AW: Using "Tunnel-Private-Group-Id" in linelog

Burger, Wolfgang wburger at
Wed Oct 23 17:02:47 CEST 2019

>> Tunnel-Private-Group-Id:0 = "\0001"

> What's that?  There's no need to add a binary 0x00 in front of the attribute.

> Where is the attribute coming from?

It comes from the users file. I have a list of all the devices and their vlan-id in there in the format:

0cc47a96a6af Cleartext-Password := "0cc47a96a6af"

        Tunnel-Type = VLAN,

        Tunnel-Medium-Type = IEEE-802,

        Tunnel-Private-Group-Id = "\\0001"

> Why not just set Tunnel-Private-Group-Id = "1"

Honestly, I donĀ“t remember. Been using the format of \\000X since forever and I was under the impression the switches need it to be that way. But I just tested it without the leading binary and it still works for the switch. And your nose works too, because without the zeros, the linelog config is working fine:

vlanlog] expand: %S: %{reply:Packet-Type} AAA-VLAN-Request for %{User-Name} on %{NAS-Identifier} (%{NAS-IP-Address}) at Port %{NAS-Port-Id}. Put to VLAN %{reply:Tunnel-Private-Group-Id} -> 2019-10-23 16:58:25: Access-Accept AAA-VLAN-Request for 0023dfa2cb9e on switch54 ( at Port 39. Put to VLAN 1

So thank you very much.
My next steps:
- Upgrade to 2.2.10
- Test wether all used switches are happy with the easier format of Tunnel-Private-Group-Id

More information about the Freeradius-Users mailing list