Using freeradius and 802.1x for dynamic VLAN

tnt at kalik.co.yu tnt at kalik.co.yu
Tue Oct 16 00:07:47 CEST 2007


>
>How you see this is the configuration from my switch.
>In the file users I have the following configuration.
>+++++++++++++++++++++++++++++++++++++++++++++
>carlos     User-Password == "carlos"
>         Service-Type = Framed-User,
>         Tunnel-Type = VLAN,
>         Tunnel-Medium-Type = IEEE-802,
>         Tunnel-Private-Group-Id = 2
>
>saul    User-Password == "saul"
>         Service-Type = Framed-User,
>         Tunnel-Type = VLAN,
>         Tunnel-Medium-Type = IEEE-802,
>         Tunnel-Private-Group-ID = 4
>
>+++++++++++++++++++++++++++++++++++++++++++++
>
>Now the problem is that: The PC client (WindowsXP) is connected to the
>port 17 for that it is included in the vlan 4. When I intro the user:
>carlos and his password: carlos it shouldn't autenticate becauses it
>user is asigned to the vlan 2. But the problem is that the user is
>autenticate and has access to the vlan4.
>
>My conclution is that: Tunnel-Type = VLAN,
>                        Tunnel-Medium-Type = IEEE-802,
>                        Tunnel-Private-Group-Id = 2
>don work.

Your conclusion is most likely wrong. It sounds like you don't have
dynamic VLANs. Tunnel attributes will then get ignored and only username
& password will be relevant. So client will connect. Tunnel attributes
are sent in the reply to the switch. If the switch doesn't support
dynamic VLAN assignment ...

Ivan Kalik
Kalik Informatika ISP




More information about the Freeradius-Users mailing list