Cisco Aironet 1130ag dynamic VLAN assignment

tnt at kalik.net tnt at kalik.net
Fri Jan 23 17:30:39 CET 2009


>I have been having trouble recently with getting dynamic VLAN
>assignment working on my Cisco AP. Clients are successfully
>authenticating with FreeRADIUS. However, they do not seem to be
>picking up extra attributes from the "users" file (below is the
>relevant portion of it).
>
>wgraeber        NT-Password := "XXX"
>              Tunnel-Type = VLAN,
>              Tunnel-Medium-Type = 802,
>              Tunnel-Private-Group-ID = 100
>
>The users are just directed to their original VLAN instead of this
>portion overriding it. When I try to authenticate to the access point
>with "radtest," I get the following output:
>
># radtest wgraeber XXX 127.0.0.1 10 XXX
>Sending Access-Request of id 42 to 127.0.0.1 port 1812
>       User-Name = "wgraeber"
>       User-Password = "XXX"
>       NAS-IP-Address = 127.0.0.1
>       NAS-Port = 10
>rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=42, length=37
>       Tunnel-Type:0 = VLAN
>       Tunnel-Medium-Type:0 = 802
>       Tunnel-Private-Group-Id:0 = "100"
>
>Furthermore, the Tunnel-Type, Tunnel-Medium-Type, and
>Tunnel-Private-Group-Id attributes in the console when actually
>authenticating and watching the output of "radiusd -X" on another
>machine. The access point *should* support this out of the box
>according to the Cisco specs. This is my first FreeRADIUS
>implementation, so I don't know if I'm missing any magic options.
>

You have done what you were suposed to on freeradius. Do debug aaa on
Cisco and see what has happened to the attributes.

Ivan Kalik
Kalik Informatika ISP




More information about the Freeradius-Users mailing list