you certainly arent checking that the VLAN is 2 - and if it isnt then fail the authentication. i can understand what you are trying to do...but do do THAT sort of thing you will need to use checking attributes, not setting attributes.
you should find that the port which carlos is attached to is being put onto VLAN 2 is the config is correct.
How do I know if my certificate checking that the vlan is 2 and why the authentication don't fail? What certificate i shoud use, so that valid the: carlos User-Password == "carlos" Service-Type = Framed-User, Tunnel-Type = VLAN, Tunnel-Medium-Type = IEEE-802, Tunnel-Private-Group-Id = 2 and if the user carlos access to the vlan 2, he can access, otherwise he doesn't access. But in my case the user carlos can access to any vlan. for example to vlan 3 or 4. Tell me what certificate I can to use that valid the Tunnel-Type and form it. ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.