On Aug 31, 2010, at 8:48 AM, Marten Pape wrote:
> Alan DeKok schrieb:
>> Marten Pape wrote:
>>
>>> Now my goal is to tell the NAS to assign every wifi-packet to a certain
>>> VLAN. I don't need to have a dynamic assignment of VLAN based on
>>> usernames or something else. One VLAN would be sufficient.
>>>
>>
>> You can assign the vlan in the "post-auth" section.
>>
> Now, I added this answer to the sites-available/default -> post-auth
> section:
> update reply {
> Tunnel-Type := 13
> Tunnel-Medium-Type = 6
> Tunnel-Private-Group-ID = 123
> }
>
> But the access point doesn't seem to tag this traffic with the vlan-ID
> 123. As far as I know, this access point is able to do that. Do you see
> anything else going wrong? The debug log of a new connection try is
> attached below.
>
> rlm_sql (sql): Released sql socket id: 4
> ++[sql] returns ok
> ++[exec] returns noop
> Sending Access-Accept of id 11 to 172.20.160.171 port 1812
> MS-MPPE-Recv-Key =
> 0x35b16df4a592e9da418da46ab5164210166ad66293fd8831c5dec7d2f7eb1a8d
> MS-MPPE-Send-Key =
> 0x0709cee111f7985f495c7208fe4ceb3b57b1657f9fc10762578ba41ba9727b85
> EAP-Message = 0x030a0004
> Message-Authenticator = 0x00000000000000000000000000000000
> User-Name = "marpap"
> Tunnel-Type:0 = VLAN
> Tunnel-Medium-Type:0 = IEEE-802
> Tunnel-Private-Group-Id:0 = "123"
Server is sending back the attributes. Check whether the VLAN must be
pre-configured on the NAS in order to be assigned. Else check that the NAS
supports dynamic assignment, or that it uses VSAs instead of the RFC attributes.
-Arran
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
