hello, I try to configure freeradius with Mac-Authentication. but when my client connects it is authorized accerder has a vlan, which is not permitted for him.
here are my logs: freeradius -X Sending Access-Accept of id 21 to 157.159.21.222 port 1645 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "33" Finished request 0. Going to the next request Waking up in 4.9 seconds. Cleaning up request 0 ID 21 with timestamp +38 file user : 001f3c55793b Auth-Type := Local, Cleartext-Password := "001f3c55793b" Tunnel-type = VLAN, Tunnel-Medium-Type = IEEE-802, Tunnel-Private-Group-ID = 33 configuration of the AP: no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname wifi-b008 ! enable secret 5 $1$Ah/g$eseM58JsjbqFW7u.uU69t/ ! ip subnet-zero ip domain name int-evry.fr ip name-server 157.159.10.13 ! ! aaa new-model ! ! aaa group server radius rad_admin server 157.159.21.220 auth-port 1812 acct-port 1813 cache expiry 1 cache authorization profile admin_cache cache authentication profile admin_cache ! aaa group server tacacs+ tac_admin cache expiry 1 cache authorization profile admin_cache cache authentication profile admin_cache ! aaa group server radius rad_pmip ! aaa group server radius dummy ! aaa group server radius rad_srv server 157.159.21.220 auth-port 1812 acct-port 1813 ! aaa authentication login mac_methods group rad_srv aaa authorization network default group rad_srv aaa cache profile admin_cache all ! aaa session-id common dot11 vlan-name b008Admin vlan 21 dot11 vlan-name etudiants vlan 15 dot11 vlan-name permanents vlan 33 dot11 vlan-name thesards vlan 16 ! dot11 ssid b008Admin vlan 21 authentication open authentication key-management wpa guest-mode mbssid guest-mode wpa-psk ascii 7 1248011E01021E0B253F752C3A262B01081917 ! ! dot11 ssid etudiants vlan 15 authentication open mac-address mac_methods mbssid guest-mode ! dot11 ssid permanents vlan 33 authentication open mac-address mac_methods mbssid guest-mode ! dot11 ssid thesards vlan 16 authentication open mac-address mac_methods mbssid guest-mode ! dot11 aaa authentication mac-authen filter-cache dot11 aaa csid unformatted dot11 network-map ! ! username Cisco password 7 0802455D0A16 ! bridge irb ! ! interface Dot11Radio0 no ip address no ip route-cache ! encryption vlan 16 mode ciphers tkip ! encryption vlan 21 mode ciphers tkip ! encryption mode wep mandatory ! ! encryption vlan 15 key 2 size 128bit 7 704856427E9D21265549561E467E transmit-ky encryption vlan 15 mode wep optional ! broadcast-key vlan 33 change 60 ! ! ssid b008Admin ! ssid etudiants ! ssid permanents ! ssid thesards ! mbssid speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 station-role root infrastructure-client ! interface Dot11Radio0.15 encapsulation dot1Q 15 no ip route-cache bridge-group 2 bridge-group 2 block-unknown-source no bridge-group 2 source-learning no bridge-group 2 unicast-flooding bridge-group 2 spanning-disabled ! interface Dot11Radio0.16 encapsulation dot1Q 16 no ip route-cache bridge-group 3 bridge-group 3 block-unknown-source no bridge-group 3 source-learning no bridge-group 3 unicast-flooding bridge-group 3 spanning-disabled ! interface Dot11Radio0.21 encapsulation dot1Q 21 native no ip route-cache bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface Dot11Radio0.33 encapsulation dot1Q 33 no ip route-cache bridge-group 4 bridge-group 4 subscriber-loop-control bridge-group 4 block-unknown-source no bridge-group 4 source-learning no bridge-group 4 unicast-flooding bridge-group 4 spanning-disabled ! ! interface FastEthernet0 no ip address no ip route-cache duplex auto speed auto ! interface FastEthernet0.15 encapsulation dot1Q 15 no ip route-cache bridge-group 2 no bridge-group 2 source-learning bridge-group 2 spanning-disabled ! interface FastEthernet0.16 encapsulation dot1Q 16 no ip route-cache bridge-group 3 no bridge-group 3 source-learning bridge-group 3 spanning-disabled ! interface FastEthernet0.21 encapsulation dot1Q 21 native no ip route-cache bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled ! interface FastEthernet0.33 encapsulation dot1Q 33 no ip route-cache bridge-group 4 no bridge-group 4 source-learning bridge-group 4 spanning-disabled ! interface BVI1 ip address dhcp client-id FastEthernet0 no ip route-cache ! ip http server no ip http secure-server ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag ip radius source-interface FastEthernet0 ! radius-server attribute list 802 ! radius-server attribute list 81 ! radius-server host 157.159.21.220 auth-port 1812 acct-port 1813 key 7 071C244F5D radius-server vsa send authentication 3gpp2 ! control-plane ! bridge 1 route ip ! ! wlccp wds aaa authentication mac-authen filter-cache wlccp wds aaa csid unformatted ! wlccp wds aaa csid unformatted ! line con 0 transport preferred all transport output all line vty 0 4 transport preferred all transport input all transport output all line vty 5 15 transport preferred all transport input all transport output all ! end how can I do? -- View this message in context: http://freeradius.1045715.n5.nabble.com/Cisco-AP-Radius-tp5713577.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html