Dell 6248 and Dynamic VLAN Assignment
Luke
technodolt at gmail.com
Fri Oct 31 02:20:08 CET 2008
Hi :)
I'm trying to get dynamic VLAN assignment to work with my Dell 6248,
which they officially support as of firmware revision 2.1.0.13.
I'm using freeradius version 2.1.1
I think I'm sending the information the correct way from freeradius, to wit:
DEFAULT Auth-Type == MS-CHAP
Tunnel-Type = VLAN,
Tunnel-Medium-Type = 802,
Tunnel-Private-Group-ID = 3
(this is in my users file)
When watching the debug output from radiusd -X, I can see it sending
these messages back to the Dell switch. However, the dell switch is
not correctly assigning the VLAN.
The information from the release notes from Dell is as follows:
802.1x Option 81
The Tunnel Attribute indicates the tunneling protocol to be used or
the tunneling protocol in use at the Authenticator. In particular, it
may be desirable to allow a supplicant (MAC based) or port (Port
Based) to be placed into a particular Virtual LAN (VLAN) based on the
result of the authentication. To achieve the distribution of the VLAN
id to the supplicant, the tunnel attribute can be used.
For use in VLAN assignment, the following tunnel attributes are used:
Tunnel-Type=VLAN (13)
Tunnel-Medium-Type=802
Tunnel-Private-Group-ID=VLANID, where VLANID is 12-bits, taking a
value between 1 and 4093.
The NAS-IP Attribute indicates the identifying IP Address of the NAS
(Switch or Access Point) which is requesting authentication of the
user, and should be unique to the NAS within the scope of the RADIUS
server. NAS-IP-Address is only used in Access-Request packets. Either
NAS-IP-Address or NAS-Identifier must be present in an Access-Request
packet.
I can see from my Dell switch that this stuff is enabled, but for some
reason it's still not setting the VLAN.
Does anyone have any suggestions?
Thanks.
More information about the Freeradius-Users
mailing list