[SOLVED] - Re: VLAN assigment and Alcatel Omniswitch 7800

Peter Nixon listuser at peternixon.net
Thu Feb 15 08:36:32 CET 2007 

Hi Oxiel

Please update the HOWTO and possibly the FAQ with your comments.

Regards

Peter

On Thu 15 Feb 2007 04:30, Oxiel Contreras wrote:
> Hello Santa.
>
> This worked great!!!
>
> I was doing 802.1x only, no AVLAN.
>
> For any soul out there trying to implement 802.1x with FreeRadius on
> OpenSuSE10.1 and Omniswitch 7800 and Active Directory as taught on:
>
> http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO
>
> Take note of the following points:
>
> 1) If you use PEAP, install the patch from MS to Radius as noted on the
> FAQ, you need someone with Gold Support from M$ to get it or email me off
> the list :)
>
> http://wiki.freeradius.org/FreeRADIUS_Wiki:FAQ#PEAP_Doesn.27t_Work
>
> 2) If PEAP is your election, install the CA and generate the certificates
> on the Radius server.
>
> 3) Modify the permissions of execution for the winbind daemon in order to
> acomplish the ntlm_auth process, FIXME, now using root permissions.
>
> 4) Use Xylan-Auth-Group as VSA in /etc/raddb/users as the attribute for
> assigning VLAN, or generate the new dictionary.alcatel as Santa Yeh
> described below, and then use Alcatel-Auth-Group as the attribute for VLAN
>
> 5) Use the setup for omniswitch as described below by Santa Yeh
>
> 6) Thank all these great people who develop and support this great
> software.
>
> Thanks Alan, A.L.M., Jeremy, Marcel and Santa.
>
> Best regards
>
> Oxiel
>
> El Miércoles, 14 de Febrero de 2007 11:19, Santa Yeh escribió:
> > Hello Oxiel,
> >
> > Are you doing AVLAN or 802.1x?
> >
> > 1. I created a new file - dictionary.alcatel
> >
> > #
> > # dictionary.alcatel
> > #
> > #           Alcatel VSAs
> > #
> >
> > VENDOR        Alcatel        800
> >
> > #
> > # Standard attribute
> > #
> > ATTRIBUTE    Alcatel-Auth-Group    1    integer        Alcatel
> > ATTRIBUTE    Alcatel-Slot-Port    2    string        Alcatel
> > ATTRIBUTE    Alcatel-Time-of-Day    3    string        Alcatel
> > ATTRIBUTE    Alcatel-Client-IP-Addr    4    ipaddr        Alcatel
> > ATTRIBUTE    Alcatel-Group-Desc    5    string        Alcatel
> > ATTRIBUTE    Alcatel-Port-Desc    6    string        Alcatel
> >
> > VALUE        Acct-Authentic        AUTH-AVCLIENT    4
> > VALUE        Acct-Authentic        AUTH-TELNET    5
> > VALUE        Acct-Authentic        AUTH-HTTP    6
> >
> > 2. For users file
> >
> > user1        Auth-Type := Local, Password = "user1"
> >                 Alcatel-Auth-Group = 3
> >
> > 3. For AVLAN
> >
> > vlan 3 authentication enable
> > vlan port mobile 1/1 bpdu ignore enable
> > vlan port 1/1 authenticate enable
> > ip interface vlan3 address 192.168.11.254 mask 255.255.255.0 vlan 3
> > aaa radius-server rad1 host 192.168.10.211 key radkey
> > aaa authentication vlan single-mode rad1
> > aaa accounting vlan rad1
> > aaa avlan default dhcp 192.168.11.254
> > aaa avlan dns alcatel
> > avlan 3 auth-ip 192.168.11.253
> >
> > 4. For 802.1x (Sorry, just from my memory)
> >
> > vlan 3 802.1x enable
> > vlan port mobile 1/1 bpdu ignore enable
> > vlan port 1/1 802.1x enable
> > ip interface vlan3 address 192.168.11.254 mask 255.255.255.0 vlan 3
> > aaa radius-server rad1 host 192.168.10.211 key radkey
> > aaa authentication 802.1x rad1
> > aaa accounting 802/1x rad1
>
> Chiacchiera con i tuoi amici in tempo reale!
>  http://it.yahoo.com/mail_it/foot/*http://it.messenger.yahoo.com
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

-- 

Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc

More information about the Freeradius-Users mailing list