returning a HEX String as a HEX String (bit string) instead of the decimal equivalent - FreeRADIUS 2.1.10

Andy andy at brandwatch.com
Tue Aug 6 12:17:53 CEST 2013


It still doesn't work :(

Sorry but I have been working on RFC 4675 for a long time before I 
emailed this list, which is why I was a bit short in my first reply 
(sorry) and jumped the gun before reading all of your email. I /really/ 
have trawled every page I can find..

I have changed OpenLDAP to 0x3100000C (thanks for pointing that silly 
mistake out), and I get a reply from FreeRADIUS with;

Sending Access-Accept of id 48 to 10.0.0.242 port 1812
     Framed-Protocol = PPP
     Framed-Compression = Van-Jacobson-TCP-IP
     Egress-VLAN-Name = "VLAN12"
     Egress-VLANID = 822083596
     HP-Cos = "3"
Finished request 1.

And on the switch I have defined the VLAN;
vlan 12
    name "VLAN12"
    ip address 10.2.46.242 255.255.255.0
    ip helper-address 10.0.0.1
    ip igmp
    exit

But I still get the error on the switch;
0049:03:54:30.02 MAC  mWebAuth:Port: 29 MAC: 080027-e4b2cd new client 
detected on vid: 1.
0049:03:54:30.02 MAC  mWebAuth:Port: 29 MAC: 080027-e4b2cd RADIUS CHAP 
authentication started, session: 2991.
0049:03:54:30.04 MAC  mWebAuth:Port: 29 MAC: 080027-e4b2cd vid attribute 
error during RADIUS processing.
0049:03:54:30.04 MAC  mWebAuth:Port: 29 MAC: 080027-e4b2cd client 
rejected, session: 2991, invalid attributes.
0049:03:54:30.04 MAC  mWebAuth:Port: 29 MAC: 080027-e4b2cd client 
authentication failed, login retry count: 1 >= max-retires: 0, no 
unauth-vid configured, entering quiet-period: 30 seconds.
W 08/06/13 10:06:28 02400 dca: macAuth client, RADIUS-assigned VID 
validation error. MAC 080027E4B2CD port 29 VLAN-Id 0 or unknown.


I can get RFC 3580 to work fine with the following;
Sending Access-Accept of id 50 to 10.0.0.242 port 1812
     Framed-Protocol = PPP
     Framed-Compression = Van-Jacobson-TCP-IP
     HP-Cos = "3"
     Tunnel-Private-Group-Id:0 = "11"
     Tunnel-Medium-Type:0 = IEEE-802
     Tunnel-Type:0 = VLAN
Finished request 3.


But I really need to get Tagged VLAN working!

If no one has any ideas I'll try and raise a support call with HP.. Wish 
me luck I may never return and be lost in their 'support system' 
forever...! ;)



On 05/08/13 23:59, Arran Cudbard-Bell wrote:
>
> On 5 Aug 2013, at 23:39, Andy <andy at brandwatch.com 
> <mailto:andy at brandwatch.com>> wrote:
>
>> Hello,
>>
>> This is my first post here so please excuse any missed etiquette.
>>
>> I have read through the wiki's and googled a lot and not found anything.
>
> http://wiki.freeradius.org/vendor/HP#RFC-4675-(multiple-tagged/untagged-VLAN)-Assignment 
> <http://wiki.freeradius.org/vendor/HP#RFC-4675-%28multiple-tagged/untagged-VLAN%29-Assignment>
>
> *sigh*
>
>> I have been trying configure our switch ports (HP 2910al) with Tagged 
>> VLANs via Egress-VLANID and Egress-VLAN-Name.
>>
>> The Radius backend is OpenLDAP, and I have tried setting the data 
>> type in OpenLDAP to binary, UTF-8 and IA5, but no matter what I do, 
>> the value returned by RADIUS is the decimal equivalent of the HEX bit 
>> string I enter :(
>>
>> For example I'm trying to store and send 0x31000012 to indicate a 
>> tagged VLAN (0x31) on VLAN 12. But looking at freeradius -X output I 
>> can see it sending the decimal number, when the switch wants the bit 
>> string as it was stored, and hence throws an error!
>
> No. The HP switch does not care that FreeRADIUS displayed (but later 
> encoded correctly) your hex string as an integer.
>
> It does care that you don't seem to understand how to convert decimal 
> numbers to hex and are actually specifying VLAN 18 tagged, which 
> probably doesn't exist if you're getting errors.
>
> You want 0x3100000C for VLAN 12 tagged.
>
> -Arran
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130806/6db12586/attachment.html>


More information about the Freeradius-Users mailing list