> When we try the authentication with this user account, although radius > log send the > > VLAN attributes (Tunnel-Type, Tunnel-Medium-Type, Tunnel-Private-Group-ID) > in > > Access-Challenge messages and finally send an Access-Accept message, the > switch > > does not assign the right VLAN( the switching from VLAN 1 to VLAN 2 does > not > > occur) and the user still in VLAN 1. We note that there is no VLAN > attribute in > > Access-Accept message. > > What may be wrong ?
... > MSCHAP Success > ++[eap] returns handled > } # server (null) > PEAP: Got tunneled reply RADIUS code 11 > Tunnel-Private-Group-Id:0 = "2" > Tunnel-Medium-Type:0 = IEEE-802 > Tunnel-Type:0 = VLAN > EAP-Message = > 0x010a00331a0309002e533d45324635434146333132433946454341393932443738373436364344424342443444364643444134 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x0c186c320d1276bedb16c1e664f42fe2 > PEAP: Processing from tunneled session code 0x7c52c0 11 > Tunnel-Private-Group-Id:0 = "2" > Tunnel-Medium-Type:0 = IEEE-802 > Tunnel-Type:0 = VLAN > EAP-Message = > 0x010a00331a0309002e533d45324635434146333132433946454341393932443738373436364344424342443444364643444134 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x0c186c320d1276bedb16c1e664f42fe2 Attributes are available in the tunnel ... ... > Sending Access-Accept of id 32 to 192.168.100.5 port 5001 > MS-MPPE-Recv-Key = > 0x3fc9ad8eb5c61fa194fbcf43ec68aa879a28a6f2b25d5dcc96531f47dccdae69 > MS-MPPE-Send-Key = > 0xaf8ead06473463ae03e04ac1cc4f09e8e827287effa7ccaf360b0b8bbc2ed18e > EAP-Message = 0x030b0004 > Message-Authenticator = 0x00000000000000000000000000000000 > User-Name = "toto" ... but not in the final reply. Enable use_tunneled_reply in peap section of eap.conf. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html