hello,
I try to configure freeradius with Mac-Authentication.
but when my client connects it is authorized accerder has a vlan, which is
not permitted for him.
here are my logs: freeradius -X
Sending Access-Accept of id 21 to 157.159.21.222 port 1645
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "33"
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 21 with timestamp +38
file user :
001f3c55793b Auth-Type := Local, Cleartext-Password := "001f3c55793b"
Tunnel-type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-ID = 33
configuration of the AP:
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname wifi-b008
!
enable secret 5 $1$Ah/g$eseM58JsjbqFW7u.uU69t/
!
ip subnet-zero
ip domain name int-evry.fr
ip name-server 157.159.10.13
!
!
aaa new-model
!
!
aaa group server radius rad_admin
server 157.159.21.220 auth-port 1812 acct-port 1813
cache expiry 1
cache authorization profile admin_cache
cache authentication profile admin_cache
!
aaa group server tacacs+ tac_admin
cache expiry 1
cache authorization profile admin_cache
cache authentication profile admin_cache
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa group server radius rad_srv
server 157.159.21.220 auth-port 1812 acct-port 1813
!
aaa authentication login mac_methods group rad_srv
aaa authorization network default group rad_srv
aaa cache profile admin_cache
all
!
aaa session-id common
dot11 vlan-name b008Admin vlan 21
dot11 vlan-name etudiants vlan 15
dot11 vlan-name permanents vlan 33
dot11 vlan-name thesards vlan 16
!
dot11 ssid b008Admin
vlan 21
authentication open
authentication key-management wpa
guest-mode
mbssid guest-mode
wpa-psk ascii 7 1248011E01021E0B253F752C3A262B01081917
!
!
dot11 ssid etudiants
vlan 15
authentication open mac-address mac_methods
mbssid guest-mode
!
dot11 ssid permanents
vlan 33
authentication open mac-address mac_methods
mbssid guest-mode
!
dot11 ssid thesards
vlan 16
authentication open mac-address mac_methods
mbssid guest-mode
!
dot11 aaa authentication mac-authen filter-cache
dot11 aaa csid unformatted
dot11 network-map
!
! username Cisco password 7 0802455D0A16
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 16 mode ciphers tkip
!
encryption vlan 21 mode ciphers tkip
!
encryption mode wep mandatory
!
!
encryption vlan 15 key 2 size 128bit 7 704856427E9D21265549561E467E
transmit-ky
encryption vlan 15 mode wep optional
!
broadcast-key vlan 33 change 60
!
!
ssid b008Admin
!
ssid etudiants
!
ssid permanents
!
ssid thesards
!
mbssid
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0
48.0
station-role root
infrastructure-client
!
interface Dot11Radio0.15
encapsulation dot1Q 15
no ip route-cache
bridge-group 2
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
bridge-group 2 spanning-disabled
!
interface Dot11Radio0.16
encapsulation dot1Q 16
no ip route-cache
bridge-group 3
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
bridge-group 3 spanning-disabled
!
interface Dot11Radio0.21
encapsulation dot1Q 21 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.33
encapsulation dot1Q 33
no ip route-cache
bridge-group 4
bridge-group 4 subscriber-loop-control
bridge-group 4 block-unknown-source
no bridge-group 4 source-learning
no bridge-group 4 unicast-flooding
bridge-group 4 spanning-disabled
!
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0.15
encapsulation dot1Q 15
no ip route-cache
bridge-group 2
no bridge-group 2 source-learning
bridge-group 2 spanning-disabled
!
interface FastEthernet0.16
encapsulation dot1Q 16
no ip route-cache
bridge-group 3
no bridge-group 3 source-learning
bridge-group 3 spanning-disabled
!
interface FastEthernet0.21
encapsulation dot1Q 21 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface FastEthernet0.33
encapsulation dot1Q 33
no ip route-cache
bridge-group 4
no bridge-group 4 source-learning
bridge-group 4 spanning-disabled
!
interface BVI1
ip address dhcp client-id FastEthernet0
no ip route-cache
!
ip http server
no ip http secure-server
ip http help-path
http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface FastEthernet0
!
radius-server attribute list 802
!
radius-server attribute list 81
!
radius-server host 157.159.21.220 auth-port 1812 acct-port 1813 key 7
071C244F5D
radius-server vsa send authentication 3gpp2
!
control-plane
!
bridge 1 route ip
!
!
wlccp wds aaa authentication mac-authen filter-cache
wlccp wds aaa csid unformatted
!
wlccp wds aaa csid unformatted
!
line con 0
transport preferred all
transport output all
line vty 0 4
transport preferred all
transport input all
transport output all
line vty 5 15
transport preferred all
transport input all
transport output all
!
end
how can I do?
--
View this message in context: http://freeradius.1045715.n5.nabble.com/Cisco-AP-Radius-tp5713577.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.