Dell 6248 and Dynamic VLAN Assignment
Anders Holm
anders.holm at sysadmin.ie
Fri Oct 31 08:09:18 CET 2008
Talk to the vendor?
Sent from my iPhone
On 31 Oct 2008, at 01:20, Luke <technodolt at gmail.com> wrote:
> Hi :)
>
> I'm trying to get dynamic VLAN assignment to work with my Dell 6248,
> which they officially support as of firmware revision 2.1.0.13.
>
> I'm using freeradius version 2.1.1
>
> I think I'm sending the information the correct way from freeradius,
> to wit:
>
> DEFAULT Auth-Type == MS-CHAP
> Tunnel-Type = VLAN,
> Tunnel-Medium-Type = 802,
> Tunnel-Private-Group-ID = 3
>
> (this is in my users file)
>
> When watching the debug output from radiusd -X, I can see it sending
> these messages back to the Dell switch. However, the dell switch is
> not correctly assigning the VLAN.
>
> The information from the release notes from Dell is as follows:
>
> 802.1x Option 81
> The Tunnel Attribute indicates the tunneling protocol to be used or
> the tunneling protocol in use at the Authenticator. In particular, it
> may be desirable to allow a supplicant (MAC based) or port (Port
> Based) to be placed into a particular Virtual LAN (VLAN) based on the
> result of the authentication. To achieve the distribution of the VLAN
> id to the supplicant, the tunnel attribute can be used.
> For use in VLAN assignment, the following tunnel attributes are used:
> Tunnel-Type=VLAN (13)
> Tunnel-Medium-Type=802
> Tunnel-Private-Group-ID=VLANID, where VLANID is 12-bits, taking a
> value between 1 and 4093.
> The NAS-IP Attribute indicates the identifying IP Address of the NAS
> (Switch or Access Point) which is requesting authentication of the
> user, and should be unique to the NAS within the scope of the RADIUS
> server. NAS-IP-Address is only used in Access-Request packets. Either
> NAS-IP-Address or NAS-Identifier must be present in an Access-Request
> packet.
>
> I can see from my Dell switch that this stuff is enabled, but for some
> reason it's still not setting the VLAN.
>
> Does anyone have any suggestions?
>
> Thanks.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list