VLAN assigment and Alcatel Omniswitch 7800
Santa Yeh
santayeh at ms32.hinet.net
Wed Feb 14 16:19:33 CET 2007
Hello Oxiel,
Are you doing AVLAN or 802.1x?
1. I created a new file - dictionary.alcatel
#
# dictionary.alcatel
#
# Alcatel VSAs
#
VENDOR Alcatel 800
#
# Standard attribute
#
ATTRIBUTE Alcatel-Auth-Group 1 integer Alcatel
ATTRIBUTE Alcatel-Slot-Port 2 string Alcatel
ATTRIBUTE Alcatel-Time-of-Day 3 string Alcatel
ATTRIBUTE Alcatel-Client-IP-Addr 4 ipaddr Alcatel
ATTRIBUTE Alcatel-Group-Desc 5 string Alcatel
ATTRIBUTE Alcatel-Port-Desc 6 string Alcatel
VALUE Acct-Authentic AUTH-AVCLIENT 4
VALUE Acct-Authentic AUTH-TELNET 5
VALUE Acct-Authentic AUTH-HTTP 6
2. For users file
user1 Auth-Type := Local, Password = "user1"
Alcatel-Auth-Group = 3
3. For AVLAN
vlan 3 authentication enable
vlan port mobile 1/1 bpdu ignore enable
vlan port 1/1 authenticate enable
ip interface vlan3 address 192.168.11.254 mask 255.255.255.0 vlan 3
aaa radius-server rad1 host 192.168.10.211 key radkey
aaa authentication vlan single-mode rad1
aaa accounting vlan rad1
aaa avlan default dhcp 192.168.11.254
aaa avlan dns alcatel
avlan 3 auth-ip 192.168.11.253
4. For 802.1x (Sorry, just from my memory)
vlan 3 802.1x enable
vlan port mobile 1/1 bpdu ignore enable
vlan port 1/1 802.1x enable
ip interface vlan3 address 192.168.11.254 mask 255.255.255.0 vlan 3
aaa radius-server rad1 host 192.168.10.211 key radkey
aaa authentication 802.1x rad1
aaa accounting 802/1x rad1
Regards,
Santa Yeh
Oxiel Contreras ??:
>Hello Santa.
>
>El Domingo, 11 de Febrero de 2007 22:57, Santa Yeh escribió:
>
>
>>You can not use the standard attributes :
>>
>>Tunnel-Type:0 += VLAN
>>Tunnel-Medium-Type:0 += IEEE-802
>>Tunnel-Private-Group-Id:0 += "3"
>>
>>The VSA for Alcatel switches is Alcatel-Auth-Group, that is why you
>>should check the user manual.
>>
>>
>
>I've added the Alcatel-Auth-Group attribute to dictionary.alcatel like these:
>
>ATTRIBUTE Alcatel-Auth-Group 134 integer
>
>and modified users file like these:
>
>Tunnel-Type += 13,
>Tunnel-Medium-Type += 6,
>Alcatel-Auth-Group += 3
>
>now i see the Access-Accept part of the log which is sent it with the
>attribute, but nothing happens.
>
>Sending Access-Accept of id 181 to 192.168.10.20 port 1074
> Tunnel-Type:0 += VLAN
> Tunnel-Medium-Type:0 += IEEE-802
> Alcatel-Auth-Group += 3
> MS-MPPE-Recv-Key =
>0xc90404d5af28944ae97417b2336cf56e204fe5afab5c7c7e7e50045ec24473b3
> MS-MPPE-Send-Key =
>0xc990b966cc4bed66c7be062e54795ddb253efe28c8426ecbb298d302c64b9359
> EAP-Message = 0x030d0004
> Message-Authenticator = 0x00000000000000000000000000000000
> User-Name = "MYDOMAIN\\jose"
>Finished request 8
>
>Could you please pass me the relevant parts of your switch setup ?
>
>vlan port mobile
>vlan authentication
>aaa
>
>Is it necessary to defina vlan rules on the switch in order to move the mobile
>port to the vlan designed with Alcatel-Auth-Group ?
>
>Thanks and best regards
>
>Oxiel
>Chiacchiera con i tuoi amici in tempo reale!
> http://it.yahoo.com/mail_it/foot/*http://it.messenger.yahoo.com
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070214/0f18446b/attachment.html>
More information about the Freeradius-Users
mailing list