Assign VLAN

Rangel, Luciano luciano.rangel at logica.com
Tue Dec 7 00:15:46 CET 2010


Hi Alan,

   I see my switch log.

When I use freeradius my switch show logs below:

23:27:44: dot1x-ev:dot1x_vlan_assign_authc_success: Successfully assigned VLAN 0 to interface FastEthernet0/22
23:27:44: dot1x-sm:Posting AUTHC_SUCCESS on Client=1A6F44C
23:27:44:     dot1x_auth Fa0/22: during state auth_authc_result, got event 23(authcSuccess)
23:27:44: @@@ dot1x_auth Fa0/22: auth_authc_result -> auth_authz_success
23:27:44: dot1x-sm:Fa0/22:001e.6847.9261:auth_authz_success_enter called
23:27:44: dot1x-ev:dot1x_switch_supplicant_add: Adding 001e.6847.9261 on FastEthernet0/22 in vlan 1, domain is DATA
23:27:44: dot1x-ev:dot1x_switch_addr_add: Added MAC 001e.6847.9261 to vlan 1 on interface FastEthernet0/22
23:27:44: dot1x-ev:dot1x_switch_is_dot1x_forwarding_enabled: Forwarding is disabled on Fa0/22
23:27:44: dot1x-ev:ignored vlan 1 vp is added on interface FastEthernet0/22
23:27:44: dot1x-ev:dot1x_switch_is_dot1x_forwarding_enabled: Forwarding is disabled on Fa0/22
23:27:44: dot1x-ev:dot1x_switch_port_authorized: set dot1x ask handler on interface FastEthernet0/22
23:27:44: dot1x-ev:Received successful Authz complete for 001e.6847.9261
23:27:44: dot1x-sm:Posting AUTHZ_SUCCESS on Client=1A6F44C
23:27:44:     dot1x_auth Fa0/22: during state auth_authz_success, got event 26(authzSuccess)
23:27:44: @@@ dot1x_auth Fa0/22: auth_authz_success -> auth_authenticated
23:27:44: dot1x-sm:Fa0/22:001e.6847.9261:auth_authenticated_enter called
23:27:44: dot1x-ev:FastEthernet0/22:Sending EAPOL packet to group PAE address
23:27:44: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/22.
23:27:44: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet0/22
23:27:45: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/22, changed state to up
23:28:15: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up


When I use ACS my switch show logs below:

4d01h: dot1x-ev:dot1x_vlan_assign_authc_success: Successfully assigned VLAN 200 to interface FastEthernet0/22
4d01h: dot1x-sm:Posting AUTHC_SUCCESS on Client=1A6F44C
4d01h:     dot1x_auth Fa0/22: during state auth_authc_result, got event 23(authcSuccess)
4d01h: @@@ dot1x_auth Fa0/22: auth_authc_result -> auth_authz_success
4d01h: dot1x-sm:Fa0/22:001e.6847.9261:auth_authz_success_enter called
4d01h: dot1x-ev:dot1x_switch_supplicant_add: Adding 001e.6847.9261 on FastEthernet0/22 in vlan 200, domain is DATA
4d01h: dot1x-ev:dot1x_switch_addr_add: Added MAC 001e.6847.9261 to vlan 200 on interface FastEthernet0/22
4d01h: dot1x-ev:dot1x_switch_is_dot1x_forwarding_enabled: Forwarding is disabled on Fa0/22
4d01h: dot1x-ev:ignored vlan 200 vp is added on interface FastEthernet0/22
4d01h: dot1x-ev:dot1x_switch_is_dot1x_forwarding_enabled: Forwarding is disabled on Fa0/22
4d01h: dot1x-ev:dot1x_switch_port_authorized: set dot1x ask handler on interface FastEthernet0/22
4d01h: dot1x-ev:Received successful Authz complete for 001e.6847.9261
4d01h: dot1x-sm:Posting AUTHZ_SUCCESS on Client=1A6F44C
4d01h:     dot1x_auth Fa0/22: during state auth_authz_success, got event 26(authzSuccess)
4d01h: @@@ dot1x_auth Fa0/22: auth_authz_success -> auth_authenticated
4d01h: dot1x-sm:Fa0/22:001e.6847.9261:auth_authenticated_enter called
4d01h: dot1x-ev:FastEthernet0/22:Sending EAPOL packet to group PAE address
4d01h: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/22.
4d01h: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet0/22
4d01h: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/22, changed state to up


Regards,

Luciano Rangel

-----Original Message-----
From: freeradius-users-bounces+luciano.rangel=logica.com at lists.freeradius.org [mailto:freeradius-users-bounces+luciano.rangel=logica.com at lists.freeradius.org] On Behalf Of Alan Buxey
Sent: segunda-feira, 6 de dezembro de 2010 20:45
To: FreeRadius users mailing list
Subject: Re: Assign VLAN

Hi,

> Sending Access-Challenge of id 155 to 10.0.0.3 port 1645
>         Tunnel-Type:0 = VLAN
>         Tunnel-Medium-Type:0 = IEEE-802
>         Tunnel-Private-Group-Id:0 = "200"
>         EAP-Message = 0x0103001604108840585485ec8c2c8e14826bdf5ec42b
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0x42b5c77d42b6c3940045ff626d0da231
> 
> 
> I would like to know what is wrong with the syntax of my user file for send vlan 0 instead of vlan 200:

what makes you think its sending vlan 0  ??

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Think green - keep it on the screen.

This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.






More information about the Freeradius-Users mailing list