Dynamic vlan assignment

Dario Palmisano Dario.Palmisano at icgeb.org
Fri Jul 19 16:20:51 CEST 2013 

You are right, I know!
On Friday 19 July 2013 15:52:43 A.L.M.Buxey at lboro.ac.uk wrote:
> Hi,
> 
> > I am configuring my freeradius to be integrated in the EDUROAM
> > federation. It works when the VLAN (as configured in the accesspoint) is
> > statically assigned.
> 
> there are hundreds of sites using this sort of configuration for eduroam -
>  so its perfectly possible and fine (and standard!) so you're going wrong
>  somewhere.
> 
> so, thats the piece of mind part.  where has it gone wrong?   well,
> firstly, is there DHCP etc on the VLAN this client is being dropped onto?
> have you tested the network? what happens if the AP only handles that VLAN?
> 
The specific configuration works fine I remove the following line from users 
file:
	Tunnel-Type := VLAN, Tunnel-Medium-Type := IEEE-802, Tunnel-Private-
Group-ID := 218

In this case the user is placed in the vlan 220 (the statically configured in 
the accesspoint).

> is this a 'fat/autonomous' AP? if so, then only latest firmware can handle
>  multiple VLANS per 802.1X SSID with multiple BSSIDs present.

This could be the problem, I found something in the Cisco documentation but 
was unsure the problem could be this. The accesspoint is running

Cisco IOS Software, C1130 Software (C1130-K9W7-M), Version 12.4(10b)JDA3, 
RELEASE SOFTWARE (fc1)

I will try to verify what you say on the cisco site. My accesspoints are End 
Of Life, I do not know if any new IOS version has been developed to eventually 
correct the problem you say.

>  are you
>  returning ALL the VLAN attributes needed to assign VLAN on the AP?  not
>  JUST the VLAN number..name.... ah yes, are you sending NAME or VLAN int he
>  VLAN tag?

number
> 
> are you sending the replys from the tunnel = check eap.conf settings!

eap.conf (in peap stanza) says:

copy_request_to_tunnel = yes
use_tunneled_reply = yes


> 
> debug output helps a lot so yes, send it.
> 
> alan
> -
> List info/subscribe/unsubscribe? See
>  http://www.freeradius.org/list/users.html
> 

Thanks for your directions (many)

Dario

More information about the Freeradius-Users mailing list