assigning a vlan-id after successful authentication
Seferovic Edvin
edvin.seferovic at kolp.at
Mon Nov 14 04:39:35 CET 2005
I am aware of the fact that 1 VLAN per port is possible. Besides - I am
using mac-based authentication, so Ive tried what happens when I connect
only one computer per switch port, but as I already have written, the
Radius-Reply is kind of ignored :-(. Has anyone have such problems or its
just me? :-(
Jeff, do you maybe know how VLAN assignment is being done with mac-based
auth? Would it on "link-down" set the port VLAN to the manually set for
unauthorised clients?
TIA !
Regards,
Edvin Seferovic
_____
From: freeradius-users-bounces at lists.freeradius.org
[mailto:freeradius-users-bounces at lists.freeradius.org] On Behalf Of Jeff
Reilly
Sent: Montag, 14. November 2005 04:11
To: edvin.seferovic at kolp.at; FreeRadius users mailing list
Subject: RE: assigning a vlan-id after successful authentication
The 2626 supports 1 VLAN per port. I'm not sure exactly how the 2626 deals
with multiple supplicants... but I would bet (based on passed experience on
other switches)... the 2626 ignores all 802.1x (EAP Starts) from any
subsequent endpoints after the first successful authentication (until the
port sees link-down or an EAP logoff form the original supplicant).
Whatever provisioning (VLANs in your case) is based on the first endpoints
authentication/authorization all other endpoints will share the same level
of access as the first (authenticated supplicant).
Jeff
-------- Original Message --------
Subject: RE: assigning a vlan-id after successful authentication
From: "Seferovic Edvin" <edvin.seferovic at kolp.at>
Date: Sun, November 13, 2005 2:35 pm
To: "'FreeRadius users mailing list'"
<freeradius-users at lists.freeradius.org>
Sure but that ain't working.. at least not on my switches and don't ask me
why... I usually have 2-3 computers on one port ( but computers have the
same VLANID in RADIUS ), so might that be the problem?
Regards,
Edvin Seferovic
_____
From: freeradius-users-bounces at lists.freeradius.org
[mailto:freeradius-users-bounces at lists.freeradius.org] On Behalf Of Jeff
Reilly
Sent: Sonntag, 13. November 2005 21:58
To: FreeRadius users mailing list
Subject: RE: assigning a vlan-id after successful authentication
First, this information is well documented both by ProCurve and in RFC3580.
That said the AV pairs you're looking for are as follows:
Tunnel-Medium-Type = 802
Tunnel-Private-Group-ID = 123 (the VLAN)
Tunnel-Type = VLAN
Jeff
-------- Original Message --------
Subject: assigning a vlan-id after successful authentication
From: Sven Juergensen <sjuergensen at tng.de>
Date: Fri, November 11, 2005 8:48 pm
To: freeradius-users at lists.freeradius.org
hello people,
how does the above mentioned work? i am
not quite sure where to start. is it
embedded in the 'Reply-Message' or does
it have to do with the tunnel-types?
i'm trying to supply a vlan-id to an
hp2626 with mac-based authentication.
couldn't find this in the faq or
relevant conf-files either - what am
i missing?
thanks alot in advance,
sven
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
_____
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20051114/47e64b3f/attachment.html>
More information about the Freeradius-Users
mailing list