Hello Roberto, The RFC2868 defines that tunnel attributes includes Tag field before value. Some NASes are needing that it is defined and some not.
Try for example with mikem2 User-Password=fred Service-Type = Framed-User, Tunnel-Private-Group-ID = 0:<vlan-id>, Tunnel-Medium-Type = 0:802, Tunnel-Type = 0:VLAN or mikem2 User-Password=fred Service-Type = Framed-User, Tunnel-Private-Group-ID = 1:<vlan-id>, Tunnel-Medium-Type = 1:802, Tunnel-Type = 1:VLAN Best Regards, Sami On 03/26/2014 08:16 PM, Roberto Pantoja wrote: > Thank you for your promptly answer, but I have the same effect if I put > the VLAN name or numeric ID. Do you have any other idea that can help me > to resolve this problem. > > Best regards. > > On 03/26/2014 11:37 AM, Hartmaier Alexander wrote: >> On 2014-03-26 18:40, Roberto Pantoja wrote: >>> I have a problem trying to assign dynamic VLANs to users on a >>> WPA2-Enterprise configuration. Users have successful authentication >>> and if I don't send the Radius Attribute "Tunnel-Private-Group-ID" >>> The Wireless Controller connects me to the default VLan for the SSID, >>> but when I send "Tunnel-Private-Group-ID", the Wireless Controller >>> simply drops out my connection. The Wireless controller documentation >>> says the required attributes in the Access-Accept Reply are >>> "Tunnel-Type=VLAN, Tunnel-Medium-Type=802, >>> Tunnel-Private-Group-ID=<Name of VLAN>". Everything works fine using >>> Ignition Server (Avaya's Radius Server). But on product's >>> documentation says WC8180 comply with RFC Standards and mentions to >>> be "compatible and validated" with freeradius and Microsoft IAS, so I >>> think my case is a configuration issue. >>> >>> Regards. >>> >>> Radiator Version: 4.12.1 >>> Wireless Controller: AVAYA WC8180 >>> Wireless Access Points: AVAYA AP8120 >>> >>> Config file: >>> *** Config File *** >>> # radius.cfg >>> >>> Foreground >>> LogStdout >>> LogDir /var/log/radius >>> LogFile %L/logfile.%Y.%m.%d >>> DbDir /etc/radiator >>> # User a lower trace level in production systems: >>> Trace 4 >>> AuthPort 1812 >>> AcctPort 1813 >>> >>> <Client 10.0.30.254> >>> Secret verysecret >>> PacketTrace >>> Identifier Avaya WC8180 >>> </Client> >>> >>> <Handler TunnelledByPEAP=1> >>> <AuthBy FILE> >>> Filename %D/users >>> EAPType MSCHAP-V2 >>> </AuthBy> >>> </Handler> >>> >>> <Handler> >>> <AuthBy FILE> >>> Filename %D/users >>> EAPType PEAP >>> EAPTLS_CAFile %D/certificates/cacert.pem >>> # EAPTLS_CAPath >>> EAPTLS_CertificateFile %D/certificates/radiator-cert.pem >>> EAPTLS_CertificateType PEM >>> EAPTLS_PrivateKeyFile %D/certificates/radiator-key.pem >>> EAPTLS_PrivateKeyPassword verysecret >>> # EAPTLS_RandomFile %D/certificates/random >>> EAPTLS_MaxFragmentSize 1024 >>> # EAPTLS_DHFile %D/certificates/cert/dh >>> #EAPTLS_CRLCheck >>> #EAPTLS_CRLFile %D/certificates/crl.pem >>> #EAPTLS_CRLFile %D/certificates/revocations.pem >>> AutoMPPEKeys >>> #EAPTLS_SessionResumption 0 >>> #EAPTLS_SessionResumptionLimit 10 >>> ####EAPAnonymous anonymous@localhost >>> EAPTLS_PEAPVersion 0 >>> EAPTTLS_NoAckRequired >>> </AuthBy> >>> </Handler> >>> *** EOF Config File *** >>> >>> >>> Users file: >>> mikem user without VLAN default VLAN - Quarantine - no IP address >>> mikem1 user with VLAN Empleados - IP address range 10.0.21.0/24 >>> mikem2 user with VLAN ATI - IP address range 10.0.19.0/24 >>> *** Users file *** >>> # users >>> # This is an example of how to set up simple user for >>> # AuthBy FILE. >>> # The example user mikem has a password of fred, and will >>> # receive reply attributes suitable for most NASs. >>> # You can do many more interesting things. See the Radiator reference >>> # manual for more details >>> # >>> # You can test this user with the command >>> # perl radpwtst >>> >>> mikem User-Password=fred >>> Service-Type = Framed-User, >>> Tunnel-Medium-Type = 802, >>> Tunnel-Type = VLAN >>> >>> mikem1 User-Password=fred >>> Service-Type = Framed-User, >>> Tunnel-Private-Group-ID = Empleados, >>> Tunnel-Medium-Type = 802, >>> Tunnel-Type = VLAN >>> >>> mikem2 User-Password=fred >>> Service-Type = Framed-User, >>> Tunnel-Private-Group-ID = ATI, >>> Tunnel-Medium-Type = 802, >>> Tunnel-Type = VLAN >>> >>> *** EOF users file *** >> >> We're doing that with Cisco WLCs without problems but in our case by >> sending the VLAN ID, not its name like for wired dot1x where Cisco IOS >> switches want the VLAN name: >> >> AddToReply Tunnel-Type=VLAN,\ >> Tunnel-Medium-Type=802, \ >> Tunnel-Private-Group-ID=123 >> >>> -- >>> --------------------------------------- >>> Roberto Carlos Pantoja Valdizón >>> Analista de Sistemas >>> ATI/GDEI/LaGeo >>> >>> >>> This message has been scanned for malware by Websense. >>> www.websense.com <http://www.websense.com/> >>> >>> >>> >>> _______________________________________________ >>> radiator mailing list >>> radiator@open.com.au >>> http://www.open.com.au/mailman/listinfo/radiator >> >> >> >> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* >> T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien >> Handelsgericht Wien, FN 79340b >> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* >> Notice: This e-mail contains information that is confidential and may >> be privileged. >> If you are not the intended recipient, please notify the sender and then >> delete this e-mail immediately. >> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* >> >> >> Click here >> <https://www.mailcontrol.com/sr/X7j9AwsBAS3GX2PQPOmvUmkxeMeR4%21FmwYL%21b%21gsSiAI7lo7et4NX6Fo9FCU0sXr2U9s6bVQO2bgE3KctAewCA==> >> to report this email as spam. >> >> >> >> _______________________________________________ >> radiator mailing list >> radiator@open.com.au >> http://www.open.com.au/mailman/listinfo/radiator > > > > > _______________________________________________ > radiator mailing list > radiator@open.com.au > http://www.open.com.au/mailman/listinfo/radiator > -- Sami Keski-Kasari <sam...@open.com.au> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator