VLAN Mapping with MS-CHAP

robiwan at arcor.de robiwan at arcor.de
Fri May 5 08:12:56 CEST 2006 

Dear all,
I try to put my Windows-XP-Clients in different VLANs on my Cisco Catalyst 3750 Switch, depending on their Account.
And i use two differnt authentication methods: MD5-Challange and MS-CHAP.

User hugo should be mapped in VLAN 50 and authenticated via MD5-Challange
User roka at Domain WINLAB should be mapped in VLAN 40 and authenticated via MS-CHAP

Now both authentication works (thanks to all again) but i have difficulties to map user roka in his right VLAN.

Here is my users file:
-----------------------snip------------------------

hugo            User-Password == "hugo01"
                Tunnel-Type = VLAN,
                Tunnel-Medium-Type = 6,
                Tunnel-Private-Group-ID = 50

roka            Auth-Type := MS-CHAP
                Tunnel-Type = VLAN,
                Tunnel-Medium-Type = 6,
                Tunnel-Private-Group-ID = 40

---------------------snap--------------------------

Here is the output of my radiusd with user hugo
The Cisco-Switch map user hugo in VLAN 50:

Login OK: [hugo/<no User-Password attribute>] (from client M4DEMRCO0000015 port 50103 cli 00-0B-5D-84-AE-CA)
Sending Access-Accept of id 210 to 10.187.0.15 port 1645
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "50"
        EAP-Message = 0x03010004
        Message-Authenticator = 0x00000000000000000000000000000000
        User-Name = "hugo"
Finished request 1
Going to the next request


Here is the output with user roka
The Cisco-Switch map user roka in VLAN 1, and NOT in VLAN 40, i miss the Tunnel informations:

Login OK: [WINLAB\\roka/<no User-Password attribute>] (from client M4DEMRCO0000015 port 50103 cli 00-0B-AA-84-AE-CA)
Sending Access-Accept of id 220 to 10.187.0.15 port 1645
        Framed-IP-Address = 255.255.255.254
        Framed-MTU = 576
        Service-Type = Framed-User
        MS-MPPE-Recv-Key = 0x70235fcdc1bc208578d0a26edb3c6d0b09f7cb712d4e9b66e7b2bea5b159c4f2
        MS-MPPE-Send-Key = 0x6208fd4f8c1d2cd07a5e4597c98707dc70c94f29898eb0672e4572808efbd13d
        EAP-Message = 0x03090004
        Message-Authenticator = 0x00000000000000000000000000000000
        User-Name = "WINLAB\\roka"
Finished request 9
Going to the next request


So, any ideas what to do, that for user roka my radiusd also say to my Switch the Tunnel things:

Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "40"


Thanks in advance

Robert


Viel oder wenig? Schnell oder langsam? Unbegrenzt surfen + telefonieren
ohne Zeit- und Volumenbegrenzung? DAS TOP ANGEBOT JETZT bei Arcor: günstig
und schnell mit DSL - das All-Inclusive-Paket für clevere Doppel-Sparer,
nur  44,85 €  inkl. DSL- und ISDN-Grundgebühr!
http://www.arcor.de/rd/emf-dsl-2

More information about the Freeradius-Users mailing list