Mikal-<br> Yes, I have done a packet trace. The Filter-Id attribute is sent on the 2nd packet of the authentication attempt, during the first access-challenge. After that, Filter-Id isnt mentioned again until after the Access-Accept packet on the Accounting-Request. However, on the Accounting-Request packet its shown as Students, not Faculty. The whole authentication process is 20 packets, excluding the accounting packets. The only thing I noticed that may be out of the ordinary is that there are 10 access-request packets, with 9 of them being duplicates to the first request. The Filter-Id attribute is only sent on the first challenge response. Im not sure if this is normal or not as I dont have anything to compare to.<br>
<br>Do you see something similar with your configuration?<br>
<br><br><div class="gmail_quote">On Thu, Dec 2, 2010 at 1:01 PM, mikal <span dir="ltr"><<a href="mailto:mpm@atceast.com">mpm@atceast.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>
Rob,<br>
<br>
You shouldn't need to check the "restrict policy" option. My setup is<br>
actually using a Captive Portal for the users to enter credentials. So I<br>
start them off with a non-auth policy that uses a "Routed" topology and then<br>
once authenticated uses a "Bridge at AP" topology.<br>
<br>
So the controller is serving up the CP page, and then I'm using freeradius<br>
with a MySQL backend.<br>
<br>
Did you capture a trace from the controller interface just to ensure that<br>
the attribute/value pair is appearing at the controller interface correctly?<br>
Wireless Controller->Utilities->Wireless Controller TCP Dump Management.<br>
<br>
So my VNS setup looks like:<br>
<br>
VNS Name: SMFC<br>
WLAN Service: SMFC<br>
Non-Auth policy: SMFC NonAuth<br>
Auth Policy: SMFC Auth (support is correct, this will be<br>
overwritten if the radius-accept contains a Filter-Id value that matches a<br>
configured policy)<br>
<div class="im">Restrict policy set unchecked<br>
Enable checked<br>
<br>
</div>Under VNS Configuration->Policies I have a policy: named Policy<br>
Name:NewmanN.<br>
<br>
I throw a row in my MySQL radreply table to use a Filter-Id value of NewmanN<br>
for a particular user (test.user11 in this case) and I'm off and running.<br>
If I set the Filter-Id value in my MySQL row to Newmann, or newmanN, etc.<br>
then I get the default policy applied to test.user11. The same behavior<br>
that you're seeing.<br>
<div class="im"><br>
"ktest Cleartext-Password := "password"<br>
Filter-Id = "Faculty"<br>
<br>
When I authenticate with this user I get:<br>
<br>
Client session MAC [00:24:D6:A6:CE:CE] on AP [JRG-1FL-AP09] with SSID [TEST]<br>
from VNS [TEST] with username [ktest] has been successfully authenticated.<br>
Policy [Students] is applied.<br>
<br>
I get the same msg for an ldap user that has the Filter-Id set to Faculty as<br>
well.<br>
<br>
For comparison, on the controller my vns settings include:<br>
VNS Name: TEST<br>
WLAN Service: TESTWLAN<br>
Non-Auth policy: NonAuth<br>
Auth Policy: Students (support told me this doesnt matter what<br>
its set to...the Filter-Id will override this)<br>
Restrict policy set unchecked<br>
Enable checked<br>
<br>
I have another policy named Faculty that is assigned the AuthFaculty<br>
topology (which sets the tagged vlan).<br>
<br>
How does this compare to your setup? Do I need the restrict policy set<br>
option checked and config'd?"<br>
<br>
</div><font color="#888888">--<br>
View this message in context: <a href="http://freeradius.1045715.n5.nabble.com/Attribute-not-passing-to-NAS-tp3289418p3289846.html" target="_blank">http://freeradius.1045715.n5.nabble.com/Attribute-not-passing-to-NAS-tp3289418p3289846.html</a><br>
</font><div><div></div><div class="h5">Sent from the FreeRadius - User mailing list archive at Nabble.com.<br>
-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
</div></div></blockquote></div><br>