Assign VLAN
Gary Gatten
Ggatten at waddell.com
Thu Dec 9 23:38:46 CET 2010
I haven't read this thread line by line, but I'd say start with the most simple config first - the users file. Forget everything else until 802.1x VLAN assignments work correctly from there.
I started down this path a year'ish ago and only got to the testing phase before the project (ie: me) lost momentum. But, the confs are still there and I'll post mine that worked with our 2960's. But again, it's very simple: 99% default settings, only minor changes to the users and clients file to support my environment.
I'll try to get to this tomorrow.
G
-----Original Message-----
From: freeradius-users-bounces+ggatten=waddell.com at lists.freeradius.org [mailto:freeradius-users-bounces+ggatten=waddell.com at lists.freeradius.org] On Behalf Of Rangel, Luciano
Sent: Thursday, December 09, 2010 4:30 PM
To: FreeRadius users mailing list
Subject: RE: Assign VLAN
Freeradius Access-Accept:
Sending Access-Accept of id 29 to 10.0.0.3 port 1645
MS-MPPE-Recv-Key = 0x88a007eda1d4841ea348c3a0d49fd963e3f188a3f77509c3d3eb045d3a23fa7c
MS-MPPE-Send-Key = 0xbe8168ed341e6a4f0332a9d0c8b1893f574e98fa4af7af74dbebf944f687eaf7
EAP-Message = 0x030c0004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "GROUPINFRA\\rangell"
Finished request 10.
I don´t see attributes (VLAN, IEEE-802 and 200) in freerdius access-accept, but in a stretch of logs I see messages below:
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[eap] Freeing handler
++[eap] returns ok
Login OK: [GROUPINFRA\\rangell] (from client switch-2960 port 0 via TLS tunnel)
WARNING: Empty section. Using default return values.
} # server inner-tunnel
[peap] Got tunneled reply code 2
Service-Type = Framed-User
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "200"
EAP-Message = 0x030b0004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "GROUPINFRA\\rangell"
[peap] Got tunneled reply RADIUS code 2
Service-Type = Framed-User
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "200"
EAP-Message = 0x030b0004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "GROUPINFRA\\rangell"
[peap] Tunneled authentication was successful.
[peap] SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 28 to 10.0.0.3 port 1645
EAP-Message = 0x010c00261900170301001b0472c7380855a9fa41e49897807ecfeecbf7e6868eb3fe9540e8a3
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd32e175dda220e5c8cbe3424bc53aa13
Finished request 9.
Regards,
Luciano Rangel
Think green - keep it on the screen.
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
<font size="1">
<div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'>
</div>
"This email is intended to be reviewed by only the intended recipient
and may contain information that is privileged and/or confidential.
If you are not the intended recipient, you are hereby notified that
any review, use, dissemination, disclosure or copying of this email
and its attachments, if any, is strictly prohibited. If you have
received this email in error, please immediately notify the sender by
return email and delete this email from your system."
</font>
More information about the Freeradius-Users
mailing list