Assign VLAN from freeradius to Cisco 3550 switch.
Wassim Zaarour
wassim.zaarour at navlink.com
Wed Apr 25 13:31:56 CEST 2012
Hi David,
Yes eap is enabled in both inner-tunnel and default configuration.
From: David Peterson <davidp at wirelessconnections.net>
Organization: Wireless Connections
Reply-To: <davidp at wirelessconnections.net>, FreeRadius users mailing list
<freeradius-users at lists.freeradius.org>
Date: Wednesday, April 25, 2012 1:50 PM
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Subject: RE: Assign VLAN from freeradius to Cisco 3550 switch.
I am seeing EAP in the messages. Have you enabled EAP in your inner-tunnel
or at all in your config?
Either way this seems pretty clear:
3w6d: RADIUS: no appropriate authorization type for user.
David
From:
freeradius-users-bounces+davidp=wirelessconnections.net at lists.freeradius.org
[mailto:freeradius-users-bounces+davidp=wirelessconnections.net at lists.freera
dius.org] On Behalf Of Wassim Zaarour
Sent: Wednesday, April 25, 2012 1:56 AM
To: FreeRadius users mailing list
Subject: Assign VLAN from freeradius to Cisco 3550 switch.
Hi all,
I know this subject have been brought up but I'm kind of stuck and I hope I
can get a little help.
I am trying to assign vlans from freeradius to a cisco 3550 switch but its
not working.
I keep getting the following in the debug in the switch:
3w6d: RADIUS: Tunnel-Medium-Type [65] 6 01:Unsupported [6]
3w6d: RADIUS: Tunnel-Type [64] 6 01:Unsupported [13]
I read the mail archives and googled with no luck.
Users file configuration:
wassim Cleartext-Password := "wassim"
Tunnel-Medium-Type:1 = IEEE-802,
Tunnel-Type:1 = VLAN,
Tunnel-Private-Group-Id:1 = 100
Switch debug log:
3w6d: RADIUS(00000000): Send Access-Request to 192.168.1.57:1812 id
1645/122, len 460
3w6d: RADIUS: authenticator 34 D8 18 38 24 86 99 F6 - 69 03 2C EB E2 8A F4
79
3w6d: RADIUS: NAS-IP-Address [4] 6 192.168.1.8
3w6d: RADIUS: NAS-Port [5] 6 50023
3w6d: RADIUS: NAS-Port-Type [61] 6 Eth [15]
3w6d: RADIUS: User-Name [1] 8 "wassim"
3w6d: RADIUS: Called-Station-Id [30] 19 "00-15-F9-F8-4E-97"
3w6d: RADIUS: Calling-Station-Id [31] 19 "00-1A-80-3F-F6-A1"
3w6d: RADIUS: Service-Type [6] 6 Framed [2]
3w6d: RADIUS: Framed-MTU [12] 6 1500
3w6d: RADIUS: State [24] 18
3w6d: RADIUS: DB C1 1C E7 DF C4 09 5E 75 5E 5B 0F 23 3A 54 E7
[???????^u^[?#:T?]
3w6d: RADIUS: EAP-Message [79] 255
3w6d: RADIUS: 02 05 01 44 15 00 16 03 01 01 06 10 00 01 02 01
[???D????????????]
3w6d: RADIUS: 00 A5 F6 DC 7F B9 4A 99 44 84 66 ED D5 4D CA F5
[??????J?D?f??M??]
3w6d: RADIUS: 58 95 5F 5C CC FA E7 C3 B5 54 DB 01 C1 CA E1 62
[X?_\?????T?????b]
3w6d: RADIUS: 96 BF C1 E8 26 84 7C BF 56 7E 6A 9D 41 8C 0E 5C
[????&?|?V~j?A??\]
3w6d: RADIUS: E3 46 DC BE 33 38 28 7A 35 50 7D 7A 32 F8 A0 55
[?F??38(z5P}z2??U]
3w6d: RADIUS: 62 63 9B D1 15 8B C8 DC 97 D0 A3 DC 27 19 00 A0
[bc??????????'???]
3w6d: RADIUS: 61 CB C8 EC FA 02 EF 39 D8 5B CF CC 45 45 BF 08
[a??????9?[??EE??]
3w6d: RADIUS: C8 9E E5 87 70 DD 61 75 56 A5 B1 B6 B2 BA FC 3F
[????p?auV???????]
3w6d: RADIUS: FD A7 AC 37 DE DC 16 43 85 E9 ED 39 59 21 E5 19
[???7???C???9Y!??]
3w6d: RADIUS: 97 58 6D BC 3E B6 2C B5 BE 58 56 89 94 0B 70 B5
[?Xm?>?,??XV???p?]
3w6d: RADIUS: 49 F8 49 36 D7 B0 A8 44 10 A8 6F 05 B9 94 19 AB
[I?I6???D??o?????]
3w6d: RADIUS: 0C 52 00 4F BE D0 0D 99 56 12 B7 76 DF 07 04 C9
[?R?O????V??v????]
3w6d: RADIUS: 85 54 8D 3D E4 53 0C AF 49 15 CC D6 AD 02 62 43
[?T?=?S??I?????bC]
3w6d: RADIUS: 41 39 B8 1A 2F F0 40 09 93 BE 87 FD D9 CD AB 74
[A9??/?@????????t]
3w6d: RADIUS: F7 34 66 32 CC 87 4A 0B A7 3E 81 B1 F4 E4 EB 21
[?4f2??J??>?????!]
3w6d: RADIUS: DF 6F CD FF 9B 8A E6 87 A0 3B 3E B6 64
[?o???????;>?d]
3w6d: RADIUS: EAP-Message [79] 73
3w6d: RADIUS: E6 CB 54 03 10 69 D4 D2 7C D1 FA 89 72 F8 0C 53
[??T??i??|???r??S]
3w6d: RADIUS: 1B 78 32 E7 14 03 01 00 01 01 16 03 01 00 28 EA
[?x2???????????(?]
3w6d: RADIUS: 0B 2A A9 64 DE 57 6A 65 89 EA 19 63 4B 60 67 C8
[?*?d?Wje???cK`g?]
3w6d: RADIUS: CF C9 FF A2 A7 26 33 A5 C0 D0 CB 3C 01 F2 C5 96
[?????&3????<????]
3w6d: RADIUS: 38 65 0C 1F 39 1C 6F [8e??9?o]
3w6d: RADIUS: Message-Authenticato[80] 18
3w6d: RADIUS: FD AE 24 12 A9 F3 A5 BA F3 6D 60 52 F8 E0 D3 53
[??$??????m`R???S]
3w6d: RADIUS: Received from id 1645/122 192.168.1.57:1812, Access-Challenge,
len 119
3w6d: RADIUS: authenticator 57 E5 06 9F DD C4 E2 76 - E8 37 92 F1 C4 21 22
6B
3w6d: RADIUS: EAP-Message [79] 63
3w6d: RADIUS: 01 06 00 3D 15 80 00 00 00 33 14 03 01 00 01 01
[???=?????3??????]
3w6d: RADIUS: 16 03 01 00 28 87 23 7C B0 31 42 D1 B4 48 4A 89
[????(?#|?1B??HJ?]
3w6d: RADIUS: AB F3 22 51 D2 40 36 C9 45 DD 35 11 31 3C EF 59
[??"Q?@6?E?5?1<?Y]
3w6d: RADIUS: 86 B0 D3 D4 26 E3 58 DC E3 0F 76 3E 4A
[????&?X???v>J]
3w6d: RADIUS: Message-Authenticato[80] 18
3w6d: RADIUS: 49 9B 71 F9 9B 0C 53 BD D2 3D 20 79 8D F1 7F 9B [I?q???S??=
y????]
3w6d: RADIUS: State [24] 18
3w6d: RADIUS: DB C1 1C E7 DE C7 09 5E 75 5E 5B 0F 23 3A 54 E7
[???????^u^[?#:T?]
3w6d: RADIUS: EAP-login: length of eap packet = 61
3w6d: RADIUS: EAP-login: got challenge from radius
3w6d: RADIUS: Pick NAS IP for u=0x178E4C0 tableid=0 cfg_addr=0.0.0.0
3w6d: RADIUS: ustruct sharecount=1
3w6d: Radius: radius_port_info() success=1 radius_nas_port=1
3w6d: RADIUS: EAP-login: length of radius packet = 201 code = 1
3w6d: RADIUS(00000000): Send Access-Request to 192.168.1.57:1812 id
1645/123, len 201
3w6d: RADIUS: authenticator 99 15 53 A6 AB B7 0B 75 - 9F A7 5F 27 8F F1 2E
67
3w6d: RADIUS: NAS-IP-Address [4] 6 192.168.1.8
3w6d: RADIUS: NAS-Port [5] 6 50023
3w6d: RADIUS: NAS-Port-Type [61] 6 Eth [15]
3w6d: RADIUS: User-Name [1] 8 "wassim"
3w6d: RADIUS: Called-Station-Id [30] 19 "00-15-F9-F8-4E-97"
3w6d: RADIUS: Calling-Station-Id [31] 19 "00-1A-80-3F-F6-A1"
3w6d: RADIUS: Service-Type [6] 6 Framed [2]
3w6d: RADIUS: Framed-MTU [12] 6 1500
3w6d: RADIUS: State [24] 18
3w6d: RADIUS: DB C1 1C E7 DE C7 09 5E 75 5E 5B 0F 23 3A 54 E7
[???????^u^[?#:T?]
3w6d: RADIUS: EAP-Message [79] 69
3w6d: RADIUS: 02 06 00 43 15 00 17 03 01 00 38 BF 71 FC FA 04
[???C??????8?q???]
3w6d: RADIUS: BE DC FD CC 03 D2 7F 8B 09 63 2C B2 AE D8 AC 61
[?????????c,????a]
3w6d: RADIUS: 64 21 2B 00 ED 0E 6E E8 B0 49 50 6B 99 B8 88 A4
[d!+???n??IPk????]
3w6d: RADIUS: 36 C6 FD B9 F0 77 2D 82 28 0A 37 D1 D4 73 B4 59
[6????w-?(?7??s?Y]
3w6d: RADIUS: F9 37 E6 [?7?]
3w6d: RADIUS: Message-Authenticato[80] 18
3w6d: RADIUS: A2 59 A3 DE A6 98 5F 78 25 12 59 BB 4D B8 74 F0
[?Y????_x??Y?M?t?]
3w6d: RADIUS: Received from id 1645/123 192.168.1.57:1812, Access-Accept,
len 186
3w6d: RADIUS: authenticator C0 31 7F D7 A6 D4 1F C8 - 27 AA F0 99 EA 1F 92
C3
3w6d: RADIUS: Tunnel-Medium-Type [65] 6 01:Unsupported [6]
3w6d: RADIUS: Tunnel-Type [64] 6 01:Unsupported [13]
3w6d: RADIUS: Tunnel-Private-Group[81] 6 01:"100"
3w6d: RADIUS: Vendor, Microsoft [26] 58
3w6d: RADIUS: MS-MPPE-Recv-Key [17] 52
3w6d: RADIUS: 86 8B 3E 74 76 E7 CB 9A 8F EF F5 9C 16 2E 88 1A
[??>tv????????.??]
3w6d: RADIUS: 12 3B 80 A6 E9 9B B6 6F E6 63 C8 AA B0 DB 0E 76
[?;?????o?c?????v]
3w6d: RADIUS: 61 C1 6A 5D 62 BD 72 BE 78 C8 9D 4D A7 3F 54 35
[a?j]b?r?x??M??T5]
3w6d: RADIUS: 40 DC [@?]
3w6d: RADIUS: Vendor, Microsoft [26] 58
3w6d: RADIUS: MS-MPPE-Send-Key [16] 52
3w6d: RADIUS: 8A 61 97 87 78 FD CA 16 8D F0 ED 75 C0 70 93 AE
[?a??x??????u?p??]
3w6d: RADIUS: 71 EF 5A 21 53 35 A4 88 F9 84 16 83 10 43 6E 9E
[q?Z!S5???????Cn?]
3w6d: RADIUS: AB A7 8B 56 6C 42 0D AB 09 1D 82 D3 CB 7E 6C B8
[???VlB???????~l?]
3w6d: RADIUS: 56 58 [VX]
3w6d: RADIUS: EAP-Message [79] 6
3w6d: RADIUS: 03 06 00 04 [????]
3w6d: RADIUS: Message-Authenticato[80] 18
3w6d: RADIUS: 82 4B 64 0F 07 64 59 18 0F 27 07 95 A5 15 09 33
[?Kd??dY??'?????3]
3w6d: RADIUS: User-Name [1] 8 "wassim"
3w6d: RADIUS: EAP-login: length of eap packet = 4
3w6d: RADIUS: Tunnel-MType, [01] 00 00 06
3w6d: RADIUS: TAS(1) created and enqueued.
3w6d: RADIUS: Tunnel-Type, [01] 00 00 0D
3w6d: RADIUS: Tunnel-GID, [01] 100
3w6d: RADIUS: unrecognized Microsoft VSA type 17
3w6d: RADIUS: unrecognized Microsoft VSA type 16
3w6d: RADIUS: TAS(1) takes precedence over tagged attributes,
tunnel_type=vlan
3w6d: RADIUS: free TAS(1)
3w6d: RADIUS: no appropriate authorization type for user.
3w6d: RADIUS: Tunnel-MType, [01] 00 00 06
3w6d: RADIUS: TAS(1) created and enqueued.
3w6d: RADIUS: Tunnel-Type, [01] 00 00 0D
3w6d: RADIUS: unrecognized Microsoft VSA type 17
3w6d: RADIUS: unrecognized Microsoft VSA type 16
3w6d: RADIUS: TAS(1) takes precedence over tagged attributes,
tunnel_type=vlan
3w6d: RADIUS: free TAS(1)
3w6d: RADIUS: no appropriate authorization type for user.
3w6d: RADIUS: Tunnel-MType, [01] 00 00 06
3w6d: RADIUS: TAS(1) created and enqueued.
3w6d: RADIUS: Tunnel-Type, [01] 00 00 0D
3w6d: RADIUS: unrecognized Microsoft VSA type 17
3w6d: RADIUS: unrecognized Microsoft VSA type 16
3w6d: RADIUS: TAS(1) takes precedence over tagged attributes,
tunnel_type=vlan
3w6d: RADIUS: free TAS(1)
3w6d: RADIUS: no appropriate authorization type for user.
3w6d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/23,
changed state to up
- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120425/877531d9/attachment-0001.html>
More information about the Freeradius-Users
mailing list