Assign VLAN

Rangel, Luciano luciano.rangel at
Mon Dec 6 22:21:49 CET 2010


In my switch I see that radius send vlan 0 but as Access-chalange send vlan 200 as below.

Sending Access-Challenge of id 155 to port 1645
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "200"
        EAP-Message = 0x0103001604108840585485ec8c2c8e14826bdf5ec42b
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x42b5c77d42b6c3940045ff626d0da231

I would like to know what is wrong with the syntax of my user file for send vlan 0 instead of vlan 200:

User file:

DEFAULT     Auth-Type = ntlm_auth
            Tunnel-Type = 13,
            Tunnel-Medium-Type = 6,
            Tunnel-Private-Group-ID = 200


Luciano Rangel

-----Original Message-----
From: at [ at] On Behalf Of Alan DeKok
Sent: sábado, 4 de dezembro de 2010 08:16
To: FreeRadius users mailing list
Subject: Re: Assign VLAN

Rangel, Luciano wrote:
> I Success authentication but the switch not assign vlan 200 to client
> port as log below:
> *Why the switch taking the VLAN 0?*

  Because the switch is ignoring the VLAN in the Access-Request.

> PS. I tested sending attribute with Cisco ACS and ran

  There's no magic here.  Look at the Access-Request from ACS.  It's
different than the Access-Request from FreeRADIUS.

  So... make FreeRADIUS send the same attributes in the Access-Request.
 It *will* work.

  Alan DeKok.
List info/subscribe/unsubscribe? See

Think green - keep it on the screen.

This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.

More information about the Freeradius-Users mailing list