Using "Tunnel-Private-Group-Id" in linelog

Alan DeKok aland at
Thu Oct 24 00:05:15 CEST 2019

On Oct 23, 2019, at 11:02 AM, Burger, Wolfgang <wburger at> wrote:
> It comes from the users file. I have a list of all the devices and their vlan-id in there in the format:
> 0cc47a96a6af Cleartext-Password := "0cc47a96a6af"
>        Tunnel-Type = VLAN,
>        Tunnel-Medium-Type = IEEE-802,
>        Tunnel-Private-Group-Id = "\\0001"

  Yeah, you don't need the "\000"

>> Why not just set Tunnel-Private-Group-Id = "1"
> Honestly, I donĀ“t remember. Been using the format of \\000X since forever and I was under the impression the switches need it to be that way. But I just tested it without the leading binary and it still works for the switch. And your nose works too, because without the zeros, the linelog config is working fine:

  Exactly. :)

> vlanlog] expand: %S: %{reply:Packet-Type} AAA-VLAN-Request for %{User-Name} on %{NAS-Identifier} (%{NAS-IP-Address}) at Port %{NAS-Port-Id}. Put to VLAN %{reply:Tunnel-Private-Group-Id} -> 2019-10-23 16:58:25: Access-Accept AAA-VLAN-Request for 0023dfa2cb9e on switch54 ( at Port 39. Put to VLAN 1
> So thank you very much.

  You're welcome.

> My next steps:
> - Upgrade to 2.2.10
> - Test wether all used switches are happy with the easier format of Tunnel-Private-Group-Id

  They will be.  If they don't like it, complain to the vendor that they're not following RFC 2868

  Alan DeKok.

More information about the Freeradius-Users mailing list