Hi David, Yes eap is enabled in both inner-tunnel and default configuration.
From: David Peterson <dav...@wirelessconnections.net> Organization: Wireless Connections Reply-To: <dav...@wirelessconnections.net>, FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Date: Wednesday, April 25, 2012 1:50 PM To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Subject: RE: Assign VLAN from freeradius to Cisco 3550 switch. I am seeing EAP in the messages. Have you enabled EAP in your inner-tunnel or at all in your config? Either way this seems pretty clear: 3w6d: RADIUS: no appropriate authorization type for user. David From: freeradius-users-bounces+davidp=wirelessconnections....@lists.freeradius.org [mailto:freeradius-users-bounces+davidp=wirelessconnections.net@lists.freera dius.org] On Behalf Of Wassim Zaarour Sent: Wednesday, April 25, 2012 1:56 AM To: FreeRadius users mailing list Subject: Assign VLAN from freeradius to Cisco 3550 switch. Hi all, I know this subject have been brought up but I'm kind of stuck and I hope I can get a little help. I am trying to assign vlans from freeradius to a cisco 3550 switch but its not working. I keep getting the following in the debug in the switch: 3w6d: RADIUS: Tunnel-Medium-Type [65] 6 01:Unsupported [6] 3w6d: RADIUS: Tunnel-Type [64] 6 01:Unsupported [13] I read the mail archives and googled with no luck. Users file configuration: wassim Cleartext-Password := "wassim" Tunnel-Medium-Type:1 = IEEE-802, Tunnel-Type:1 = VLAN, Tunnel-Private-Group-Id:1 = 100 Switch debug log: 3w6d: RADIUS(00000000): Send Access-Request to 192.168.1.57:1812 id 1645/122, len 460 3w6d: RADIUS: authenticator 34 D8 18 38 24 86 99 F6 - 69 03 2C EB E2 8A F4 79 3w6d: RADIUS: NAS-IP-Address [4] 6 192.168.1.8 3w6d: RADIUS: NAS-Port [5] 6 50023 3w6d: RADIUS: NAS-Port-Type [61] 6 Eth [15] 3w6d: RADIUS: User-Name [1] 8 "wassim" 3w6d: RADIUS: Called-Station-Id [30] 19 "00-15-F9-F8-4E-97" 3w6d: RADIUS: Calling-Station-Id [31] 19 "00-1A-80-3F-F6-A1" 3w6d: RADIUS: Service-Type [6] 6 Framed [2] 3w6d: RADIUS: Framed-MTU [12] 6 1500 3w6d: RADIUS: State [24] 18 3w6d: RADIUS: DB C1 1C E7 DF C4 09 5E 75 5E 5B 0F 23 3A 54 E7 [???????^u^[?#:T?] 3w6d: RADIUS: EAP-Message [79] 255 3w6d: RADIUS: 02 05 01 44 15 00 16 03 01 01 06 10 00 01 02 01 [???D????????????] 3w6d: RADIUS: 00 A5 F6 DC 7F B9 4A 99 44 84 66 ED D5 4D CA F5 [??????J?D?f??M??] 3w6d: RADIUS: 58 95 5F 5C CC FA E7 C3 B5 54 DB 01 C1 CA E1 62 [X?_\?????T?????b] 3w6d: RADIUS: 96 BF C1 E8 26 84 7C BF 56 7E 6A 9D 41 8C 0E 5C [????&?|?V~j?A??\] 3w6d: RADIUS: E3 46 DC BE 33 38 28 7A 35 50 7D 7A 32 F8 A0 55 [?F??38(z5P}z2??U] 3w6d: RADIUS: 62 63 9B D1 15 8B C8 DC 97 D0 A3 DC 27 19 00 A0 [bc??????????'???] 3w6d: RADIUS: 61 CB C8 EC FA 02 EF 39 D8 5B CF CC 45 45 BF 08 [a??????9?[??EE??] 3w6d: RADIUS: C8 9E E5 87 70 DD 61 75 56 A5 B1 B6 B2 BA FC 3F [????p?auV???????] 3w6d: RADIUS: FD A7 AC 37 DE DC 16 43 85 E9 ED 39 59 21 E5 19 [???7???C???9Y!??] 3w6d: RADIUS: 97 58 6D BC 3E B6 2C B5 BE 58 56 89 94 0B 70 B5 [?Xm?>?,??XV???p?] 3w6d: RADIUS: 49 F8 49 36 D7 B0 A8 44 10 A8 6F 05 B9 94 19 AB [I?I6???D??o?????] 3w6d: RADIUS: 0C 52 00 4F BE D0 0D 99 56 12 B7 76 DF 07 04 C9 [?R?O????V??v????] 3w6d: RADIUS: 85 54 8D 3D E4 53 0C AF 49 15 CC D6 AD 02 62 43 [?T?=?S??I?????bC] 3w6d: RADIUS: 41 39 B8 1A 2F F0 40 09 93 BE 87 FD D9 CD AB 74 [A9??/?@????????t] 3w6d: RADIUS: F7 34 66 32 CC 87 4A 0B A7 3E 81 B1 F4 E4 EB 21 [?4f2??J??>?????!] 3w6d: RADIUS: DF 6F CD FF 9B 8A E6 87 A0 3B 3E B6 64 [?o???????;>?d] 3w6d: RADIUS: EAP-Message [79] 73 3w6d: RADIUS: E6 CB 54 03 10 69 D4 D2 7C D1 FA 89 72 F8 0C 53 [??T??i??|???r??S] 3w6d: RADIUS: 1B 78 32 E7 14 03 01 00 01 01 16 03 01 00 28 EA [?x2???????????(?] 3w6d: RADIUS: 0B 2A A9 64 DE 57 6A 65 89 EA 19 63 4B 60 67 C8 [?*?d?Wje???cK`g?] 3w6d: RADIUS: CF C9 FF A2 A7 26 33 A5 C0 D0 CB 3C 01 F2 C5 96 [?????&3????<????] 3w6d: RADIUS: 38 65 0C 1F 39 1C 6F [8e??9?o] 3w6d: RADIUS: Message-Authenticato[80] 18 3w6d: RADIUS: FD AE 24 12 A9 F3 A5 BA F3 6D 60 52 F8 E0 D3 53 [??$??????m`R???S] 3w6d: RADIUS: Received from id 1645/122 192.168.1.57:1812, Access-Challenge, len 119 3w6d: RADIUS: authenticator 57 E5 06 9F DD C4 E2 76 - E8 37 92 F1 C4 21 22 6B 3w6d: RADIUS: EAP-Message [79] 63 3w6d: RADIUS: 01 06 00 3D 15 80 00 00 00 33 14 03 01 00 01 01 [???=?????3??????] 3w6d: RADIUS: 16 03 01 00 28 87 23 7C B0 31 42 D1 B4 48 4A 89 [????(?#|?1B??HJ?] 3w6d: RADIUS: AB F3 22 51 D2 40 36 C9 45 DD 35 11 31 3C EF 59 [??"Q?@6?E?5?1<?Y] 3w6d: RADIUS: 86 B0 D3 D4 26 E3 58 DC E3 0F 76 3E 4A [????&?X???v>J] 3w6d: RADIUS: Message-Authenticato[80] 18 3w6d: RADIUS: 49 9B 71 F9 9B 0C 53 BD D2 3D 20 79 8D F1 7F 9B [I?q???S??= y????] 3w6d: RADIUS: State [24] 18 3w6d: RADIUS: DB C1 1C E7 DE C7 09 5E 75 5E 5B 0F 23 3A 54 E7 [???????^u^[?#:T?] 3w6d: RADIUS: EAP-login: length of eap packet = 61 3w6d: RADIUS: EAP-login: got challenge from radius 3w6d: RADIUS: Pick NAS IP for u=0x178E4C0 tableid=0 cfg_addr=0.0.0.0 3w6d: RADIUS: ustruct sharecount=1 3w6d: Radius: radius_port_info() success=1 radius_nas_port=1 3w6d: RADIUS: EAP-login: length of radius packet = 201 code = 1 3w6d: RADIUS(00000000): Send Access-Request to 192.168.1.57:1812 id 1645/123, len 201 3w6d: RADIUS: authenticator 99 15 53 A6 AB B7 0B 75 - 9F A7 5F 27 8F F1 2E 67 3w6d: RADIUS: NAS-IP-Address [4] 6 192.168.1.8 3w6d: RADIUS: NAS-Port [5] 6 50023 3w6d: RADIUS: NAS-Port-Type [61] 6 Eth [15] 3w6d: RADIUS: User-Name [1] 8 "wassim" 3w6d: RADIUS: Called-Station-Id [30] 19 "00-15-F9-F8-4E-97" 3w6d: RADIUS: Calling-Station-Id [31] 19 "00-1A-80-3F-F6-A1" 3w6d: RADIUS: Service-Type [6] 6 Framed [2] 3w6d: RADIUS: Framed-MTU [12] 6 1500 3w6d: RADIUS: State [24] 18 3w6d: RADIUS: DB C1 1C E7 DE C7 09 5E 75 5E 5B 0F 23 3A 54 E7 [???????^u^[?#:T?] 3w6d: RADIUS: EAP-Message [79] 69 3w6d: RADIUS: 02 06 00 43 15 00 17 03 01 00 38 BF 71 FC FA 04 [???C??????8?q???] 3w6d: RADIUS: BE DC FD CC 03 D2 7F 8B 09 63 2C B2 AE D8 AC 61 [?????????c,????a] 3w6d: RADIUS: 64 21 2B 00 ED 0E 6E E8 B0 49 50 6B 99 B8 88 A4 [d!+???n??IPk????] 3w6d: RADIUS: 36 C6 FD B9 F0 77 2D 82 28 0A 37 D1 D4 73 B4 59 [6????w-?(?7??s?Y] 3w6d: RADIUS: F9 37 E6 [?7?] 3w6d: RADIUS: Message-Authenticato[80] 18 3w6d: RADIUS: A2 59 A3 DE A6 98 5F 78 25 12 59 BB 4D B8 74 F0 [?Y????_x??Y?M?t?] 3w6d: RADIUS: Received from id 1645/123 192.168.1.57:1812, Access-Accept, len 186 3w6d: RADIUS: authenticator C0 31 7F D7 A6 D4 1F C8 - 27 AA F0 99 EA 1F 92 C3 3w6d: RADIUS: Tunnel-Medium-Type [65] 6 01:Unsupported [6] 3w6d: RADIUS: Tunnel-Type [64] 6 01:Unsupported [13] 3w6d: RADIUS: Tunnel-Private-Group[81] 6 01:"100" 3w6d: RADIUS: Vendor, Microsoft [26] 58 3w6d: RADIUS: MS-MPPE-Recv-Key [17] 52 3w6d: RADIUS: 86 8B 3E 74 76 E7 CB 9A 8F EF F5 9C 16 2E 88 1A [??>tv????????.??] 3w6d: RADIUS: 12 3B 80 A6 E9 9B B6 6F E6 63 C8 AA B0 DB 0E 76 [?;?????o?c?????v] 3w6d: RADIUS: 61 C1 6A 5D 62 BD 72 BE 78 C8 9D 4D A7 3F 54 35 [a?j]b?r?x??M??T5] 3w6d: RADIUS: 40 DC [@?] 3w6d: RADIUS: Vendor, Microsoft [26] 58 3w6d: RADIUS: MS-MPPE-Send-Key [16] 52 3w6d: RADIUS: 8A 61 97 87 78 FD CA 16 8D F0 ED 75 C0 70 93 AE [?a??x??????u?p??] 3w6d: RADIUS: 71 EF 5A 21 53 35 A4 88 F9 84 16 83 10 43 6E 9E [q?Z!S5???????Cn?] 3w6d: RADIUS: AB A7 8B 56 6C 42 0D AB 09 1D 82 D3 CB 7E 6C B8 [???VlB???????~l?] 3w6d: RADIUS: 56 58 [VX] 3w6d: RADIUS: EAP-Message [79] 6 3w6d: RADIUS: 03 06 00 04 [????] 3w6d: RADIUS: Message-Authenticato[80] 18 3w6d: RADIUS: 82 4B 64 0F 07 64 59 18 0F 27 07 95 A5 15 09 33 [?Kd??dY??'?????3] 3w6d: RADIUS: User-Name [1] 8 "wassim" 3w6d: RADIUS: EAP-login: length of eap packet = 4 3w6d: RADIUS: Tunnel-MType, [01] 00 00 06 3w6d: RADIUS: TAS(1) created and enqueued. 3w6d: RADIUS: Tunnel-Type, [01] 00 00 0D 3w6d: RADIUS: Tunnel-GID, [01] 100 3w6d: RADIUS: unrecognized Microsoft VSA type 17 3w6d: RADIUS: unrecognized Microsoft VSA type 16 3w6d: RADIUS: TAS(1) takes precedence over tagged attributes, tunnel_type=vlan 3w6d: RADIUS: free TAS(1) 3w6d: RADIUS: no appropriate authorization type for user. 3w6d: RADIUS: Tunnel-MType, [01] 00 00 06 3w6d: RADIUS: TAS(1) created and enqueued. 3w6d: RADIUS: Tunnel-Type, [01] 00 00 0D 3w6d: RADIUS: unrecognized Microsoft VSA type 17 3w6d: RADIUS: unrecognized Microsoft VSA type 16 3w6d: RADIUS: TAS(1) takes precedence over tagged attributes, tunnel_type=vlan 3w6d: RADIUS: free TAS(1) 3w6d: RADIUS: no appropriate authorization type for user. 3w6d: RADIUS: Tunnel-MType, [01] 00 00 06 3w6d: RADIUS: TAS(1) created and enqueued. 3w6d: RADIUS: Tunnel-Type, [01] 00 00 0D 3w6d: RADIUS: unrecognized Microsoft VSA type 17 3w6d: RADIUS: unrecognized Microsoft VSA type 16 3w6d: RADIUS: TAS(1) takes precedence over tagged attributes, tunnel_type=vlan 3w6d: RADIUS: free TAS(1) 3w6d: RADIUS: no appropriate authorization type for user. 3w6d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/23, changed state to up - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
