensions in the lower (1-255) RADIUS attribute space.
These are prefixed with "X-Ascend-".
But nowadays, quite a few of these collide with official standard
attributes. Although this is not a problem for the RADIUS server or
other applications mapping from name to value, it does pose a problem
for applications mapping from value to name. E.g. radclient, which will
happily believe that 123 is X-Ascend-Call-Attempt-Limit instead of the
RFC 4818 defined Delegated-IPv6-Prefix:
~$ radclient -x localhost:1812 auth foo -f test
Sending Access-Request of id 237 to 127.0.0.1 port 1812
User-Name = "[hidden email]"
Password = "bar"
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=237, length=100
Framed-IP-Address = 192.168.3.4
Framed-IPv6-Prefix = 2001:db8:2:1::/64
Framed-Interface-Id = 8765:5678:abcd:1234
X-Ascend-Call-Attempt-Limit = 0x003020010db8000300000000000000000000
ERX-Ipv6-Primary-Dns = 2001:db8::53
Even worse, I believe rlm modules like rlm_perl which also map from
value to name for their internal representation of the attributes, will
do the same. I.e., if you write a script for rlm_perl, expecting a
Delegated-IPv6-Prefix, you'll be up for a surprise...
My suggestion is splitting dictionary.ascend in two separate dictionary
files, keeping only the VSA part included by default. Or at least split
out all attributes colliding with standard attributes.