Cisco Aironet 1130ag dynamic VLAN assignment

[tnt at kalik.net]

>I have been having trouble recently with getting dynamic VLAN
>assignment working on my Cisco AP. Clients are successfully
>authenticating with FreeRADIUS. However, they do not seem to be
>picking up extra attributes from the "users" file (below is the
>relevant portion of it).
>
>wgraeber        NT-Password := "XXX"
>              Tunnel-Type = VLAN,
>              Tunnel-Medium-Type = 802,
>              Tunnel-Private-Group-ID = 100
>
>The users are just directed to their original VLAN instead of this
>portion overriding it. When I try to authenticate to the access point
>with "radtest," I get the following output:
>
># radtest wgraeber XXX 127.0.0.1 10 XXX
>Sending Access-Request of id 42 to 127.0.0.1 port 1812
>       User-Name = "wgraeber"
>       User-Password = "XXX"
>       NAS-IP-Address = 127.0.0.1
>       NAS-Port = 10
>rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=42, length=37
>       Tunnel-Type:0 = VLAN
>       Tunnel-Medium-Type:0 = 802
>       Tunnel-Private-Group-Id:0 = "100"
>
>Furthermore, the Tunnel-Type, Tunnel-Medium-Type, and
>Tunnel-Private-Group-Id attributes in the console when actually
>authenticating and watching the output of "radiusd -X" on another
>machine. The access point *should* support this out of the box
>according to the Cisco specs. This is my first FreeRADIUS
>implementation, so I don't know if I'm missing any magic options.
>

You have done what you were suposed to on freeradius. Do debug aaa on
Cisco and see what has happened to the attributes.

Ivan Kalik
Kalik Informatika ISP