Assign VLAN

Rangel, Luciano luciano.rangel at logica.com
Fri Dec 3 22:39:51 CET 2010 

Hello Dears,

I´m using Freeradius for EAPOL authentication with AD (ntlm). My users file is:

more /etc/raddb/users

DEFAULT    Auth-Type = ntlm_auth
                      Tunnel-Type = "VLAN",
                      Tunnel-Medium-Type = "IEEE-802",
                      Tunnel-Private-Group-Id = "200"

I Success authentication but the switch not assign vlan 200 to client port as log below:

Why the switch taking the VLAN 0?

23:27:44: dot1x-ev:dot1x_vlan_assign_authc_success: Successfully assigned VLAN 0 to interface FastEthernet0/22
23:27:44: dot1x-sm:Posting AUTHC_SUCCESS on Client=1A6F44C
23:27:44:     dot1x_auth Fa0/22: during state auth_authc_result, got event 23(authcSuccess)
23:27:44: @@@ dot1x_auth Fa0/22: auth_authc_result -> auth_authz_success
23:27:44: dot1x-sm:Fa0/22:001e.6847.9261:auth_authz_success_enter called
23:27:44: dot1x-ev:dot1x_switch_supplicant_add: Adding 001e.6847.9261 on FastEthernet0/22 in vlan 1, domain is DATA
23:27:44: dot1x-ev:dot1x_switch_addr_add: Added MAC 001e.6847.9261 to vlan 1 on interface FastEthernet0/22
23:27:44: dot1x-ev:dot1x_switch_is_dot1x_forwarding_enabled: Forwarding is disabled on Fa0/22
23:27:44: dot1x-ev:ignored vlan 1 vp is added on interface FastEthernet0/22
23:27:44: dot1x-ev:dot1x_switch_is_dot1x_forwarding_enabled: Forwarding is disabled on Fa0/22
23:27:44: dot1x-ev:dot1x_switch_port_authorized: set dot1x ask handler on interface FastEthernet0/22
23:27:44: dot1x-ev:Received successful Authz complete for 001e.6847.9261
23:27:44: dot1x-sm:Posting AUTHZ_SUCCESS on Client=1A6F44C
23:27:44:     dot1x_auth Fa0/22: during state auth_authz_success, got event 26(authzSuccess)
23:27:44: @@@ dot1x_auth Fa0/22: auth_authz_success -> auth_authenticated
23:27:44: dot1x-sm:Fa0/22:001e.6847.9261:auth_authenticated_enter called
23:27:44: dot1x-ev:FastEthernet0/22:Sending EAPOL packet to group PAE address
23:27:44: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/22.
23:27:44: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet0/22
23:27:45: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/22, changed state to up
23:28:15: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up

PS. I tested sending attribute with Cisco ACS and ran



Luciano Rangel



Think green - keep it on the screen.

This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20101203/3629d4cf/attachment.html>

More information about the Freeradius-Users mailing list