
I try to configure freeradius with Mac-Authentication.
but when my client connects it is authorized accerder has a vlan, which is
not permitted for him.

here are my logs: freeradius -X
Sending Access-Accept of id 21 to port 1645
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "33"
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 21 with timestamp +38

file user :
001f3c55793b    Auth-Type := Local, Cleartext-Password := "001f3c55793b"
                Tunnel-type = VLAN,
                Tunnel-Medium-Type = IEEE-802,
                Tunnel-Private-Group-ID = 33
configuration of the AP: 

no service pad                                                                  
service timestamps debug datetime msec                                          
service timestamps log datetime msec                                            
service password-encryption                                                     
hostname wifi-b008                                                              
enable secret 5 $1$Ah/g$eseM58JsjbqFW7u.uU69t/                                  
ip subnet-zero                                                                  
ip domain name int-evry.fr                                                      
ip name-server                                                    
aaa new-model                                                                   

aaa group server radius rad_admin                                               
 server auth-port 1812 acct-port 1813                            
 cache expiry 1                                                                 
 cache authorization profile admin_cache                                        
 cache authentication profile admin_cache                                       
aaa group server tacacs+ tac_admin                                              
 cache expiry 1                                                                 
 cache authorization profile admin_cache                                        
 cache authentication profile admin_cache                                       
aaa group server radius rad_pmip                                                
aaa group server radius dummy                                                   
aaa group server radius rad_srv                                                 
 server auth-port 1812 acct-port 1813                            

aaa authentication login mac_methods group rad_srv                              
aaa authorization network default group rad_srv                                 
aaa cache profile admin_cache                                                   
aaa session-id common                                                           
dot11 vlan-name b008Admin vlan 21                                               
dot11 vlan-name etudiants vlan 15                                               
dot11 vlan-name permanents vlan 33                                              
dot11 vlan-name thesards vlan 16                                                
dot11 ssid b008Admin                                                            
   vlan 21                                                                      
   authentication open                                                          
   authentication key-management wpa                                            
   mbssid guest-mode                                                            
   wpa-psk ascii 7 1248011E01021E0B253F752C3A262B01081917                       
dot11 ssid etudiants                                                            
   vlan 15                                                                      
   authentication open mac-address mac_methods                                  
   mbssid guest-mode                                                            
dot11 ssid permanents                                                           
   vlan 33                                                                      
   authentication open mac-address mac_methods                                  
   mbssid guest-mode                                                            
dot11 ssid thesards                                                             
   vlan 16                                                                      
   authentication open mac-address mac_methods                                  
   mbssid guest-mode                                                            
dot11 aaa authentication mac-authen filter-cache                                
dot11 aaa csid unformatted                                                      
dot11 network-map                                                               
!                username Cisco password 7 0802455D0A16                         
bridge irb                                                                      
interface Dot11Radio0                                                           
 no ip address                                                                  
 no ip route-cache                                                              
 encryption vlan 16 mode ciphers tkip                                           
 encryption vlan 21 mode ciphers tkip                                           
 encryption mode wep mandatory   
 encryption vlan 15 key 2 size 128bit 7 704856427E9D21265549561E467E
 encryption vlan 15 mode wep optional                                           
 broadcast-key vlan 33 change 60                                                
 ssid b008Admin                                                                 
 ssid etudiants                                                                 
 ssid permanents                                                                
 ssid thesards                                                                  
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0
 station-role root                                                              
interface Dot11Radio0.15                                                        
 encapsulation dot1Q 15                                                         
 no ip route-cache                                                              
 bridge-group 2                                                                 
 bridge-group 2 block-unknown-source                                            
 no bridge-group 2 source-learning                                              
 no bridge-group 2 unicast-flooding                                             
 bridge-group 2 spanning-disabled                                               
interface Dot11Radio0.16                                                        
 encapsulation dot1Q 16                                                         
 no ip route-cache                                                              
 bridge-group 3                                                                 
 bridge-group 3 block-unknown-source                                            
 no bridge-group 3 source-learning                                              
 no bridge-group 3 unicast-flooding                                             
 bridge-group 3 spanning-disabled                                               

interface Dot11Radio0.21                                                        
 encapsulation dot1Q 21 native                                                  
 no ip route-cache                                                              
 bridge-group 1                                                                 
 bridge-group 1 subscriber-loop-control                                         
 bridge-group 1 block-unknown-source                                            
 no bridge-group 1 source-learning                                              
 no bridge-group 1 unicast-flooding                                             
 bridge-group 1 spanning-disabled                                               
interface Dot11Radio0.33                                                        
 encapsulation dot1Q 33                                                         
 no ip route-cache                                                              
 bridge-group 4                                                                 
 bridge-group 4 subscriber-loop-control                                         
 bridge-group 4 block-unknown-source                                            
 no bridge-group 4 source-learning                                              
 no bridge-group 4 unicast-flooding                                             
 bridge-group 4 spanning-disabled                                               
interface FastEthernet0                                                         
 no ip address                                                                  
 no ip route-cache                                                              
 duplex auto                                                                    
 speed auto                                                                     
interface FastEthernet0.15                                                      
 encapsulation dot1Q 15                                                         
 no ip route-cache                                                              
 bridge-group 2                                                                 
 no bridge-group 2 source-learning                                              
 bridge-group 2 spanning-disabled                                               
interface FastEthernet0.16                                                      
 encapsulation dot1Q 16                                                         
 no ip route-cache                                                              
 bridge-group 3                                                                 
 no bridge-group 3 source-learning                                              
 bridge-group 3 spanning-disabled                                               
interface FastEthernet0.21                                                      
 encapsulation dot1Q 21 native                                                  
 no ip route-cache                                                              
 bridge-group 1                                                                 
 no bridge-group 1 source-learning                                              
 bridge-group 1 spanning-disabled                                               
interface FastEthernet0.33                                                      
 encapsulation dot1Q 33                                                         
 no ip route-cache                                                              
 bridge-group 4                                                                 
 no bridge-group 4 source-learning                                              
 bridge-group 4 spanning-disabled                                               
interface BVI1                                                                  
 ip address dhcp client-id FastEthernet0                                        
 no ip route-cache    
ip http server                                                                  
no ip http secure-server                                                        
ip http help-path
ip radius source-interface FastEthernet0                                        
radius-server attribute list 802                                                
radius-server attribute list 81                                                 
radius-server host auth-port 1812 acct-port 1813 key 7
radius-server vsa send authentication 3gpp2                                     
bridge 1 route ip                                                               
wlccp wds aaa authentication mac-authen filter-cache                            
wlccp wds aaa csid unformatted                                                  
wlccp wds aaa csid unformatted                                                  
line con 0                                                                      
 transport preferred all                                                        
 transport output all                                                           
line vty 0 4                                                                    
 transport preferred all                                                        
 transport input all                                                            
 transport output all                                                           
line vty 5 15                                                                   
 transport preferred all                                                        
 transport input all                                                            
 transport output all                                                           

how can I do?

View this message in context: 
Sent from the FreeRadius - User mailing list archive at Nabble.com.
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to