802.1x dynamic vlan assignment not assigning VLAN

Martijn Craeghs martijncr at msn.com
Tue May 12 14:12:04 CEST 2015

Thanks for the quick reply.

I figured i missed something in the freeradius configuration to enforce
these attributes somehow. Don't have a very big knowledge of freeradius.

So thanks for the confirmation that i should be looking at the switch
rather than the freeradius (which I have been doing mostly).

Kind regards

Martijn Craeghs

On 12 May 2015 at 13:46, Alan DeKok <aland at deployingradius.com> wrote:

> On May 12, 2015, at 7:11 AM, Martijn Craeghs <martijncr at msn.com> wrote:
> > As far as authentication goes it works. My user get's authenticated and
> > recieves an Access-Accept message in this form.
>   That's good.  All of the correct VLAN attributes are there.
> > Sending Access-Accept of id 12 to xxx.xxx.xxx.xxx port 6103
> > Tunnel-Private-Group-Id:0 = "vlan_name"
>   This should be the string representing the VLAN number... i.e. "50".
> > I've added the tunnel attributes to my LDAP directory and like the
> previous
> > freeradius debug message show it's stored in the radius package.
>   Then you've configured FreeRADIUS correctly.
> > I've ran out of options and forums to look through at this point.
> >
> > Would be glad if someone could give me a push in the right direction. Not
> > even sure if i should look for the problem on the freeradius side or the
> > switch side.
>   It's probably the switch.  Use the VLAN number, not name, in the
> FreeRADIUS configuration.  That will probably make the switch assign the
> correct VLAN.
>   As always, when the packet from FreeRADIUS is correct and it still
> doesn't work... blame the NAS / AP / switch.
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list