You are missing:
aaa authentication network default group radius
The attributes you posted earlier are correct. You can also specify the VLAN name instead of the number which may help you if the VLAN ids are different on different networks.
-- DaveD
On Mar 10, 2005, at 7:51 AM, Horschtel wrote:
I try but it doesn't work. I try another radius server and it failed also. I the properties of the Attribute 81 I see should be a string. So I think I did a mistake on the switch configuration. I post the configuration here :
Current configuration : 3985 bytes ! version 12.1 no service pad service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname rum34 ! aaa new-model aaa authentication login default line enable aaa authentication dot1x default group radius enable secret 5 xxxx. enable password 7 xxxx ! ip subnet-zero ip domain-name mms-dresden.de ! ! spanning-tree extend system-id no spanning-tree vlan 65 … no spanning-tree vlan 255 ! ! interface FastEthernet0/1 switchport mode trunk no ip address ! interface FastEthernet0/2 switchport access vlan dynamic switchport mode access no ip address spanning-tree portfast ! interface FastEthernet0/3 switchport mode access no ip address ! interface FastEthernet0/4 no ip address ! interface FastEthernet0/5 no ip address shutdown ! interface FastEthernet0/6 no ip address ! interface FastEthernet0/7 no ip address ! interface FastEthernet0/8 no ip address ! interface FastEthernet0/9 switchport mode access no ip address dot1x port-control auto ! interface FastEthernet0/10 no ip address ! interface FastEthernet0/11 no ip address ! interface FastEthernet0/12 no ip address ! interface GigabitEthernet0/1 no ip address ! interface GigabitEthernet0/2 no ip address ! interface Vlan1 ip address xxx.xxx.xxx.209 255.255.255.0 no ip route-cache ! ip default-gateway xxx.xxx.xxx.1 ip http server ! snmp-server engineID local 800000090300000BBE855001 snmp-server group grp_snmp v3 auth snmp-server community xxx RO snmp-server enable traps snmp linkdown linkup snmp-server host xxx.xxx.xxx.101 version 2c pub radius-server host xxx.xxx.xxx.2 auth-port 1812 acct-port 1813 key xxx radius-server retransmit 3 ! line con 0 ip netmask-format decimal line vty 0 4 password 7 xxxxx line vty 5 15 password 7xxxxxx ! ntp clock-period 17179903 ntp server xxx.xxx.xxx.196 end
---------- Original Message ---------------------------------- From: David ROUMANET <[EMAIL PROTECTED]> Reply-To: freeradius-users@lists.freeradius.org Date: Thu, 10 Mar 2005 10:27:28 +0100
Try this : Tunnel-Type := VLAN, Tunnel-Medium-Type := IEEE-802, Tunnel-Private-Group-Id := 13,
It works on my FreeRADIUS
Horschtel a écrit :
Hi my situation is freeradius give the switch wrong attribute parameters.
The “users” config file says:
… Username Auth-Type == EAP, User-Password == “xxx” Framed-Type = Framed, Tunnel-Medium-Type:1 = 6, Tunnel-Type:1 = 13, Tunnel-Private-Group-ID:1 = 13 ….
on freeradius debuging I can see:
….. Sending Acces-Accept of id 59 to xxx.xxx.xxx.xxx:1812 Tunnel-Medium-Type:1 = IEEE-802 Tunnel-Type:1 = VLAN Tunnel-Private-Group-Id = “13” ……
and that’s the problem. I think the Tunnel-Private-Group-Id is not more an
Integer
The Switch Radius Debug
04:57:06: Attribute 65 6 01000006 04:57:06: Attribute 64 6 0100000D 04:57:06: Attribute 81 5 0131334F
Attribute 65 and 64 are ok but Attribute 81 is the problem
________________________________________________________________ Sent via the WebMail system at oleco.net
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- CICG <http://www.grenet.fr/>David ROUMANET Tel : 04 76 51 46 08 *C*entre *I*nterUniversitaire de *C*alcul *G*renoblois
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
________________________________________________________________ Sent via the WebMail system at oleco.net
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
