MAC authentication succeeds, port stays unauthorized (allied telesis)

Stijn D'haese maillist at stijn-dhaese.be
Tue Jun 11 08:51:50 CEST 2013


On Fri, 07 Jun 2013 17:40:04 +0200, David Mitton <david at mitton.com> wrote:

> Best to check the error log on the NAS.

When the link goes up the following debug message appear on the NAS:
2013 Jun 10 15:22:56 system.information awplus pcfg: Egress
Broadcast(1):Milticast(1):Unicast(1) port1.0.5
2013 Jun 10 15:22:56 system.information awplus mac: MAC
Addr[90:b1:1c:65:eb:d4] Vlan[2] not found [2]
2013 Jun 10 15:22:21 system.information awplus pcfg: Egress
Broadcast(1):Milticast(1):Unicast(1) port1.0.5
2013 Jun 10 15:22:21 system.information awplus pcfg: Egress
Broadcast(0):Milticast(0):Unicast(1) port1.0.5
2013 Jun 10 15:22:21 system.emergency awplus psec: Set security mode
failed for port[5] mode[4] [100794371]
2013 Jun 10 15:22:21 system.information awplus pcfg: Link UP on port 1.0.5

I find it strange that it can't find VLAN2 as it is defined on the switch

When the link goes down the following appears on the NAS:
2013 Jun 10 15:25:44 admin.information awplus mac: Delete Dynamic MAC by
port 1.0.5 succeeded
2013 Jun 10 15:25:44 admin.information awplus mac: Delete Dynamic MAC by
port 1.0.5 succeeded
2013 Jun 10 15:25:44 admin.information awplus pcfg: Link DOWN on port 1.0.5

Regards




Stijn

>
> Dave.
>
>
> Quoting Stijn D'haese <maillist at stijn-dhaese.be>:
>
>> Hi,
>>
>> I'm trying to do MAC based authentication on our switches, but for some
>> strange reason the port doesn't want to authenticate, even though the
>> radius server sends an Access-Accept package to the port. I did a
>> capture on the port and the Access-Accept package is received by the
>> port, but it port status stays unauthorized.
>>
>> I'm running FreeRADIUS Version 2.2.0 and the switch is an Allied
>> Telesis AT-9000/28
>>
>> Any ideas where I need to start looking?
>>
>> Regards
>>
>>
>>
>>
>> Stijn
>> -
>> List info/subscribe/unsubscribe? See   
>> http://www.freeradius.org/list/users.html
>
> -
> List info/subscribe/unsubscribe? See  
> http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list