Attribute not passing to NAS?

Rob Yamry ryamry at
Thu Dec 2 15:05:59 CET 2010

I have a Enterasys HiPath controller that Im trying to pass an attribute to
throw the user into the correct policy upon authentication.  I talked with
their support and they say to set the Filter-Id attribute to the name of the
policy set on the controller.  I did, but it doenst seem to pass.  In the
debug for radius I get this:

[peap] Got tunneled reply RADIUS code 2
        Filter-Id = "Faculty"
        EAP-Message = 0x03080004
        Message-Authenticator = 0x00000000000000000000000000000000
        User-Name = "ktest"

and it goes on to:

Cleaning up request 18 ID 109 with timestamp +12
        User-Name = "ktest"
        NAS-IP-Address =
        NAS-Port = 222
        Framed-MTU = 1400
        Called-Station-Id = "00:1f:45:7f:83:fa"
        Calling-Station-Id = "00:24:d6:a6:ce:ce"
        NAS-Port-Type = Wireless-802.11
        NAS-Identifier = "TEST"
        Siemens-AP-Serial = "0500010143052305"
        Siemens-AP-Name = "AP09"
        Siemens-VNS-Name = "TEST"
        Siemens-BSSID = "TEST"
        Siemens-BSS-MAC = "00:1f:45:7f:83:fa"
        Siemens-Policy = "Students"
        Siemens-Topology = "TopoStudents"
        Siemens-Ingress-Rate = "Unlimited"
        Siemens-Egress-Rate = "Unlimited"

I use LDAP (via eDirectory) on the backend and authentication is working
fine.  It pulls the correct value for the Filter-Id attribute, but it doesnt
seem to take effect.  The Siemens-xxx attributes are coming from the
controller and you can see based on the Siemens-Policy = "Students" attribute
that the student policy is still applying - not the Faculty policy as is
defined in the Filter-Id attribute.  I have also tried to set the
Siemens-Policy attribute on the user but that did not work either.

Am I missing something in the config to have this value sent back to the

FreeRadius 2.1.8
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list