FR3.0.11 with ldap + 802.1x + dynamic Vlan assignment.

Alan DeKok aland at deployingradius.com
Wed Mar 9 22:49:18 CET 2016


On Mar 9, 2016, at 4:44 PM, Vlad Kratsberg <vkratsberg at gmail.com> wrote:
> Setting use_tunneled_reply = yes solved the issue.
> 
> Interesting to note, that I didn't change this option in radius version
> 2.1.12 and access-accept still returned vlan and filter-id values.

  2.1.12 is extremely old.  3.0 behaves differently for very good reasons, which are documented in the config files.

> On the other note, can you tell which attribute i could match in
> access-request message in order to differentiate between 802.1x request and
> lets say ssh login to network device ?

  Typically, 802.1X will have EAP-Message and admin logins won't... but that's not always the case.  As with anything RADIUS, read the debug output.  Look at the packets, and see what the differences are.

  Alan DeKok.






More information about the Freeradius-Users mailing list