RADIUS iRule to insert vendor attributes

Hi Paul,

 

 

it is possible. however, current Radius iRule does not support inner attribute inside vendor-specific AVP. here is what you can try.

 

it might be easier to create new avp 26 and insert using radius iRule or using UDP::payload iRule.

 

 

example (not test)

 

 

create new vendor-specific (let use 3GPP as an example)

 

set vendor-id 10415

 

set vendor-type 1

 

set vendor-len 10

 

set vendor-str "12345678"

 

set attr [binary format Icca8 $vendor-id $vendor-type $vendor-len $vendor-str]

 

RADIUS::avp insert 26 $attr

 

 

alternatively, you can do this all in binary format

 

set type 26

 

set len 16

 

set vendor-id 10415

 

set vendor-type 1

 

set vendor-len 10

 

set vendor-str "12345678"

 

set attr2 [binary format ccIcca8 $type $len $vendor-id $vendor-type $vendor-len $vendor-str]

 

UDP::payload replace [UDP::payload length] 0 $attr2

 

 

if you want to append additional data to existing vendor-specific attribute, you can use same concept by reading existing AVP 26 to variable, formating data using binary format, appending new data to the variable and use RADIUS iRule to replace avp 26 with new value of variable.

 

 

note that current RADIUS iRule does not re-calculate Authenticator, if RADIUS client or server is strictly check for it, you may need to adjust the authenticator. it can be done by iRule. I can give you example if you need it.

 

 

Nat