Hi Everyone,
Are you sure the command aaa authentication network default group radius is valid on 2950 switches ? I am running Version 12.1(22)EA5, which was the last stable image in july and "network" is not available as aaa authentication option.
If anyone has met any success with dynamic VLAN assignment on Cisco 29502 with FreeRadius. I am interested !
Here is how my user is declared:
Client_Arpege Auth-Type := EAP
Service-Type = Framed-User,
Reply-Message = "Authentification OK - Bienvenue sur le RCSG",
Tunnel-Type = :1:VLAN,
Tunnel-Medium-Type = :1:6,
Tunnel-Private-Group-ID = :1:140
:1: are used to give tags a value of 1, 6 is interprested by FreeRadius as IEEE-802.
I have checked with Ethereal and the paquet sent seems OK. I think the problem comes from the switch.
Here is the configuration file:

version 12.1
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
no service password-encryption
hostname Switch802_1x
aaa new-model
aaa authentication login default group radius local
aaa authentication dot1x default group radius
aaa authorization exec default group radius if-authenticated
aaa accounting dot1x default start-stop group radius
enable password ********
username admin secret 5 $1$IqQs$tJ9S4pfeDfZR42vlaFrbQ1
ip subnet-zero
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
dot1x system-auth-control
interface FastEthernet0/1
 switchport access vlan 136
 switchport mode access
 spanning-tree portfast
interface FastEthernet0/2
 switchport access vlan 136
 switchport mode access
 spanning-tree portfast
interface FastEthernet0/3
 switchport access vlan 136
 switchport mode access
 spanning-tree portfast
interface FastEthernet0/4
 switchport access vlan 136
 switchport mode access
 spanning-tree portfast
interface FastEthernet0/5
 switchport mode access
 dot1x port-control auto
 spanning-tree portfast
interface FastEthernet0/6
 switchport mode access
 dot1x port-control auto
 spanning-tree portfast
interface FastEthernet0/7
 switchport mode access
 dot1x port-control auto
 spanning-tree portfast
interface FastEthernet0/8
 switchport mode access
 dot1x port-control auto
 spanning-tree portfast
interface FastEthernet0/9
 switchport mode access
 dot1x port-control auto
 spanning-tree portfast
interface FastEthernet0/10
 switchport mode access
 dot1x port-control auto
 spanning-tree portfast
interface FastEthernet0/11
 switchport mode access
 dot1x port-control auto
 spanning-tree portfast
interface FastEthernet0/12
 switchport access vlan 141
 switchport mode access
 switchport port-security
 switchport port-security mac-address sticky
 switchport port-security mac-address sticky 0001.e6a7.09d8
 spanning-tree portfast
interface FastEthernet0/13
 switchport mode access
 dot1x port-control auto
 spanning-tree portfast
interface FastEthernet0/14
 switchport mode access
 dot1x port-control auto
 spanning-tree portfast
interface FastEthernet0/15
 switchport mode access
 dot1x port-control auto
 spanning-tree portfast
interface FastEthernet0/16
 switchport mode access
 dot1x port-control auto
 spanning-tree portfast
interface FastEthernet0/17
 switchport mode access
 dot1x port-control auto
 spanning-tree portfast
interface FastEthernet0/18
 switchport mode access
 dot1x port-control auto
 spanning-tree portfast
interface FastEthernet0/19
 switchport mode access
 dot1x port-control auto
 spanning-tree portfast
interface FastEthernet0/20
 switchport mode access
 dot1x port-control auto
 spanning-tree portfast
interface FastEthernet0/21
 switchport mode access
 dot1x port-control auto
 spanning-tree portfast
interface FastEthernet0/22
 switchport mode access
 dot1x port-control auto
 spanning-tree portfast
interface FastEthernet0/23
 switchport mode access
 dot1x port-control auto
 spanning-tree portfast
interface FastEthernet0/24
 switchport trunk native vlan 136
 switchport mode trunk
interface GigabitEthernet0/1
interface GigabitEthernet0/2
interface Vlan1
 no ip address
 no ip route-cache
interface Vlan136
 ip address XX.XX.XX.XX
 no ip route-cache
ip default-gateway YY.YY.YY.YY
ip http server
logging trap notifications
logging facility local6
logging ZZ.ZZ.ZZ.ZZ
radius-server host ZZ.ZZ.ZZ.ZZ auth-port 1812 acct-port 1813 key testing123
radius-server retransmit 3
line con 0
 exec-timeout 0 0
 password ********
line vty 0 4
 exec-timeout 0 0
 password ********
line vty 5 15
 exec-timeout 0 0
 password ********
The Client is connected to port 0/23 which is dot1x enabled. It is authenticated (interface is up and logs in Freeradius prove that it's OK) BUT interface 0/23 remains in vlan 1, whereas it should be switched to vlan 140.
Switch802_1x#sh vlan brief
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/13
                                                Fa0/14, Fa0/15, Fa0/16, Fa0/17
                                                Fa0/18, Fa0/19, Fa0/20, Fa0/21
                                                Fa0/22, Fa0/23, Gi0/1, Gi0/2
136  reseau_PFT-DEF                   active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
140  VLAN0140                         active
141  VLAN0141                         active    Fa0/12
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup
If anyone can help me... I am losing hope ;-(


