CPPM RADIUS for CIENA 6500 Devices
09-24-2020 08:54 AM - edited 09-24-2020 08:56 AM
I struggled to find a solution for using CPPM to authenticate my CIENA 6500s. My issue was related the RADIUS Dictionary in CPPM being incompatible. When I started this build I did not see an existing dictionary for vendor name "Ciena" so I created one. Ciena's documentation states that they are vendor ID 562. In my CCPM I saw that Nortel was already using that ID so I created a new dictionary and named it Ciena and gave it vendor ID 561 since that was available. This was a mistake.
Getting the correct vendor ID is critical for VSA attributes. So what you want to do is modify the existing Nortel dictionary to include the following attribute...
<Attribute profile="in out" type="Unsigned32" name="UPC-Priv-Level" id="216"/>
Then in your Enforcement Profile, pick that attribute and give it a value from 1-5. "4" is the standard privilege level for Admin. "1" is read-only. Don't use 5 as per Ciena's recommendation.
I also modified the existing attribute "Nortel-Privilege-Level" and changed the ID from 166 to 26. I do not know if this was necessary but didn't want to make more changes since my tests were succeeding.
<Attribute profile="in out" type="Unsigned32" name="Nortel-Privilege-Level" id="26"/>
Hope this saves time for anyone else trying to work with Ciena 6500 OME devices.
Here's my enforcement profile...