Rangel, Luciano wrote: > I'm not trying debug logs in switch. Then why are you looking at the debug log of the switch?
Why are you not looking at the debug log of the server? > I simply answered the question of how I knew that my switch received > vlan 0 instead 200. Did the server *send* VLAN of 200? You've looked at the config files, but have been going to great effort to avoid looking at the debug output. > The help I'm asking is: > > I send attribute Tunnel-Private-Group-Id = "200" with Freeradius and > send same attribute with ACS. Why switch interpret differently. No... you *think* you told FreeRADIUS to send VLAN 200. But you never *checked* if it was sending that. > I donĀ“t search the problem. My users file in freeradius is correct, > debug logs show that freeradius is send attribute correct. You've never posted that. > Why this not work? Because the Access-Accept from ACS is *different* than the Access-Accept from FreeRADIUS. If you make the Access-Accept from FreeRADIUS the same as the Access-Accept from ACS, it *will* work. There's no magic in RADIUS. Use wireshark to look at the packets from ACS. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
