cisco phones

Vacheslav m_zouhairy at skno.by
Fri Feb 2 13:49:55 CET 2018



-----Original Message-----
From: Freeradius-Users [mailto:freeradius-users-bounces+m_zouhairy=skno.by at lists.freeradius.org] On Behalf Of Alan DeKok
Sent: Friday, February 2, 2018 3:27 PM
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Subject: Re: cisco phones

On Feb 2, 2018, at 3:16 AM, Vacheslav <m_zouhairy at skno.by> wrote:
> I deleted the attributes one at a time and test and it turns out the Tunnel-Type:=VLAN was that menace. I first added it again, this time as check attribute, without using the auto saved entry in the browser, and the login was ok. 

>  That's weird.  Tunnel-Type is a standard attribute.

When the reason is known it would be the norm.

> You got happy ahead of time. Without the attribute it authenticated on  the data vlan. With the attribute, the switch reported the phone as dropped. Then I added the mentioned attribute as a reply keeping it as check also, and again the login was ok but the switch dropped the packets. Then I deleted the mentioned attribute from checking and no change. I final tried putting it 1:VLAN and 23:VLAN but that just makes freeradius spout:

>  "1" is the tag number.  It's used for grouping multiple attributes.  It is *not* a VLAN number.

>  If you want to use tags, you should use the same tag for all tagged attributes...

>	Tunnel-Type:1 = VLAN
>	Tunnel-Foo:1 = value
	...

What I want is to make it work so I tried replacing the reply attributes with
Tunnel-Type:1 := VLAN
Tunnel-Medium-Type:1 := 802
Tunnel-Private-Group-Id:1 := VOICE-LAN

But the phone gets authenticated on the data vlan (24).

Then I replaced the last one with :

Tunnel-Private-Group-Id:1 := 23 as a reply attribute
And it didn't change anything as a result.

>  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html





More information about the Freeradius-Users mailing list