vlan assign - 3com guest vlan

empirium empirium at o2.pl
Tue Dec 2 08:45:51 CET 2008 

tnt at kalik.net pisze:
>> But how to configure freeradius  to work in this scenario:
>> - freeradius check if it has proper mac addres in its users.conf, if it
>> has it assign the proper vlan (it works !)
>>     
>
> Yes.
>
>   
>> - if it doesnt find a mac in a file it assign vlan for examle 15 (I dont
>> know how to configure that in freeradius)
>>
>>     
>
> You don't. You configure that on the switch - if mac is not
> authenticated put the port into the guest VLAN.
>
> You can do that in freeradius, but should avoid it (it will interfere
> with other types of authentication):
>
> DEFAULT   Auth-Type = Accept
>                  guest VLAN configuration
>
> You would put that entry *after* all others in users file.
>
> Ivan Kalik
> Kalik Informatika ISP
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>   
Hi I put thin on the end of users.conf

DEFAULT Auth-Type = Accept
        Fall-Through = Yes,
        Tunnel-Medium-Type = 6,
        Tunnel-Private-Group-Id := 250,
        Tunnel-Type = VLAN

But the resultis still the same, i've got this in debug

rad_recv: Access-Request packet from host 10.77.24.37:5002, id=129, 
length=219
        User-Name = "00-11-25-b8-df-42"
        User-Password = "00-11-25-b8-df-42"
        NAS-IP-Address = 10.77.24.37
        NAS-Identifier = "001cc5b48702"
        NAS-Port = 33587215
        NAS-Port-Id = "unit=2;subslot=0;port=8;vlanid=15"
        NAS-Port-Type = Ethernet
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Calling-Station-Id = "0011-25b8-df42"
        Vendor-25506-Attr-26 = 0x0000018a
        Vendor-25506-Attr-255 = 0x34353030
        Vendor-25506-Attr-60 = 
0x302e302e302e302030303a31313a32353a62383a64663a3432
        Vendor-25506-Attr-59 = 0x38e68c62
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
  modcall[authorize]: module "preprocess" returns ok for request 2
  modcall[authorize]: module "chap" returns noop for request 2
  modcall[authorize]: module "mschap" returns noop for request 2
    rlm_realm: No '@' in User-Name = "00-11-25-b8-df-42", looking up 
realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 2
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 2
    users: Matched entry DEFAULT at line 152
    users: Matched entry DEFAULT at line 171
    users: Matched entry DEFAULT at line 183
  modcall[authorize]: module "files" returns ok for request 2
rlm_pap: WARNING! No "known good" password found for the user.  
Authentication may fail because of this.
  modcall[authorize]: module "pap" returns noop for request 2
modcall: leaving group authorize (returns ok) for request 2
  rad_check_password:  Found Auth-Type System
auth: type "System"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
  modcall[authenticate]: module "unix" returns notfound for request 2
modcall: leaving group authenticate (returns notfound) for request 2
auth: Failed to validate the user
Login incorrect: [00-11-25-b8-df-42] (from client admin-vlan-2 port 
33587215 cli 0011-25b8-df42)
Delaying request 1 for 1 seconds

Please help

More information about the Freeradius-Users mailing list