Cisco Aironet 1130ag dynamic VLAN assignment

William Graeber swilly at swilly.tk
Fri Jan 23 17:16:55 CET 2009


I have been having trouble recently with getting dynamic VLAN
assignment working on my Cisco AP. Clients are successfully
authenticating with FreeRADIUS. However, they do not seem to be
picking up extra attributes from the "users" file (below is the
relevant portion of it).

wgraeber        NT-Password := "XXX"
              Tunnel-Type = VLAN,
              Tunnel-Medium-Type = 802,
              Tunnel-Private-Group-ID = 100

The users are just directed to their original VLAN instead of this
portion overriding it. When I try to authenticate to the access point
with "radtest," I get the following output:

# radtest wgraeber XXX 127.0.0.1 10 XXX
Sending Access-Request of id 42 to 127.0.0.1 port 1812
       User-Name = "wgraeber"
       User-Password = "XXX"
       NAS-IP-Address = 127.0.0.1
       NAS-Port = 10
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=42, length=37
       Tunnel-Type:0 = VLAN
       Tunnel-Medium-Type:0 = 802
       Tunnel-Private-Group-Id:0 = "100"

Furthermore, the Tunnel-Type, Tunnel-Medium-Type, and
Tunnel-Private-Group-Id attributes in the console when actually
authenticating and watching the output of "radiusd -X" on another
machine. The access point *should* support this out of the box
according to the Cisco specs. This is my first FreeRADIUS
implementation, so I don't know if I'm missing any magic options.

Also, I have searched the archives and tried several suggestions to no
avail (in eap.conf, copy_request_to_tunnel and use_tunneled_reply
under the PEAP segment). I will happily post more configuration
options / debug info if needed.

Thanks in advance,
William



More information about the Freeradius-Users mailing list