Freeradius 1.1.6 and Cisco 2000 Wirelss Controller

Brian Ertel bsertel at amherst.edu
Mon Jul 16 15:04:43 CEST 2007 

Ivan,

Yes, the controller does have VLAN 157 configured, that is actually the original client vlan configured before I started testing with vlan tags from freeradius.

Thanks,

Brian

-----Original Message-----
From: freeradius-users-bounces+bsertel=amherst.edu at lists.freeradius.org [mailto:freeradius-users-bounces+bsertel=amherst.edu at lists.freeradius.org] On Behalf Of tnt at kalik.co.yu
Sent: Saturday, July 14, 2007 11:26 AM
To: FreeRadius users mailing list
Subject: Re: Freeradius 1.1.6 and Cisco 2000 Wirelss Controller

Radius is doing it's bit. Your problem is with the Controller
configuration. Have you configured a VLAN with ID of 157 on the
Controller? Have you enabled Radius override of default settings on WLAN?

Ivan Kalik
Kalik Informatika ISP


Dana 13/7/2007, "Brian Ertel" <bsertel at amherst.edu> piše:

>Hi,
>
>I've gotten a bit further but am still getting stuck.  I have the Cisco
>Wireless Controller configured to hit Freeradius for MAC Address
>Authentication.  Freeradius sees the request from the controller and
>sends back the configure attributes from the users file but the
>controller doesn't seem to see it correctly (the desired VLAN tag) and I
>end up in the default VLAN as configured on the controller.  Below is my
>users, clients.conf, and radiusd verbose data output.  Any thoughts?
>
>Ready to process requests.
>rad_recv: Access-Request packet from host 148.85.34.82:32768, id=35,
>length=174
>        User-Name = "00:0e:35:1c:e0:52"
>        Called-Station-Id = "00-1a-6d-6b-f0-80:2000test"
>        Calling-Station-Id = "00-0e-35-1c-e0-52"
>        NAS-Port = 1
>        NAS-IP-Address = 148.85.34.82
>        NAS-Identifier = "WLC-34-82"
>        Airespace-Wlan-Id = 1
>        User-Password = "testing"
>        Service-Type = Call-Check
>        Framed-MTU = 1300
>        NAS-Port-Type = Wireless-802.11
>        Tunnel-Type:0 = VLAN
>        Tunnel-Medium-Type:0 = IEEE-802
>        Tunnel-Private-Group-Id:0 = "159"
>  Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 0
>  modcall[authorize]: module "preprocess" returns ok for request 0
>  modcall[authorize]: module "chap" returns noop for request 0
>  modcall[authorize]: module "mschap" returns noop for request 0
>    rlm_realm: No '@' in User-Name = "00:0e:35:1c:e0:52", looking up
>realm NULL
>    rlm_realm: No such realm "NULL"
>  modcall[authorize]: module "suffix" returns noop for request 0
>  rlm_eap: No EAP-Message, not doing EAP
>  modcall[authorize]: module "eap" returns noop for request 0
>    users: Matched entry 00:0e:35:1c:e0:52 at line 80
>  modcall[authorize]: module "files" returns ok for request 0
>modcall: leaving group authorize (returns ok) for request 0
>  rad_check_password:  Found Auth-Type Local
>auth: type Local
>auth: user supplied User-Password matches local User-Password Sending
>Access-Accept of id 35 to 148.85.34.82 port 32768
>        Tunnel-Medium-Type:0 = IEEE-802
>        Tunnel-Type:0 = VLAN
>        Tunnel-Private-Group-Id:0 = "157"
>Finished request 0
>Going to the next request
>--- Walking the entire request list ---
>Waking up in 6 seconds...
>--- Walking the entire request list ---
>Cleaning up request 0 ID 35 with timestamp 4697de6a Nothing to do.
>Sleeping until we see a request.
>
>
>____________________________________________________________
>
>00:0e:35:1c:e0:52 Auth-Type := Local, User-Password == "testing"
>
>        Tunnel-Medium-Type = "IEEE-802",
>        Tunnel-Type = "VLAN",
>        Tunnel-Private-Group-Id = "157",
>
>______________________________________________________________
>
>client 148.85.34.82 {
>        #
>        #  The shared secret use to "encrypt" and "sign" packets between
>        #  the NAS and FreeRADIUS.  You MUST change this secret from the
>        #  default, otherwise it's not a secret any more!
>        #
>        #  The secret can be any string, up to 31 characters in length.
>        #
>        secret          = xxxxxxx
>
>        #
>        #  The short name is used as an alias for the fully qualified
>        #  domain name, or the IP address.
>        #
>        shortname       = controller
>
>        #
>        # the following three fields are optional, but may be used by
>        # checkrad.pl for simultaneous use checks
>        #
>
>        #
>        # The nastype tells 'checkrad.pl' which NAS-specific method to
>        #  use to query the NAS for simultaneous use.
>        #
>        #  Permitted NAS types are:
>        #
>        #       cisco
>        #       computone
>        #       livingston
>        #       max40xx
>        #       multitech
>        #       netserver
>        #       pathras
>        #       patton
>        #       portslave
>        #       tc
>        #       usrhiper
>        #       other           # for all other types
>
>        #
>        nastype     = other     # localhost isn't usually a NAS...
>
>_____________________
>
>Brian Ertel
>Network Administrator
>Amherst College
>413-542-8320
>bsertel at amherst.edu
>_____________________
>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list