I haven't read this thread line by line, but I'd say start with the most simple config first - the users file. Forget everything else until 802.1x VLAN assignments work correctly from there.
I started down this path a year'ish ago and only got to the testing phase before the project (ie: me) lost momentum. But, the confs are still there and I'll post mine that worked with our 2960's. But again, it's very simple: 99% default settings, only minor changes to the users and clients file to support my environment. I'll try to get to this tomorrow. G -----Original Message----- From: freeradius-users-bounces+ggatten=waddell....@lists.freeradius.org [mailto:freeradius-users-bounces+ggatten=waddell....@lists.freeradius.org] On Behalf Of Rangel, Luciano Sent: Thursday, December 09, 2010 4:30 PM To: FreeRadius users mailing list Subject: RE: Assign VLAN Freeradius Access-Accept: Sending Access-Accept of id 29 to 10.0.0.3 port 1645 MS-MPPE-Recv-Key = 0x88a007eda1d4841ea348c3a0d49fd963e3f188a3f77509c3d3eb045d3a23fa7c MS-MPPE-Send-Key = 0xbe8168ed341e6a4f0332a9d0c8b1893f574e98fa4af7af74dbebf944f687eaf7 EAP-Message = 0x030c0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "GROUPINFRA\\rangell" Finished request 10. I donĀ“t see attributes (VLAN, IEEE-802 and 200) in freerdius access-accept, but in a stretch of logs I see messages below: Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [eap] Freeing handler ++[eap] returns ok Login OK: [GROUPINFRA\\rangell] (from client switch-2960 port 0 via TLS tunnel) WARNING: Empty section. Using default return values. } # server inner-tunnel [peap] Got tunneled reply code 2 Service-Type = Framed-User Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "200" EAP-Message = 0x030b0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "GROUPINFRA\\rangell" [peap] Got tunneled reply RADIUS code 2 Service-Type = Framed-User Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "200" EAP-Message = 0x030b0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "GROUPINFRA\\rangell" [peap] Tunneled authentication was successful. [peap] SUCCESS ++[eap] returns handled Sending Access-Challenge of id 28 to 10.0.0.3 port 1645 EAP-Message = 0x010c00261900170301001b0472c7380855a9fa41e49897807ecfeecbf7e6868eb3fe9540e8a3 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd32e175dda220e5c8cbe3424bc53aa13 Finished request 9. Regards, Luciano Rangel Think green - keep it on the screen. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html <font size="1"> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." </font> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html