Tunnel-Private-Group-ID undefined tag.

Fabrice Durand fdurand at inverse.ca
Mon Jan 21 22:05:16 CET 2019 

Hello all,

i am trying to debug an issue with FreerRADIUS and a cisco switch where 
the attribute Tunnel-Private-Group-ID (81) is understood by the cisco 
switch as the attribute Ascend-Auth-Type.

Jan 18 07:37:00: RADIUS:  Tunnel-Type         [64]  6 
00:VLAN                   [13]
Jan 18 07:37:00: RADIUS: Ascend-Auth-Type [81]  8   1868981865
Jan 18 07:37:00: RADIUS:  Tunnel-Medium-Type  [65]  6 
00:ALL_802                [6]
Jan 18 07:37:00: RADIUS(00000000): Received from id 1645/16
Jan 18 07:37:00: RADIUS: unsupported value 1868981865 in attribute 81
Jan 18 07:37:00: RADIUS/DECODE: Ascend auth type; FAIL
Jan 18 07:37:00: RADIUS/DECODE: decoder; FAIL
Jan 18 07:37:00: RADIUS/DECODE: attribute Ascend-Auth-Type; FAIL

The issue is related to a configuration parameter (non-standard) defined 
in the radius configuration section (switch side).

So if i remove this configuration parameter it works.

By searching for the issue i noticed that the attribute attribute 
Tunnel-Private-Group-ID  is untag in the network capture:

Even if the tag is set:

b827ebe30c72    Cleartext-Password := "b827ebe30c72"

         Tunnel-Type:0 = VLAN,
         Tunnel-Medium-Type:0 = IEEE-802,
         Tunnel-Private-Group-Id:0 = 195



Debug

Mon Jan 21 13:37:15 2019 : Debug: (0) Sent Access-Accept Id 26 from 
192.168.168.33:1812 to 172.16.60.10:1645 length 0
Mon Jan 21 13:37:15 2019 : Debug: (0)   Tunnel-Type:0 = VLAN
Mon Jan 21 13:37:15 2019 : Debug: (0)   Tunnel-Medium-Type:0 = IEEE-802
Mon Jan 21 13:37:15 2019 : Debug: (0)   Tunnel-Private-Group-Id:0 = "195"
Mon Jan 21 13:37:15 2019 : Debug: (0) Finished request
Mon Jan 21 13:37:15 2019 : Debug: Waking up in 4.9 seconds.


I also check the rfc (https://tools.ietf.org/html/rfc2868) and the tag 
is suppose to be here.

Is it a bug in FreeRADIUS or is it something normal ?

Thanks

Regards

Fabrice



-- 
Fabrice Durand
fdurand at inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org)

More information about the Freeradius-Users mailing list