Freeradius 1.1.6 and Cisco 2000 Wirelss Controller

Brian Ertel bsertel at amherst.edu
Fri Jul 13 22:32:25 CEST 2007


Hi,

I've gotten a bit further but am still getting stuck.  I have the Cisco
Wireless Controller configured to hit Freeradius for MAC Address
Authentication.  Freeradius sees the request from the controller and
sends back the configure attributes from the users file but the
controller doesn't seem to see it correctly (the desired VLAN tag) and I
end up in the default VLAN as configured on the controller.  Below is my
users, clients.conf, and radiusd verbose data output.  Any thoughts?

Ready to process requests.
rad_recv: Access-Request packet from host 148.85.34.82:32768, id=35,
length=174
        User-Name = "00:0e:35:1c:e0:52"
        Called-Station-Id = "00-1a-6d-6b-f0-80:2000test"
        Calling-Station-Id = "00-0e-35-1c-e0-52"
        NAS-Port = 1
        NAS-IP-Address = 148.85.34.82
        NAS-Identifier = "WLC-34-82"
        Airespace-Wlan-Id = 1
        User-Password = "testing"
        Service-Type = Call-Check
        Framed-MTU = 1300
        NAS-Port-Type = Wireless-802.11
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "159"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: No '@' in User-Name = "00:0e:35:1c:e0:52", looking up
realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 0
    users: Matched entry 00:0e:35:1c:e0:52 at line 80
  modcall[authorize]: module "files" returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
  rad_check_password:  Found Auth-Type Local
auth: type Local
auth: user supplied User-Password matches local User-Password Sending
Access-Accept of id 35 to 148.85.34.82 port 32768
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Type:0 = VLAN
        Tunnel-Private-Group-Id:0 = "157"
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 35 with timestamp 4697de6a Nothing to do.
Sleeping until we see a request.


____________________________________________________________

00:0e:35:1c:e0:52 Auth-Type := Local, User-Password == "testing"
        
        Tunnel-Medium-Type = "IEEE-802",
        Tunnel-Type = "VLAN",
        Tunnel-Private-Group-Id = "157",

______________________________________________________________

client 148.85.34.82 {
        #
        #  The shared secret use to "encrypt" and "sign" packets between
        #  the NAS and FreeRADIUS.  You MUST change this secret from the
        #  default, otherwise it's not a secret any more!
        #
        #  The secret can be any string, up to 31 characters in length.
        #
        secret          = xxxxxxx

        #
        #  The short name is used as an alias for the fully qualified
        #  domain name, or the IP address.
        #
        shortname       = controller

        #
        # the following three fields are optional, but may be used by
        # checkrad.pl for simultaneous use checks
        #

        #
        # The nastype tells 'checkrad.pl' which NAS-specific method to
        #  use to query the NAS for simultaneous use.
        #
        #  Permitted NAS types are:
        #
        #       cisco
        #       computone
        #       livingston
        #       max40xx
        #       multitech
        #       netserver
        #       pathras
        #       patton
        #       portslave
        #       tc
        #       usrhiper
        #       other           # for all other types

        #
        nastype     = other     # localhost isn't usually a NAS...

_____________________

Brian Ertel
Network Administrator
Amherst College
413-542-8320
bsertel at amherst.edu 
_____________________





More information about the Freeradius-Users mailing list