Dell 6248 and Dynamic VLAN Assignment
tnt at kalik.net
tnt at kalik.net
Fri Oct 31 10:27:58 CET 2008
Dictionary value for that Tunnel-Medium-Type is IEEE-802.
Ivan Kalik
Kalik Informatika ISP
Dana 31/10/2008, "Luke" <technodolt at gmail.com> piše:
>Hi :)
>
>I'm trying to get dynamic VLAN assignment to work with my Dell 6248,
>which they officially support as of firmware revision 2.1.0.13.
>
>I'm using freeradius version 2.1.1
>
>I think I'm sending the information the correct way from freeradius, to wit:
>
>DEFAULT Auth-Type == MS-CHAP
> Tunnel-Type = VLAN,
> Tunnel-Medium-Type = 802,
> Tunnel-Private-Group-ID = 3
>
>(this is in my users file)
>
>When watching the debug output from radiusd -X, I can see it sending
>these messages back to the Dell switch. However, the dell switch is
>not correctly assigning the VLAN.
>
>The information from the release notes from Dell is as follows:
>
>802.1x Option 81
>The Tunnel Attribute indicates the tunneling protocol to be used or
>the tunneling protocol in use at the Authenticator. In particular, it
>may be desirable to allow a supplicant (MAC based) or port (Port
>Based) to be placed into a particular Virtual LAN (VLAN) based on the
>result of the authentication. To achieve the distribution of the VLAN
>id to the supplicant, the tunnel attribute can be used.
>For use in VLAN assignment, the following tunnel attributes are used:
>Tunnel-Type=VLAN (13)
>Tunnel-Medium-Type=802
>Tunnel-Private-Group-ID=VLANID, where VLANID is 12-bits, taking a
>value between 1 and 4093.
>The NAS-IP Attribute indicates the identifying IP Address of the NAS
>(Switch or Access Point) which is requesting authentication of the
>user, and should be unique to the NAS within the scope of the RADIUS
>server. NAS-IP-Address is only used in Access-Request packets. Either
>NAS-IP-Address or NAS-Identifier must be present in an Access-Request
>packet.
>
>I can see from my Dell switch that this stuff is enabled, but for some
>reason it's still not setting the VLAN.
>
>Does anyone have any suggestions?
>
>Thanks.
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
More information about the Freeradius-Users
mailing list