Radius+Huwaei switch + auto VLan, Assignment issue

Attou eric gouroueric at yahoo.fr
Tue Jun 23 19:19:41 CEST 2009


use-tunneled-reply = yes is already set in peap section in eap.conf

The config on our switch look like this: 

  [uac_quid002]dis cur

  sysname uac_quid002
#
 radius nas-ip 192.168.100.5
#
 domain default enable uacdom
#
 dhcp-server 1 ip  192.168.100.2
 dhcp-server 2 ip  192.168.5.1
#
 dot1x
 dot1x authentication-method eap
#
radius scheme system
radius scheme uac_aaa
 server-type standard
 primary authentication 172.21.0.10
 primary accounting 172.21.0.10
 key authentication xxxxx
 key accounting xxxxxx
 user-name-format without-domain
 nas-ip 192.168.100.5
#
domain system
     scheme radius-scheme uac_aaa
     authentication radius-scheme uac_aaa
domain uacdom
     scheme radius-scheme uac_aaa
     authentication radius-scheme uac_aaa
#
local-user admin
 password simple xxxxxx
 service-type telnet
 level 3
#
vlan 1
#
vlan 2
 name students
#
vlan 3
 name STAFF
#
#
interface Vlan-interface1
 ip address 192.168.100.5 255.255.255.0
#
interface Vlan-interface2
 ip address 192.168.5.5 255.255.255.0
#
interface Vlan-interface3
 ip address 10.3.0.2 255.255.0.0
#
interface Vlan-interface4
 ip address 10.4.0.2 255.255.0.0
#
#
interface Ethernet1/0/1
 port link-type hybrid
 port hybrid vlan 1 to 4 tagged
 dot1x port-method portbased
 dot1x guest-vlan 1
 dot1x
#
interface Ethernet1/0/2
 dot1x port-method portbased
#
interface Ethernet1/0/3
 dot1x port-method portbased
 dot1x guest-vlan 1
#
interface Ethernet1/0/4
 port link-type hybrid
 port hybrid vlan 1 to 4 tagged
 dot1x port-method portbased
 dot1x guest-vlan 1
 dot1x
#
interface Ethernet1/0/5
 port link-type hybrid
 port hybrid vlan 1 to 4 tagged
 dot1x port-method portbased
 dot1x guest-vlan 1
 dot1x
#
interface Ethernet1/0/10
 port link-type trunk
 port trunk permit vlan 1 to 4
 dot1x port-method portbased
 dot1x guest-vlan 1
#

the detailed domain setting is as follow: 

[uac_quid002]dis domain uacdom
The contents of Domain uacdom:
   State = Active
   RADIUS Scheme = uac_aaa
   Authentication : RADIUS Scheme = uac_aaa
   Access-limit = Disable
   Vlan-assignment-mode = Integer
   Domain User Template:
   Idle-cut = Disable
   Self-service = Disable
   Messenger Time = Disable


so Vlan-assignment-mode is Integer.

Where are the tricks?


________________________________
De : Guk Victor <v.guk at zaz.zp.ua>
À : freeradius-users at lists.freeradius.org
Envoyé le : Mardi, 23 Juin 2009, 15h23mn 40s
Objet : Re: Re : Re : Re : Re : Radius+Huwaei switch + auto VLan, Assignment issue

You will place use-tunneled-reply=yes in peap config.

This is right config 3Com 4500(V3.03.00):
#
domain default enable company
#
dot1x
dot1x authentication-method eap
undo dot1x handshake enable
#
radius scheme Radius
server-type extended
primary authentication x.x.x.x
primary accounting x.x.x.x
key authentication qwerty
key accounting qwerty
user-name-format without-domain
#
domain company
scheme radius-scheme Radius
vlan-assignment-mode string
accounting optional
#
#
interface Ethernet1/0/1
stp edged-port enable
broadcast-suppression pps 3000
packet-filter inbound link-group 4999 rule 0
dot1x port-method portbased
dot1x
#

File "users":
username    Tunnel-Type = VLAN
        Tunnel-Medium-Type = IEEE-802
        Tunnel-Private-Group-ID = "2"

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090623/7175b4a5/attachment.html>


More information about the Freeradius-Users mailing list