Hi, I've gotten a bit further but am still getting stuck. I have the Cisco Wireless Controller configured to hit Freeradius for MAC Address Authentication. Freeradius sees the request from the controller and sends back the configure attributes from the users file but the controller doesn't seem to see it correctly (the desired VLAN tag) and I end up in the default VLAN as configured on the controller. Below is my users, clients.conf, and radiusd verbose data output. Any thoughts?
Ready to process requests. rad_recv: Access-Request packet from host 148.85.34.82:32768, id=35, length=174 User-Name = "00:0e:35:1c:e0:52" Called-Station-Id = "00-1a-6d-6b-f0-80:2000test" Calling-Station-Id = "00-0e-35-1c-e0-52" NAS-Port = 1 NAS-IP-Address = 148.85.34.82 NAS-Identifier = "WLC-34-82" Airespace-Wlan-Id = 1 User-Password = "testing" Service-Type = Call-Check Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "159" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "00:0e:35:1c:e0:52", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 users: Matched entry 00:0e:35:1c:e0:52 at line 80 modcall[authorize]: module "files" returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 rad_check_password: Found Auth-Type Local auth: type Local auth: user supplied User-Password matches local User-Password Sending Access-Accept of id 35 to 148.85.34.82 port 32768 Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Type:0 = VLAN Tunnel-Private-Group-Id:0 = "157" Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 35 with timestamp 4697de6a Nothing to do. Sleeping until we see a request. ____________________________________________________________ 00:0e:35:1c:e0:52 Auth-Type := Local, User-Password == "testing" Tunnel-Medium-Type = "IEEE-802", Tunnel-Type = "VLAN", Tunnel-Private-Group-Id = "157", ______________________________________________________________ client 148.85.34.82 { # # The shared secret use to "encrypt" and "sign" packets between # the NAS and FreeRADIUS. You MUST change this secret from the # default, otherwise it's not a secret any more! # # The secret can be any string, up to 31 characters in length. # secret = xxxxxxx # # The short name is used as an alias for the fully qualified # domain name, or the IP address. # shortname = controller # # the following three fields are optional, but may be used by # checkrad.pl for simultaneous use checks # # # The nastype tells 'checkrad.pl' which NAS-specific method to # use to query the NAS for simultaneous use. # # Permitted NAS types are: # # cisco # computone # livingston # max40xx # multitech # netserver # pathras # patton # portslave # tc # usrhiper # other # for all other types # nastype = other # localhost isn't usually a NAS... _____________________ Brian Ertel Network Administrator Amherst College 413-542-8320 [EMAIL PROTECTED] _____________________ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html