AP1230 + VLAN assignment COMPLETE

Wed, 29 Sep 2004 10:04:21 -0700 

hello,

SORRY, THE FIRST MAIL WAS UNCOMPLETE.

I'm trying to assign wireless users connecting to Cisco Aironet 1230 to VLAN
thanks to Freeradius.

Here's the situation :

- Cisco Aironet 1200 with 12.2(15)JA IOS with 3 VLAN :
...
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption vlan 1 mode wep mandatory
 !
 encryption vlan 10 mode wep mandatory
 !
 encryption vlan 30 mode wep mandatory
 !
 ssid DEFAULT_VLAN
    vlan 1
    authentication open eap eap_methods
    authentication network-eap eap_methods
    guest-mode
 !
 ssid VLAN10
    vlan 10
    authentication open eap eap_methods
    authentication network-eap eap_methods
 !
 ssid VLAN30
    vlan 30
    authentication open eap eap_methods
    authentication network-eap eap_methods
 !
...


- Freeradius 1.0.1 on Fedora Core 2
users file configuration :
...


jmguillemot     User-Password == "password"
                Tunnel-Type = VLAN,
                Tunnel-Medium-Type = IEEE-802,
                Tunnel-Private-Group-ID = "10"

...


- Windows XP SP2 client with Aironet 350 PCMCIA card. Windows PEAP 802.1x
supplicant

The PEAP authentication works fine but the client always stays in the
DEFAULT_VLAN vlan.
Here's the radiusd -X output :
...
 rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: Received EAP-TLV response.
  rlm_eap_peap: Tunneled data is valid.
  rlm_eap_peap: Success
  rlm_eap: Freeing handler
  modcall[authenticate]: module "eap" returns ok for request 18
modcall: group authenticate returns ok for request 18
Sending Access-Accept of id 101 to 192.168.50.6:21646
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "10"
        MS-MPPE-Recv-Key =
0xa17b7a952f7c3f323869e4804d71b061391c73c53c097422419ef3ce3a52fbe0
        MS-MPPE-Send-Key =
0x8dcf3ad166d7eea121d40d59ee0c3bf71b5a4618c8eac8f6ee752c6b10103f36
        EAP-Message = 0x030a0004
        Message-Authenticator = 0x00000000000000000000000000000000
        User-Name = "jmguillemot"
Finished request 18
Going to the next request
Waking up in 5 seconds...
...

It seems that Freeradius does its job but the AP doesn't want to assign the
user to the right the VLAN.

I know many of you made it work, could you please send me any tip ?
thanks,

Jean-Marie






- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to