Assign VLAN from freeradius to Cisco 3550 switch.

Wassim Zaarour wassim.zaarour at navlink.com
Wed Apr 25 13:31:56 CEST 2012


Hi David,

Yes eap is enabled in both inner-tunnel and default configuration.







From:  David Peterson <davidp at wirelessconnections.net>
Organization:  Wireless Connections
Reply-To:  <davidp at wirelessconnections.net>, FreeRadius users mailing list
<freeradius-users at lists.freeradius.org>
Date:  Wednesday, April 25, 2012 1:50 PM
To:  FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Subject:  RE: Assign VLAN from freeradius to Cisco 3550 switch.

I am seeing EAP in the messages.  Have you enabled EAP in your inner-tunnel
or at all in your config?
 
Either way this seems pretty clear:
 
3w6d: RADIUS: no appropriate authorization type for user.

 
 
David
 

From: 
freeradius-users-bounces+davidp=wirelessconnections.net at lists.freeradius.org
[mailto:freeradius-users-bounces+davidp=wirelessconnections.net at lists.freera
dius.org] On Behalf Of Wassim Zaarour
Sent: Wednesday, April 25, 2012 1:56 AM
To: FreeRadius users mailing list
Subject: Assign VLAN from freeradius to Cisco 3550 switch.
 

Hi all,

 

I know this subject have been brought up but I'm kind of stuck and I hope I
can get a little help.

 

I am trying to assign vlans from freeradius to a cisco 3550 switch but its
not working.

I keep getting the following in the debug in the switch:

3w6d: RADIUS:  Tunnel-Medium-Type  [65]  6   01:Unsupported            [6]

3w6d: RADIUS:  Tunnel-Type         [64]  6   01:Unsupported            [13]

I read the mail archives and googled with no luck.

 

Users file configuration:

wassim            Cleartext-Password := "wassim"

        Tunnel-Medium-Type:1 = IEEE-802,

        Tunnel-Type:1 = VLAN,

        Tunnel-Private-Group-Id:1 = 100

 

Switch debug log:

3w6d: RADIUS(00000000): Send Access-Request to 192.168.1.57:1812 id
1645/122, len 460

3w6d: RADIUS:  authenticator 34 D8 18 38 24 86 99 F6 - 69 03 2C EB E2 8A F4
79

3w6d: RADIUS:  NAS-IP-Address      [4]   6   192.168.1.8

3w6d: RADIUS:  NAS-Port            [5]   6   50023

3w6d: RADIUS:  NAS-Port-Type       [61]  6   Eth                       [15]

3w6d: RADIUS:  User-Name           [1]   8   "wassim"

3w6d: RADIUS:  Called-Station-Id   [30]  19  "00-15-F9-F8-4E-97"

3w6d: RADIUS:  Calling-Station-Id  [31]  19  "00-1A-80-3F-F6-A1"

3w6d: RADIUS:  Service-Type        [6]   6   Framed                    [2]

3w6d: RADIUS:  Framed-MTU          [12]  6   1500

3w6d: RADIUS:  State               [24]  18

3w6d: RADIUS:   DB C1 1C E7 DF C4 09 5E 75 5E 5B 0F 23 3A 54 E7
[???????^u^[?#:T?]

3w6d: RADIUS:  EAP-Message         [79]  255

3w6d: RADIUS:   02 05 01 44 15 00 16 03 01 01 06 10 00 01 02 01
[???D????????????]

3w6d: RADIUS:   00 A5 F6 DC 7F B9 4A 99 44 84 66 ED D5 4D CA F5
[??????J?D?f??M??]

3w6d: RADIUS:   58 95 5F 5C CC FA E7 C3 B5 54 DB 01 C1 CA E1 62
[X?_\?????T?????b]

3w6d: RADIUS:   96 BF C1 E8 26 84 7C BF 56 7E 6A 9D 41 8C 0E 5C
[????&?|?V~j?A??\]

3w6d: RADIUS:   E3 46 DC BE 33 38 28 7A 35 50 7D 7A 32 F8 A0 55
[?F??38(z5P}z2??U]

3w6d: RADIUS:   62 63 9B D1 15 8B C8 DC 97 D0 A3 DC 27 19 00 A0
[bc??????????'???]

3w6d: RADIUS:   61 CB C8 EC FA 02 EF 39 D8 5B CF CC 45 45 BF 08
[a??????9?[??EE??]

3w6d: RADIUS:   C8 9E E5 87 70 DD 61 75 56 A5 B1 B6 B2 BA FC 3F
[????p?auV???????]

3w6d: RADIUS:   FD A7 AC 37 DE DC 16 43 85 E9 ED 39 59 21 E5 19
[???7???C???9Y!??]

3w6d: RADIUS:   97 58 6D BC 3E B6 2C B5 BE 58 56 89 94 0B 70 B5
[?Xm?>?,??XV???p?]

3w6d: RADIUS:   49 F8 49 36 D7 B0 A8 44 10 A8 6F 05 B9 94 19 AB
[I?I6???D??o?????]

3w6d: RADIUS:   0C 52 00 4F BE D0 0D 99 56 12 B7 76 DF 07 04 C9
[?R?O????V??v????]

3w6d: RADIUS:   85 54 8D 3D E4 53 0C AF 49 15 CC D6 AD 02 62 43
[?T?=?S??I?????bC]

3w6d: RADIUS:   41 39 B8 1A 2F F0 40 09 93 BE 87 FD D9 CD AB 74
[A9??/?@????????t]

3w6d: RADIUS:   F7 34 66 32 CC 87 4A 0B A7 3E 81 B1 F4 E4 EB 21
[?4f2??J??>?????!]

3w6d: RADIUS:   DF 6F CD FF 9B 8A E6 87 A0 3B 3E B6 64
[?o???????;>?d]

3w6d: RADIUS:  EAP-Message         [79]  73

3w6d: RADIUS:   E6 CB 54 03 10 69 D4 D2 7C D1 FA 89 72 F8 0C 53
[??T??i??|???r??S]

3w6d: RADIUS:   1B 78 32 E7 14 03 01 00 01 01 16 03 01 00 28 EA
[?x2???????????(?]

3w6d: RADIUS:   0B 2A A9 64 DE 57 6A 65 89 EA 19 63 4B 60 67 C8
[?*?d?Wje???cK`g?]

3w6d: RADIUS:   CF C9 FF A2 A7 26 33 A5 C0 D0 CB 3C 01 F2 C5 96
[?????&3????<????]

3w6d: RADIUS:   38 65 0C 1F 39 1C 6F                             [8e??9?o]

3w6d: RADIUS:  Message-Authenticato[80]  18

3w6d: RADIUS:   FD AE 24 12 A9 F3 A5 BA F3 6D 60 52 F8 E0 D3 53
[??$??????m`R???S]

3w6d: RADIUS: Received from id 1645/122 192.168.1.57:1812, Access-Challenge,
len 119

3w6d: RADIUS:  authenticator 57 E5 06 9F DD C4 E2 76 - E8 37 92 F1 C4 21 22
6B

3w6d: RADIUS:  EAP-Message         [79]  63

3w6d: RADIUS:   01 06 00 3D 15 80 00 00 00 33 14 03 01 00 01 01
[???=?????3??????]

3w6d: RADIUS:   16 03 01 00 28 87 23 7C B0 31 42 D1 B4 48 4A 89
[????(?#|?1B??HJ?]

3w6d: RADIUS:   AB F3 22 51 D2 40 36 C9 45 DD 35 11 31 3C EF 59
[??"Q?@6?E?5?1<?Y]

3w6d: RADIUS:   86 B0 D3 D4 26 E3 58 DC E3 0F 76 3E 4A
[????&?X???v>J]

3w6d: RADIUS:  Message-Authenticato[80]  18

3w6d: RADIUS:   49 9B 71 F9 9B 0C 53 BD D2 3D 20 79 8D F1 7F 9B  [I?q???S??=
y????]

3w6d: RADIUS:  State               [24]  18

3w6d: RADIUS:   DB C1 1C E7 DE C7 09 5E 75 5E 5B 0F 23 3A 54 E7
[???????^u^[?#:T?]

3w6d: RADIUS: EAP-login: length of eap packet = 61

3w6d:  RADIUS: EAP-login: got challenge from radius

3w6d: RADIUS: Pick NAS IP for u=0x178E4C0 tableid=0 cfg_addr=0.0.0.0

3w6d: RADIUS: ustruct sharecount=1

3w6d: Radius: radius_port_info() success=1 radius_nas_port=1

3w6d: RADIUS: EAP-login: length of radius packet = 201 code = 1

3w6d: RADIUS(00000000): Send Access-Request to 192.168.1.57:1812 id
1645/123, len 201

3w6d: RADIUS:  authenticator 99 15 53 A6 AB B7 0B 75 - 9F A7 5F 27 8F F1 2E
67

3w6d: RADIUS:  NAS-IP-Address      [4]   6   192.168.1.8

3w6d: RADIUS:  NAS-Port            [5]   6   50023

3w6d: RADIUS:  NAS-Port-Type       [61]  6   Eth                       [15]

3w6d: RADIUS:  User-Name           [1]   8   "wassim"

3w6d: RADIUS:  Called-Station-Id   [30]  19  "00-15-F9-F8-4E-97"

3w6d: RADIUS:  Calling-Station-Id  [31]  19  "00-1A-80-3F-F6-A1"

3w6d: RADIUS:  Service-Type        [6]   6   Framed                    [2]

3w6d: RADIUS:  Framed-MTU          [12]  6   1500

3w6d: RADIUS:  State               [24]  18

3w6d: RADIUS:   DB C1 1C E7 DE C7 09 5E 75 5E 5B 0F 23 3A 54 E7
[???????^u^[?#:T?]

3w6d: RADIUS:  EAP-Message         [79]  69

3w6d: RADIUS:   02 06 00 43 15 00 17 03 01 00 38 BF 71 FC FA 04
[???C??????8?q???]

3w6d: RADIUS:   BE DC FD CC 03 D2 7F 8B 09 63 2C B2 AE D8 AC 61
[?????????c,????a]

3w6d: RADIUS:   64 21 2B 00 ED 0E 6E E8 B0 49 50 6B 99 B8 88 A4
[d!+???n??IPk????]

3w6d: RADIUS:   36 C6 FD B9 F0 77 2D 82 28 0A 37 D1 D4 73 B4 59
[6????w-?(?7??s?Y]

3w6d: RADIUS:   F9 37 E6                                         [?7?]

3w6d: RADIUS:  Message-Authenticato[80]  18

3w6d: RADIUS:   A2 59 A3 DE A6 98 5F 78 25 12 59 BB 4D B8 74 F0
[?Y????_x??Y?M?t?]

3w6d: RADIUS: Received from id 1645/123 192.168.1.57:1812, Access-Accept,
len 186

3w6d: RADIUS:  authenticator C0 31 7F D7 A6 D4 1F C8 - 27 AA F0 99 EA 1F 92
C3

3w6d: RADIUS:  Tunnel-Medium-Type  [65]  6   01:Unsupported            [6]

3w6d: RADIUS:  Tunnel-Type         [64]  6   01:Unsupported            [13]

3w6d: RADIUS:  Tunnel-Private-Group[81]  6   01:"100"

3w6d: RADIUS:  Vendor, Microsoft   [26]  58

3w6d: RADIUS:   MS-MPPE-Recv-Key   [17]  52

3w6d: RADIUS:   86 8B 3E 74 76 E7 CB 9A 8F EF F5 9C 16 2E 88 1A
[??>tv????????.??]

3w6d: RADIUS:   12 3B 80 A6 E9 9B B6 6F E6 63 C8 AA B0 DB 0E 76
[?;?????o?c?????v]

3w6d: RADIUS:   61 C1 6A 5D 62 BD 72 BE 78 C8 9D 4D A7 3F 54 35
[a?j]b?r?x??M??T5]

3w6d: RADIUS:   40 DC                                            [@?]

3w6d: RADIUS:  Vendor, Microsoft   [26]  58

3w6d: RADIUS:   MS-MPPE-Send-Key   [16]  52

3w6d: RADIUS:   8A 61 97 87 78 FD CA 16 8D F0 ED 75 C0 70 93 AE
[?a??x??????u?p??]

3w6d: RADIUS:   71 EF 5A 21 53 35 A4 88 F9 84 16 83 10 43 6E 9E
[q?Z!S5???????Cn?]

3w6d: RADIUS:   AB A7 8B 56 6C 42 0D AB 09 1D 82 D3 CB 7E 6C B8
[???VlB???????~l?]

3w6d: RADIUS:   56 58                                            [VX]

3w6d: RADIUS:  EAP-Message         [79]  6

3w6d: RADIUS:   03 06 00 04                                      [????]

3w6d: RADIUS:  Message-Authenticato[80]  18

3w6d: RADIUS:   82 4B 64 0F 07 64 59 18 0F 27 07 95 A5 15 09 33
[?Kd??dY??'?????3]

3w6d: RADIUS:  User-Name           [1]   8   "wassim"

3w6d: RADIUS: EAP-login: length of eap packet = 4

3w6d: RADIUS: Tunnel-MType, [01] 00 00 06

3w6d: RADIUS: TAS(1) created and enqueued.

3w6d: RADIUS: Tunnel-Type, [01] 00 00 0D

3w6d: RADIUS: Tunnel-GID, [01] 100

3w6d: RADIUS: unrecognized Microsoft VSA type 17

3w6d: RADIUS: unrecognized Microsoft VSA type 16

3w6d: RADIUS: TAS(1) takes precedence over tagged attributes,
tunnel_type=vlan

3w6d: RADIUS: free TAS(1)

3w6d: RADIUS: no appropriate authorization type for user.

3w6d: RADIUS: Tunnel-MType, [01] 00 00 06

3w6d: RADIUS: TAS(1) created and enqueued.

3w6d: RADIUS: Tunnel-Type, [01] 00 00 0D

3w6d: RADIUS: unrecognized Microsoft VSA type 17

3w6d: RADIUS: unrecognized Microsoft VSA type 16

3w6d: RADIUS: TAS(1) takes precedence over tagged attributes,
tunnel_type=vlan

3w6d: RADIUS: free TAS(1)

3w6d: RADIUS: no appropriate authorization type for user.

3w6d: RADIUS: Tunnel-MType, [01] 00 00 06

3w6d: RADIUS: TAS(1) created and enqueued.

3w6d: RADIUS: Tunnel-Type, [01] 00 00 0D

3w6d: RADIUS: unrecognized Microsoft VSA type 17

3w6d: RADIUS: unrecognized Microsoft VSA type 16

3w6d: RADIUS: TAS(1) takes precedence over tagged attributes,
tunnel_type=vlan

3w6d: RADIUS: free TAS(1)

3w6d: RADIUS: no appropriate authorization type for user.

3w6d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/23,
changed state to up

 

 

 
 
 
 
 
 
 
 
 
 
 
 
 
- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120425/877531d9/attachment-0001.html>


More information about the Freeradius-Users mailing list