yet } # server inner-tunnel [peap] Got tunneled reply code 2 Service-Type = Framed-User Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = 802 Tunnel-Private-Group-Id:0 = "120" EAP-Message = 0x030b0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "linatest" [peap] Got tunneled reply RADIUS code 2 Service-Type = Framed-User Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = 802 Tunnel-Private-Group-Id:0 = "120" EAP-Message = 0x030b0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "linatest" [peap] Tunneled authentication was successful. [peap] SUCCESS [peap] Saving tunneled attributes for later
means freeradius sent correctly VLAN attributes, but switch doesn't received them. Any one can help me? 2010/3/4 omega bk <omeg...@gmail.com> > means vlan is not communicated between the > freeradius and switch, but we don't know why > > > > 2010/3/4 omega bk <omeg...@gmail.com> > > hello, >> >> still with the same issue about vlan assignment. >> >> so to sum up >> >> In my users file: >> ############ >> >> doctor Cleartext-Password := "mypass" >> cisco-avpair= "tunnel-type(#64)=VLAN(13)", >> cisco-avpair= "tunnel-medium-type(#65) = 802 media(6)", >> cisco-avpair= "tunnel-private-group-ID(#81) = 100", >> >> Session-Timeout = "28800", >> Termination-Action = "RADIUS-Request" >> >> ####################### >> >> in my switch >> -------------------- >> aaa new-model >> aaa authentication dot1x default group radius >> aaa authorization network default group radius >> >> dot1x system-auth-control >> >> ! >> interface FastEthernet0/24 => for successful authentication ( client >> is wired there) >> switchport access vlan 100 >> switchport mode access >> dot1x pae authenticator >> dot1x port-control auto >> dot1x auth-fail vlan 120 >> spanning-tree portfast >> >> interface FastEthernet0/22 >> switchport access vlan 120 >> switchport mode access >> spanning-tree portfast >> ! >> interface FastEthernet0/23 >> switchport access vlan 120 >> switchport mode access >> spanning-tree portfast >> >> radius-server host x.x.x.x auth-port 1812 acct-port 1813 key miamiam >> radius-server source-ports 1645-1646 >> radius-server retransmit 5 >> radius-server vsa send authentication >> >> --------------------------- >> >> >> so the authentication for doctor is good in vlan 100, but if i change to >> cisco-avpair= "tunnel-private-group-ID(#81) = 120", i'm stuck to vlan 100. >> >> Any noe can help me? >> >> thanks >> >> >> >> >> >> >> >> >> 2010/3/4 Alan DeKok <al...@deployingradius.com> >> >> Jens Link wrote: >>> > @Alan: I would document VMPS in some more detail in the wiki if my >>> > access would be working. ;-) >>> >>> It seems to be fine now. >>> >>> Alan DeKok. >>> - >>> List info/subscribe/unsubscribe? See >>> http://www.freeradius.org/list/users.html >>> >> >> >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html