9.1.1. ATTRIBUTE attrname attrnum type [flags] Previous topic Parent topic Child topic Next topic

This defines the name, RADIUS attribute number, and type for an attribute. Here is an example of attribute definition:
ATTRIBUTE Service-Type 6 integer
ATTRIBUTE is the keyword that says this is an attribute definition. Service-Type is the name of the attribute: the string that is used as the attribute name when printing the attribute and when setting attributes in the user database. 6 is the standard RADIUS attribute number for this attribute (see RFC 2865), and integer is the data type for this attribute. The supported data types are:
  • string
    ASCII string of up to 253 bytes. Trailing NULs are stripped.
  • text
    Similar to string
  • integer
    32-bit unsigned value
  • signed-integer
    32-bit signed value
  • integer8
    8-bit unsigned value
  • integer16
    16-bit unsigned value using network byte order
  • integer64
    64-bit unsigned value using network byte order
  • date
    Date as an integer number of seconds since 00:00:00 UTC Jan 1 1970
  • ipaddr
    IP address in the form aaa.bbb.ccc.ddd, or a 4-byte binary string
  • ipaddrv6
    IPv6 address in the form 2001:db8:148:100::31
  • ipaddrv4v6
    4 or 16 octets long IPv4 or IPv6 (respectively) address in network byte order
  • binary
    Binary data
  • abinary
    Ascend filter, using the special Ascend filter definition syntax. Radiator is very strict about the syntax. You must follow the filter definition syntax exactly.
  • hexadecimal
    Binary data formatted as hexadecimal
  • boolean
    Required only by some Nortel/Aptis CVX vendor-specific attributes. A single byte attribute. Values of 0 or 1 are permitted.
  • tagged-integer
  • tagged-string
  • ipv4prefix
    IPv4 prefix in the form
  • ipv6prefix
    IPv6 prefix in the form 2001:db8:148:100::/64
  • ifid
    IPv6 interface identifier in the form aaaa:bbbb:cccc:dddd
  • tlv
    Encapsulation attribute that contains one or several attributes
  • custom
    See Section 9.1.10. Using VSA framework for customised attributes for more about custom attribute VSA framework.
If you redefine an ATTRIBUTE by defining a new name for an previously defined attribute number, the new definition replaces the old one. The first is a synonym for the second when used in a reply.
attrnum may be in decimal, hex (prefixed by ‘0x’) or octal (prefixed by 0).
ATTRIBUTE also supports optional flags to control whether the attribute is tagged or requires encryption like this:
ATTRIBUTE Tunnel-Password 69 string has_tag,encrypt=2
The permitted flags are:
  • has_tag
    Specifies that the encoded attribute is prefixed a tag octet. The value of the tag can be specified in an attribute value with a leading tag number and a colon.
  • encrypt=n (n = 1, 2 or 3)
    Specified that the attribute is to encrypted with the specified algorithm. The following algorithms are supported:
    1. RADIUS User-Password encryption
    2. The SALT algorithm as described by RFC 2548
    3. Symmetric encoding and decoding as required for Ascend-Send-Secret