[SOLVED] - Re: VLAN assigment and Alcatel Omniswitch 7800

Oxiel Contreras oxielc at yahoo.it
Thu Feb 15 03:30:17 CET 2007 

Hello Santa.

This worked great!!!

I was doing 802.1x only, no AVLAN.

For any soul out there trying to implement 802.1x with FreeRadius on 
OpenSuSE10.1 and Omniswitch 7800 and Active Directory as taught on:

http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO

Take note of the following points:

1) If you use PEAP, install the patch from MS to Radius as noted on the FAQ, 
you need someone with Gold Support from M$ to get it or email me off the 
list :)

http://wiki.freeradius.org/FreeRADIUS_Wiki:FAQ#PEAP_Doesn.27t_Work

2) If PEAP is your election, install the CA and generate the certificates on 
the Radius server.

3) Modify the permissions of execution for the winbind daemon in order to 
acomplish the ntlm_auth process, FIXME, now using root permissions.

4) Use Xylan-Auth-Group as VSA in /etc/raddb/users as the attribute for 
assigning VLAN, or generate the new dictionary.alcatel as Santa Yeh described 
below, and then use Alcatel-Auth-Group as the attribute for VLAN

5) Use the setup for omniswitch as described below by Santa Yeh

6) Thank all these great people who develop and support this great software.

Thanks Alan, A.L.M., Jeremy, Marcel and Santa.

Best regards

Oxiel

El Miércoles, 14 de Febrero de 2007 11:19, Santa Yeh escribió:

> Hello Oxiel,
>
> Are you doing AVLAN or 802.1x?
>
> 1. I created a new file - dictionary.alcatel
>
> #
> # dictionary.alcatel
> #
> #           Alcatel VSAs
> #
>
> VENDOR        Alcatel        800
>
> #
> # Standard attribute
> #
> ATTRIBUTE    Alcatel-Auth-Group    1    integer        Alcatel
> ATTRIBUTE    Alcatel-Slot-Port    2    string        Alcatel
> ATTRIBUTE    Alcatel-Time-of-Day    3    string        Alcatel
> ATTRIBUTE    Alcatel-Client-IP-Addr    4    ipaddr        Alcatel
> ATTRIBUTE    Alcatel-Group-Desc    5    string        Alcatel
> ATTRIBUTE    Alcatel-Port-Desc    6    string        Alcatel
>
> VALUE        Acct-Authentic        AUTH-AVCLIENT    4
> VALUE        Acct-Authentic        AUTH-TELNET    5
> VALUE        Acct-Authentic        AUTH-HTTP    6
>
> 2. For users file
>
> user1        Auth-Type := Local, Password = "user1"
>                 Alcatel-Auth-Group = 3
>
> 3. For AVLAN
>
> vlan 3 authentication enable
> vlan port mobile 1/1 bpdu ignore enable
> vlan port 1/1 authenticate enable
> ip interface vlan3 address 192.168.11.254 mask 255.255.255.0 vlan 3
> aaa radius-server rad1 host 192.168.10.211 key radkey
> aaa authentication vlan single-mode rad1
> aaa accounting vlan rad1
> aaa avlan default dhcp 192.168.11.254
> aaa avlan dns alcatel
> avlan 3 auth-ip 192.168.11.253
>
> 4. For 802.1x (Sorry, just from my memory)
>
> vlan 3 802.1x enable
> vlan port mobile 1/1 bpdu ignore enable
> vlan port 1/1 802.1x enable
> ip interface vlan3 address 192.168.11.254 mask 255.255.255.0 vlan 3
> aaa radius-server rad1 host 192.168.10.211 key radkey
> aaa authentication 802.1x rad1
> aaa accounting 802/1x rad1
Chiacchiera con i tuoi amici in tempo reale! 
 http://it.yahoo.com/mail_it/foot/*http://it.messenger.yahoo.com

More information about the Freeradius-Users mailing list