Radius+Huwaei switch + auto VLan Assignment issue

Ivan Kalik tnt at kalik.net
Mon Jun 22 11:26:03 CEST 2009


>    When we try the authentication with this user account, although radius
> log send the
>
> VLAN attributes (Tunnel-Type, Tunnel-Medium-Type, Tunnel-Private-Group-ID)
> in
>
> Access-Challenge messages and finally send an Access-Accept message, the
> switch
>
> does not assign the right VLAN(  the switching from VLAN 1 to VLAN 2 does
> not
>
> occur) and the user still in VLAN 1. We note that there is no VLAN
> attribute in
>
> Access-Accept message.
>      
>         What may be wrong ?

...
> MSCHAP Success
> ++[eap] returns handled
> } # server (null)
>   PEAP: Got tunneled reply RADIUS code 11
>         Tunnel-Private-Group-Id:0 = "2"
>         Tunnel-Medium-Type:0 = IEEE-802
>         Tunnel-Type:0 = VLAN
>         EAP-Message =
> 0x010a00331a0309002e533d45324635434146333132433946454341393932443738373436364344424342443444364643444134
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0x0c186c320d1276bedb16c1e664f42fe2
>   PEAP: Processing from tunneled session code 0x7c52c0 11
>         Tunnel-Private-Group-Id:0 = "2"
>         Tunnel-Medium-Type:0 = IEEE-802
>         Tunnel-Type:0 = VLAN
>         EAP-Message =
> 0x010a00331a0309002e533d45324635434146333132433946454341393932443738373436364344424342443444364643444134
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0x0c186c320d1276bedb16c1e664f42fe2

Attributes are available in the tunnel ...

...
> Sending Access-Accept of id 32 to 192.168.100.5 port 5001
>         MS-MPPE-Recv-Key =
> 0x3fc9ad8eb5c61fa194fbcf43ec68aa879a28a6f2b25d5dcc96531f47dccdae69
>         MS-MPPE-Send-Key =
> 0xaf8ead06473463ae03e04ac1cc4f09e8e827287effa7ccaf360b0b8bbc2ed18e
>         EAP-Message = 0x030b0004
>         Message-Authenticator = 0x00000000000000000000000000000000
>         User-Name = "toto"

... but not in the final reply. Enable use_tunneled_reply in peap section
of eap.conf.

Ivan Kalik
Kalik Informatika ISP




More information about the Freeradius-Users mailing list