Assign VLAN
Alan DeKok
aland at deployingradius.com
Thu Dec 9 15:52:35 CET 2010
Rangel, Luciano wrote:
> I'm not trying debug logs in switch.
Then why are you looking at the debug log of the switch?
Why are you not looking at the debug log of the server?
> I simply answered the question of how I knew that my switch received vlan 0 instead 200.
Did the server *send* VLAN of 200?
You've looked at the config files, but have been going to great effort
to avoid looking at the debug output.
> The help I'm asking is:
>
> I send attribute Tunnel-Private-Group-Id = "200" with Freeradius and send same attribute with ACS. Why switch interpret differently.
No... you *think* you told FreeRADIUS to send VLAN 200. But you never
*checked* if it was sending that.
> I don´t search the problem. My users file in freeradius is correct, debug logs show that freeradius is send attribute correct.
You've never posted that.
> Why this not work?
Because the Access-Accept from ACS is *different* than the
Access-Accept from FreeRADIUS.
If you make the Access-Accept from FreeRADIUS the same as the
Access-Accept from ACS, it *will* work. There's no magic in RADIUS.
Use wireshark to look at the packets from ACS.
Alan DeKok.
More information about the Freeradius-Users
mailing list