Cisco Aironet 1130ag dynamic VLAN assignment
William Graeber
swilly at swilly.tk
Mon Jan 26 04:17:09 CET 2009
I may have solved my own problem - I have contradicting encryption
settings for each VLAN on the Cisco access point. I was testing the
setup by bumping the user from VLAN 200 (WPA-required) to VLAN 100
(open access). I'll give this a shot and post my results.
-William
On Sun, Jan 25, 2009 at 22:14, William Graeber <swilly at swilly.tk> wrote:
> Here is the output of Cisco debugging with "use_tunneled_reply = yes":
> http://dpaste.com/113022/
>
> Again, I really appreciate your help.
>
> -William
>
> On Sun, Jan 25, 2009 at 18:29, <tnt at kalik.net> wrote:
>>>I have modified eap.conf and added "use_tunneled_reply = yes" in the
>>>peap section. I have previously tried this, and obtained the same
>>>results. Whenever a client tries to login, they get cycled from
>>>authenticating/connecting very quickly. I've posted an example output
>>>from a radius debug: http://dpaste.com/112927/
>>>
>>
>> You are getting an Access-Accept with VLAN attributes now:
>>
>> Sending Access-Accept of id 199 to 10.0.0.254 port 1645
>> Tunnel-Medium-Type:0 = IEEE-802
>> Tunnel-Type:0 = VLAN
>> Tunnel-Private-Group-Id:0 = "100"
>> User-Name = "wgraeber"
>> MS-MPPE-Recv-Key =
>> 0x8d9a0e99e52c18b817039f9d503bbd00d66c3cf3927d2528460
>> 7bb4c52ab58f1
>> MS-MPPE-Send-Key =
>> 0x5b07ed87b3ddd6c9fe6186c9443d80cca1b7e24f393f854f585
>> 59d26a1100bfb
>> EAP-Message = 0x030a0004
>> Message-Authenticator = 0x00000000000000000000000000000000
>>
>> But AP is unhappy. Do debug dot11 aaa and see what is it complaining
>> about. It's missing something (probably Service-Type).
>>
>> Ivan Kalik
>> Kalik Informatika ISP
>>
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>
>
--
William M. Graeber
Furman University PMB 27335
3300 Poinsett Highway
Greenville, SC 29613
864 905 9533 (Mobile)
More information about the Freeradius-Users
mailing list