Radius+Huwaei switch + auto VLan Assignment issue
Ivan Kalik
tnt at kalik.net
Mon Jun 22 11:26:03 CEST 2009
> When we try the authentication with this user account, although radius
> log send the
>
> VLAN attributes (Tunnel-Type, Tunnel-Medium-Type, Tunnel-Private-Group-ID)
> in
>
> Access-Challenge messages and finally send an Access-Accept message, the
> switch
>
> does not assign the right VLAN( the switching from VLAN 1 to VLAN 2 does
> not
>
> occur) and the user still in VLAN 1. We note that there is no VLAN
> attribute in
>
> Access-Accept message.
>
> What may be wrong ?
...
> MSCHAP Success
> ++[eap] returns handled
> } # server (null)
> PEAP: Got tunneled reply RADIUS code 11
> Tunnel-Private-Group-Id:0 = "2"
> Tunnel-Medium-Type:0 = IEEE-802
> Tunnel-Type:0 = VLAN
> EAP-Message =
> 0x010a00331a0309002e533d45324635434146333132433946454341393932443738373436364344424342443444364643444134
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x0c186c320d1276bedb16c1e664f42fe2
> PEAP: Processing from tunneled session code 0x7c52c0 11
> Tunnel-Private-Group-Id:0 = "2"
> Tunnel-Medium-Type:0 = IEEE-802
> Tunnel-Type:0 = VLAN
> EAP-Message =
> 0x010a00331a0309002e533d45324635434146333132433946454341393932443738373436364344424342443444364643444134
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x0c186c320d1276bedb16c1e664f42fe2
Attributes are available in the tunnel ...
...
> Sending Access-Accept of id 32 to 192.168.100.5 port 5001
> MS-MPPE-Recv-Key =
> 0x3fc9ad8eb5c61fa194fbcf43ec68aa879a28a6f2b25d5dcc96531f47dccdae69
> MS-MPPE-Send-Key =
> 0xaf8ead06473463ae03e04ac1cc4f09e8e827287effa7ccaf360b0b8bbc2ed18e
> EAP-Message = 0x030b0004
> Message-Authenticator = 0x00000000000000000000000000000000
> User-Name = "toto"
... but not in the final reply. Enable use_tunneled_reply in peap section
of eap.conf.
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list