Security

This community is currently in a read-only state due to a maintenance window. For more info click here
Reply
Highlighted
New Contributor

CPPM RADIUS for CIENA 6500 Devices

I struggled to find a solution for using CPPM to authenticate my CIENA 6500s.   My issue was related the RADIUS Dictionary in CPPM being incompatible.  When I started this build I did not see an existing dictionary for vendor name "Ciena" so I created one.  Ciena's documentation states that they are vendor ID 562.  In my CCPM I saw that Nortel was already using that ID so I created a new dictionary and named it Ciena and gave it vendor ID 561 since that was available.  This was a mistake.

 

Getting the correct vendor ID is critical for VSA attributes.  So what you want to do is modify the existing Nortel dictionary to include the following attribute...

 

 

 

<Attribute profile="in out" type="Unsigned32" name="UPC-Priv-Level" id="216"/>

 

 

 

Then in your Enforcement Profile, pick that attribute and give it a value from 1-5.  "4" is the standard privilege level for Admin.  "1" is read-only.  Don't use 5 as per Ciena's recommendation.

 

I also modified the existing attribute "Nortel-Privilege-Level" and changed the ID from 166 to 26.  I do not know if this was necessary but didn't want to make more changes since my tests were succeeding.

 

 

 

<Attribute profile="in out" type="Unsigned32" name="Nortel-Privilege-Level" id="26"/>

 

 

 

Hope this saves time for anyone else trying to work with Ciena 6500 OME devices.

 

Here's my enforcement profile...

mdecker_0-1600962632785.png

Cheers!

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: