Radius is doing it's bit. Your problem is with the Controller configuration. Have you configured a VLAN with ID of 157 on the Controller? Have you enabled Radius override of default settings on WLAN?
Ivan Kalik Kalik Informatika ISP Dana 13/7/2007, "Brian Ertel" <[EMAIL PROTECTED]> piše: >Hi, > >I've gotten a bit further but am still getting stuck. I have the Cisco >Wireless Controller configured to hit Freeradius for MAC Address >Authentication. Freeradius sees the request from the controller and >sends back the configure attributes from the users file but the >controller doesn't seem to see it correctly (the desired VLAN tag) and I >end up in the default VLAN as configured on the controller. Below is my >users, clients.conf, and radiusd verbose data output. Any thoughts? > >Ready to process requests. >rad_recv: Access-Request packet from host 148.85.34.82:32768, id=35, >length=174 > User-Name = "00:0e:35:1c:e0:52" > Called-Station-Id = "00-1a-6d-6b-f0-80:2000test" > Calling-Station-Id = "00-0e-35-1c-e0-52" > NAS-Port = 1 > NAS-IP-Address = 148.85.34.82 > NAS-Identifier = "WLC-34-82" > Airespace-Wlan-Id = 1 > User-Password = "testing" > Service-Type = Call-Check > Framed-MTU = 1300 > NAS-Port-Type = Wireless-802.11 > Tunnel-Type:0 = VLAN > Tunnel-Medium-Type:0 = IEEE-802 > Tunnel-Private-Group-Id:0 = "159" > Processing the authorize section of radiusd.conf >modcall: entering group authorize for request 0 > modcall[authorize]: module "preprocess" returns ok for request 0 > modcall[authorize]: module "chap" returns noop for request 0 > modcall[authorize]: module "mschap" returns noop for request 0 > rlm_realm: No '@' in User-Name = "00:0e:35:1c:e0:52", looking up >realm NULL > rlm_realm: No such realm "NULL" > modcall[authorize]: module "suffix" returns noop for request 0 > rlm_eap: No EAP-Message, not doing EAP > modcall[authorize]: module "eap" returns noop for request 0 > users: Matched entry 00:0e:35:1c:e0:52 at line 80 > modcall[authorize]: module "files" returns ok for request 0 >modcall: leaving group authorize (returns ok) for request 0 > rad_check_password: Found Auth-Type Local >auth: type Local >auth: user supplied User-Password matches local User-Password Sending >Access-Accept of id 35 to 148.85.34.82 port 32768 > Tunnel-Medium-Type:0 = IEEE-802 > Tunnel-Type:0 = VLAN > Tunnel-Private-Group-Id:0 = "157" >Finished request 0 >Going to the next request >--- Walking the entire request list --- >Waking up in 6 seconds... >--- Walking the entire request list --- >Cleaning up request 0 ID 35 with timestamp 4697de6a Nothing to do. >Sleeping until we see a request. > > >____________________________________________________________ > >00:0e:35:1c:e0:52 Auth-Type := Local, User-Password == "testing" > > Tunnel-Medium-Type = "IEEE-802", > Tunnel-Type = "VLAN", > Tunnel-Private-Group-Id = "157", > >______________________________________________________________ > >client 148.85.34.82 { > # > # The shared secret use to "encrypt" and "sign" packets between > # the NAS and FreeRADIUS. You MUST change this secret from the > # default, otherwise it's not a secret any more! > # > # The secret can be any string, up to 31 characters in length. > # > secret = xxxxxxx > > # > # The short name is used as an alias for the fully qualified > # domain name, or the IP address. > # > shortname = controller > > # > # the following three fields are optional, but may be used by > # checkrad.pl for simultaneous use checks > # > > # > # The nastype tells 'checkrad.pl' which NAS-specific method to > # use to query the NAS for simultaneous use. > # > # Permitted NAS types are: > # > # cisco > # computone > # livingston > # max40xx > # multitech > # netserver > # pathras > # patton > # portslave > # tc > # usrhiper > # other # for all other types > > # > nastype = other # localhost isn't usually a NAS... > >_____________________ > >Brian Ertel >Network Administrator >Amherst College >413-542-8320 >[EMAIL PROTECTED] >_____________________ > > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html