Thank you everyone so much :)
Wow, what a great list :D
"OK. First, you're not doing PPP, remove the default entries in the
users file for Framed-Protocol and Framed-Compression."
I have commented this out now.
And again thank you for your wireshark capture, and perfect
explanations of the expected data type. I never doubted your
credentials or the value of your suggestions ;)
I just got myself into a mess with it, BUT, its working now :)
NB; your extremely well written website says RFC 4765 isn't in the W
branch. I'm running the W branch and its working;
brdswitch02(config)# 0050:11:24:55.01 MAC mWebAuth:Port: 29 MAC:
080027-e4b2cd new client detected
on vid: 1.
0050:11:24:55.01 MAC mWebAuth:Port: 29 MAC: 080027-e4b2cd RADIUS CHAP
authentication started, session: 3055.
0050:11:24:55.02 MAC mWebAuth:Port: 29 MAC: 080027-e4b2cd RADIUS
Attributes,
priority: 11111111, tagged vid: 12.
0050:11:24:55.02 MAC mWebAuth:Port: 29 MAC: 080027-e4b2cd client
accepted,
session: 3055.
0050:11:24:55.02 MAC mWebAuth:Port: 29 MAC: 080027-e4b2cd client
successfully
placed into vid: 0.
The last message about being placed into vid: 0 is strange, but after
running 'show vlans 12', I now see;
Port Information Mode Unknown VLAN Status
---------------- -------- ------------ ----------
1 No Learn Up
2 No Learn Up
5 No Learn Up
6 No Learn Up
7 No Learn Up
8 No Learn Up
20 No Learn Up
22 No Learn Up
29 MACAUTH Learn Up
41 No Learn Up
43 No Learn Up
A1 Tagged Learn Up
NB; the mac was on port 29.
Just need to now test that the MAC on tagged 12 can communicate, AND,
the untagged MAC on the same port can also communicate still on VLAN 1.
Thank you again for your help :)
PS; And sorry again for my initial fast reply. It annoys me when people
*sigh* and point you to a page you've already read every word of very
closely.. We're not all lazy ;)
Andy
On Wed 07 Aug 2013 11:21:21 BST, Arran Cudbard-Bell wrote:
On 7 Aug 2013, at 10:56, Alex Sharaz <alex.sha...@york.ac.uk> wrote:
Works here just fine. Once you've created the correctly formatted value for the radius
attribute FR displays it as an integer but whatever happens in the background the HP
switch just "does its stuff "
Yes the HP switch correctly parses the 4byte octet string sent by the RADIUS
server. There's no magic here, the RADIUS server does not communicate to the
NAS that the value was once treated as an integer.
I've already sent you a screenshot of the raw value off list, I'm not sure what
else I can do to convince you that this is expected and non-magical behaviour.
I'm honestly not entirely sure why the freeradius dictionary has the attribute as
an unsigned int. Possibly for efficiency or for use with systems that already deal
with VLAN IDs as native width integers (almost all interpreted languages use
integers of a width >= 32bits by default).
Rgds
A
Sent from my iPhone
On 6 Aug 2013, at 00:39, Andy <a...@brandwatch.com> wrote:
Hello,
This is my first post here so please excuse any missed etiquette.
I have read through the wiki's and googled a lot and not found anything.
I have been trying configure our switch ports (HP 2910al) with Tagged VLANs via
Egress-VLANID and Egress-VLAN-Name.
The Radius backend is OpenLDAP, and I have tried setting the data type in
OpenLDAP to binary, UTF-8 and IA5, but no matter what I do, the value returned
by RADIUS is the decimal equivalent of the HEX bit string I enter :(
For example I'm trying to store and send 0x31000012 to indicate a tagged VLAN
(0x31) on VLAN 12. But looking at freeradius -X output I can see it sending the
decimal number, when the switch wants the bit string as it was stored, and
hence throws an error!
Is this a FreeRADIUS thing or an OpenLDAP data type thing?
Any help and advice would be greatly appreciated as I'm stuck.
Thanks in advance, Andy.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
