vlan and freeradius
omega bk
omegabk at gmail.com
Thu Mar 4 13:05:33 CET 2010
yet
} # server inner-tunnel
[peap] Got tunneled reply code 2
Service-Type = Framed-User
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = 802
Tunnel-Private-Group-Id:0 = "120"
EAP-Message = 0x030b0004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "linatest"
[peap] Got tunneled reply RADIUS code 2
Service-Type = Framed-User
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = 802
Tunnel-Private-Group-Id:0 = "120"
EAP-Message = 0x030b0004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "linatest"
[peap] Tunneled authentication was successful.
[peap] SUCCESS
[peap] Saving tunneled attributes for later
means freeradius sent correctly VLAN attributes, but switch doesn't received
them.
Any one can help me?
2010/3/4 omega bk <omegabk at gmail.com>
> means vlan is not communicated between the
> freeradius and switch, but we don't know why
>
>
>
> 2010/3/4 omega bk <omegabk at gmail.com>
>
> hello,
>>
>> still with the same issue about vlan assignment.
>>
>> so to sum up
>>
>> In my users file:
>> ############
>>
>> doctor Cleartext-Password := "mypass"
>> cisco-avpair= "tunnel-type(#64)=VLAN(13)",
>> cisco-avpair= "tunnel-medium-type(#65) = 802 media(6)",
>> cisco-avpair= "tunnel-private-group-ID(#81) = 100",
>>
>> Session-Timeout = "28800",
>> Termination-Action = "RADIUS-Request"
>>
>> #######################
>>
>> in my switch
>> --------------------
>> aaa new-model
>> aaa authentication dot1x default group radius
>> aaa authorization network default group radius
>>
>> dot1x system-auth-control
>>
>> !
>> interface FastEthernet0/24 => for successful authentication ( client
>> is wired there)
>> switchport access vlan 100
>> switchport mode access
>> dot1x pae authenticator
>> dot1x port-control auto
>> dot1x auth-fail vlan 120
>> spanning-tree portfast
>>
>> interface FastEthernet0/22
>> switchport access vlan 120
>> switchport mode access
>> spanning-tree portfast
>> !
>> interface FastEthernet0/23
>> switchport access vlan 120
>> switchport mode access
>> spanning-tree portfast
>>
>> radius-server host x.x.x.x auth-port 1812 acct-port 1813 key miamiam
>> radius-server source-ports 1645-1646
>> radius-server retransmit 5
>> radius-server vsa send authentication
>>
>> ---------------------------
>>
>>
>> so the authentication for doctor is good in vlan 100, but if i change to
>> cisco-avpair= "tunnel-private-group-ID(#81) = 120", i'm stuck to vlan 100.
>>
>> Any noe can help me?
>>
>> thanks
>>
>>
>>
>>
>>
>>
>>
>>
>> 2010/3/4 Alan DeKok <aland at deployingradius.com>
>>
>> Jens Link wrote:
>>> > @Alan: I would document VMPS in some more detail in the wiki if my
>>> > access would be working. ;-)
>>>
>>> It seems to be fine now.
>>>
>>> Alan DeKok.
>>> -
>>> List info/subscribe/unsubscribe? See
>>> http://www.freeradius.org/list/users.html
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100304/c278a2c8/attachment.html>
More information about the Freeradius-Users
mailing list