<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-15"
http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Hello Oxiel,<br>
<br>
Are you doing AVLAN or 802.1x?<br>
<br>
1. I created a new file - dictionary.alcatel<br>
<br>
#<br>
# dictionary.alcatel<br>
#<br>
# Alcatel VSAs<br>
# <br>
<br>
VENDOR Alcatel 800<br>
<br>
#<br>
# Standard attribute<br>
#<br>
ATTRIBUTE Alcatel-Auth-Group 1 integer Alcatel<br>
ATTRIBUTE Alcatel-Slot-Port 2 string Alcatel<br>
ATTRIBUTE Alcatel-Time-of-Day 3 string Alcatel<br>
ATTRIBUTE Alcatel-Client-IP-Addr 4 ipaddr Alcatel<br>
ATTRIBUTE Alcatel-Group-Desc 5 string Alcatel<br>
ATTRIBUTE Alcatel-Port-Desc 6 string Alcatel<br>
<br>
VALUE Acct-Authentic AUTH-AVCLIENT 4<br>
VALUE Acct-Authentic AUTH-TELNET 5<br>
VALUE Acct-Authentic AUTH-HTTP 6 <br>
<br>
2. For users file<br>
<br>
user1 Auth-Type := Local, Password = "user1"<br>
Alcatel-Auth-Group = 3 <br>
<br>
3. For AVLAN<br>
<br>
vlan 3 authentication enable<br>
vlan port mobile 1/1 bpdu ignore enable<br>
vlan port 1/1 authenticate enable<br>
ip interface vlan3 address 192.168.11.254 mask 255.255.255.0 vlan 3<br>
aaa radius-server rad1 host 192.168.10.211 key radkey<br>
aaa authentication vlan single-mode rad1<br>
aaa accounting vlan rad1<br>
aaa avlan default dhcp 192.168.11.254<br>
aaa avlan dns alcatel<br>
avlan 3 auth-ip 192.168.11.253<br>
<br>
4. For 802.1x (Sorry, just from my memory)<br>
<br>
vlan 3 802.1x enable<br>
vlan port mobile 1/1 bpdu ignore enable<br>
vlan port 1/1 802.1x enable<br>
ip interface vlan3 address 192.168.11.254 mask 255.255.255.0 vlan 3<br>
aaa radius-server rad1 host 192.168.10.211 key radkey<br>
aaa authentication 802.1x rad1<br>
aaa accounting 802/1x rad1<br>
<br>
Regards,<br>
Santa Yeh<br>
<br>
Oxiel Contreras 提到:
<blockquote cite="mid200702131612.18172.oxielc@yahoo.it" type="cite">
<pre wrap="">Hello Santa.
El Domingo, 11 de Febrero de 2007 22:57, Santa Yeh escribió:
</pre>
<blockquote type="cite">
<pre wrap="">You can not use the standard attributes :
Tunnel-Type:0 += VLAN
Tunnel-Medium-Type:0 += IEEE-802
Tunnel-Private-Group-Id:0 += "3"
The VSA for Alcatel switches is Alcatel-Auth-Group, that is why you
should check the user manual.
</pre>
</blockquote>
<pre wrap=""><!---->
I've added the Alcatel-Auth-Group attribute to dictionary.alcatel like these:
ATTRIBUTE Alcatel-Auth-Group 134 integer
and modified users file like these:
Tunnel-Type += 13,
Tunnel-Medium-Type += 6,
Alcatel-Auth-Group += 3
now i see the Access-Accept part of the log which is sent it with the
attribute, but nothing happens.
Sending Access-Accept of id 181 to 192.168.10.20 port 1074
Tunnel-Type:0 += VLAN
Tunnel-Medium-Type:0 += IEEE-802
Alcatel-Auth-Group += 3
MS-MPPE-Recv-Key =
0xc90404d5af28944ae97417b2336cf56e204fe5afab5c7c7e7e50045ec24473b3
MS-MPPE-Send-Key =
0xc990b966cc4bed66c7be062e54795ddb253efe28c8426ecbb298d302c64b9359
EAP-Message = 0x030d0004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "MYDOMAIN\\jose"
Finished request 8
Could you please pass me the relevant parts of your switch setup ?
vlan port mobile
vlan authentication
aaa
Is it necessary to defina vlan rules on the switch in order to move the mobile
port to the vlan designed with Alcatel-Auth-Group ?
Thanks and best regards
Oxiel
Chiacchiera con i tuoi amici in tempo reale!
<a class="moz-txt-link-freetext" href="http://it.yahoo.com/mail_it/foot/*http://it.messenger.yahoo.com">http://it.yahoo.com/mail_it/foot/*http://it.messenger.yahoo.com</a>
-
List info/subscribe/unsubscribe? See <a class="moz-txt-link-freetext" href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a>
</pre>
</blockquote>
<br>
</body>
</html>