RE: Reading VLAN from FreeRadius and sending it to Cisco AP

[Alejandro Martínez Marcos]

Hi again,

 

    here is more information about my problem, this is what I get in the AP logs:

 

*Mar  3 21:42:07.767: RADIUS: Received from id 21646/105 IP:PORT, Access-Challenge, len 78
*Mar  3 21:42:07.767: RADIUS:  authenticator (HEX STRING) - (HEX STRING)
*Mar  3 21:42:07.767: RADIUS:  Vendor, Cisco       [26]  14 
*Mar  3 21:42:07.767: RADIUS:   Cisco AVpair       [1]   8   "SSID_1"
*Mar  3 21:42:07.767: RADIUS:  EAP-Message         [79]  8  
*Mar  3 21:42:07.768: RADIUS:   (HEX STRING)                                [????? ]
*Mar  3 21:42:07.768: RADIUS:  Message-Authenticato[80]  18  *
*Mar  3 21:42:07.768: RADIUS:  State               [24]  18 
*Mar  3 21:42:07.769: RADIUS:  (HEX STRING)  [???V??? B?q?-]?m]
*Mar  3 21:42:07.769: RADIUS(00000152): Received from id 21646/105
*Mar  3 21:42:07.769: RADIUS/DECODE: parse VSA parts error
*Mar  3 21:42:07.769: RADIUS/DECODE: convert VSA string; FAIL
*Mar  3 21:42:07.769: RADIUS/DECODE: cisco VSA type 1; FAIL
*Mar  3 21:42:07.769: RADIUS/DECODE: VSA; FAIL
*Mar  3 21:42:07.769: RADIUS/DECODE: decoder; FAIL
*Mar  3 21:42:07.769: RADIUS/DECODE: attribute Vendor-Specific; FAIL
*Mar  3 21:42:07.769: RADIUS/DECODE: parse response op decode; FAIL
*Mar  3 21:42:07.769: RADIUS/DECODE: parse response; FAIL
*Mar  3 21:42:07.770 UTC: %DOT11-7-AUTH_FAILED: Station (MAC) Authentication failed
*Mar  3 21:42:41.126 UTC: %DOT11-7-AUTH_FAILED: Station (MAC) Authentication failed

 

    So, the problem is that the AP does not understand the attribute... Anybody knows the right way to specify the VLAN or the SSID?

 

Best Regards,

 

Alejandro

 

-----Mensaje original-----
De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]En nombre de Alejandro Martínez Marcos
Enviado el: jueves, 27 de enero de 2005 12:29
Para: Freeradius-Users
Asunto: Reading VLAN from FreeRadius and sending it to Cisco AP

Hello,

 

    I am trying to configure My Cisco 1100 AP to use different SSID's and VLAN's. There is a default SSID and the definite one must be given from freeradius as a result of the authentication process.

 

    As authentication is done with LDAP, I have modified ldap.attrmap to read the value, and I can see that, after the "Access Request", FreeRadius returns Cisco-AVPair="SSID_1":

 

Sending Access-Challenge of id 103 to (MY IP):(XXXXX)

        Cisco-AVPair = "SSID_1"
        EAP-Message = 0x010300060d20
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xe9b4f1c300311251a7961f6ab94ad7fd
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...

    However, after this I can see in the AP "Authentication Failure", and nothing else happens in the server.

 

    I have read about VLANs tunneling or sth like that, but I don't uderstand it very well and I am afraid I need some more specific help. I hope somebody in this list can give me hand with this.

 

Thanks in advance,

 

Alejandro Martínez   

 

   

 

   

______________________
Este mensaje, y en su caso, cualquier fichero anexo al mismo,
puede contener informacion clasificada por su emisor como
confidencial en el marco de su Sistema de Gestion de Seguridad
de la Informacion siendo para uso exclusivo del destinatario,
quedando prohibida su divulgacion copia o distribucion a terceros
sin la autorizacion expresa del remitente. Si Vd. ha recibido este
mensaje erroneamente, se ruega lo notifique al remitente y proceda
a su borrado. Gracias por su colaboracion.
______________________

This e-mail message and any attached files are confidential
and are intended solely for the use of the addressee(s) named
above. If you are not the intended recipient or person responsible
for delivering this confidential communication to the intended
recipient, you have received this communication in error, and any
review, use, dissemination, forwarding, printing, copying, or other
distribution of this e-mail message and any attached files is strictly
prohibited. If you have received this confidential communication in error,
please notify the sender immediately by reply e-mail message and
permanently delete the original message.
______________________

______________________
Este mensaje, y en su caso, cualquier fichero anexo al mismo,
puede contener informacion clasificada por su emisor como
confidencial en el marco de su Sistema de Gestion de Seguridad
de la Informacion siendo para uso exclusivo del destinatario,
quedando prohibida su divulgacion copia o distribucion a terceros
sin la autorizacion expresa del remitente. Si Vd. ha recibido este
mensaje erroneamente, se ruega lo notifique al remitente y proceda
a su borrado. Gracias por su colaboracion.
______________________

This e-mail message and any attached files are confidential
and are intended solely for the use of the addressee(s) named
above. If you are not the intended recipient or person responsible
for delivering this confidential communication to the intended
recipient, you have received this communication in error, and any
review, use, dissemination, forwarding, printing, copying, or other
distribution of this e-mail message and any attached files is strictly
prohibited. If you have received this confidential communication in error,
please notify the sender immediately by reply e-mail message and
permanently delete the original message.
______________________