RE: assigning a vlan-id after successful authentication

[Seferovic Edvin]

I am aware of the fact that 1 VLAN per port is possible. Besides – I am using mac-based authentication, so Ive tried what happens when I connect only one computer per switch port, but as I already have written, the Radius-Reply is kind of ignored L. Has anyone have such problems or its just me? L   Jeff, do you maybe know how VLAN assignment is being done with mac-based auth? Would it on “link-down” set the port VLAN to the manually set for unauthorised clients?   TIA !   Regards, Edvin Seferovic   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Reilly Sent: Montag, 14. November 2005 04:11 To: [EMAIL PROTECTED]; FreeRadius users mailing list Subject: RE: assigning a vlan-id after successful authentication   The 2626 supports 1 VLAN per port.  I'm not sure exactly how the 2626 deals with multiple supplicants... but I would bet (based on passed experience on other switches)... the 2626 ignores all 802.1x (EAP Starts) from any subsequent endpoints after the first successful authentication (until the port sees link-down or an EAP logoff form the original supplicant).  Whatever provisioning (VLANs in your case) is based on the first endpoints authentication/authorization all other endpoints will share the same level of access as the first (authenticated supplicant).    Jeff   -------- Original Message -------- Subject: RE: assigning a vlan-id after successful authentication From: "Seferovic Edvin" <[EMAIL PROTECTED]> Date: Sun, November 13, 2005 2:35 pm To: "'FreeRadius users mailing list'" <freeradius-users@lists.freeradius.org> Sure  but that ain't working.. at least not on my switches and don't ask me why... I usually have 2-3 computers on one port ( but computers have the same VLANID in RADIUS ), so might that be the problem?   Regards,   Edvin Seferovic   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Reilly Sent: Sonntag, 13. November 2005 21:58 To: FreeRadius users mailing list Subject: RE: assigning a vlan-id after successful authentication   First, this information is well documented both by ProCurve and in RFC3580.     That said the AV pairs you're looking for are as follows: Tunnel-Medium-Type = 802 Tunnel-Private-Group-ID = 123 (the VLAN) Tunnel-Type = VLAN   Jeff -------- Original Message -------- Subject: assigning a vlan-id after successful authentication From: Sven Juergensen <[EMAIL PROTECTED]> Date: Fri, November 11, 2005 8:48 pm To: freeradius-users@lists.freeradius.org hello people, how does the above mentioned work? i am not quite sure where to start. is it embedded in the 'Reply-Message' or does it have to do with the tunnel-types? i'm trying to supply a vlan-id to an hp2626 with mac-based authentication. couldn't find this in the faq or relevant conf-files either - what am i missing? thanks alot in advance, sven - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html